Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware infection - Please help! [Closed]


  • This topic is locked This topic is locked

#1
jh2222

jh2222

    Member

  • Member
  • PipPip
  • 16 posts
hi

i believe i am infected with malware. i have a Dell, windows 7 pc (home edition). After i log on i get a white screen. Nothing else. If i select ctl-alt-del
i get the options for shut down and task manager. When i select task manager all i get is the white screen.

can anyone please help me?
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi and welcome to Geeks to Go. :)

Which version of Windows 7 does you computer have, the 32 Bit or 64 Bit ? If you are unsure not a problem and we can work around that.
  • 0

#3
jh2222

jh2222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
hi Dakeyras,

I am fairly certain that I am running the 64 bit version on my Dell Inspiron, although I cannot be 100% certain as I cannot check on the system now considering my problem haha.

your help is very much appreciated
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I am fairly certain that I am running the 64 bit version on my Dell Inspiron, although I cannot be 100% certain as I cannot check on the system now considering my problem haha.

your help is very much appreciated

Acknowledged and you're welcome!

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to a Flash/USB drive.

Note: If the above version of the Farbar Recovery Scan Tool turns out not to be compatible, merely delete that version and download use this one instead: Farbar Recovery Scan Tool 32-Bit

Then insert the Flash/USB drive into your infected machine....

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter <-- If using the 32 Bit version will merely be frst.exe
[/list] Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file in your next reply.

  • 0

#5
jh2222

jh2222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013
Ran by SYSTEM on MININT-T772APD on 29-10-2013 07:51:24
Running from E:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE [5712896 2010-02-03] (Dell Inc.)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-06-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [673616 2009-04-07] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AVG_TRAY] - C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-11-09] (Bandoo Media, inc)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2404376 2013-10-22] ()
HKLM-x32\...\Run: [ROC_roc_dec12] - C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe [928096 2012-01-23] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1557160 2012-04-09] (Ask)
HKU\Jimbo\...\Run: [EPSON SX110 Series] - C:\Windows\Temp\E_S7CE6.tmp [126 2011-01-13] ()
HKU\Jimbo\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation)
HKU\Jimbo\...\Run: [Akamai NetSession Interface] - C:\Users\Jimbo\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-04] (Akamai Technologies, Inc.)
HKU\Jimbo\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-01-09] (Google Inc.)
HKU\Jimbo\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Jimbo\...\Run: [dyK2QKaWt8Rcf4] - C:\Users\Jimbo\AppData\Local\fvJcrgR.exe [123392 2013-09-17] (Корпорация Майкрософт)
HKU\Jimbo\...\Winlogon: [Shell] explorer.exe,C:\Users\Jimbo\AppData\Roaming\data.dat [139264 2011-11-17] () <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll [1791384 2011-11-09] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll [1233816 2011-11-09] (Bandoo Media, inc)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Jimbo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Services (Whitelisted) =================

S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-09-04] (Akamai Technologies, Inc.)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-07] (AVG Technologies CZ, s.r.o.)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-12-04] ()
S2 vToolbarUpdater17.0.12; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-22] (AVG Secure Search)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2010-02-03] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-11] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-04] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-10-22] (AVG Technologies)
S1 RapportCerberus_34302; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [397520 2011-12-15] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55096 2012-07-08] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [101400 2012-06-08] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [297048 2012-07-08] (Trusteer Ltd.)
S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 14:23 - 2013-10-28 14:23 - 00000000 ____D C:\FRST
2013-10-22 11:10 - 2013-10-22 11:10 - 00668878 ____T C:\Users\Jimbo\Desktop\WU_4627160_201310221706_8d9ri.prn
2013-10-22 11:00 - 2013-10-22 11:00 - 00013862 _____ C:\Users\Jimbo\Desktop\Invoice.htm

==================== One Month Modified Files and Folders =======

2013-10-28 18:51 - 2012-05-15 07:30 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-28 18:51 - 2011-11-12 08:24 - 00000000 ____D C:\Users\Jimbo\AppData\Local\Akamai
2013-10-28 18:51 - 2011-04-05 18:36 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-10-28 18:51 - 2010-11-27 05:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-28 18:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-10-28 16:59 - 2013-09-17 06:51 - 00000004 _____ C:\Users\Jimbo\AppData\Roaming\settings.ini
2013-10-28 16:59 - 2011-01-09 03:58 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-28 16:58 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-28 16:58 - 2009-07-13 23:51 - 00056460 _____ C:\Windows\setupact.log
2013-10-28 16:56 - 2011-07-30 12:11 - 00000000 ____D C:\Users\Jimbo\Tracing
2013-10-28 14:23 - 2013-10-28 14:23 - 00000000 ____D C:\FRST
2013-10-28 13:53 - 2010-12-29 13:30 - 00000000 ____D C:\users\Jimbo
2013-10-28 10:05 - 2010-11-27 06:23 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-10-27 17:16 - 2011-01-09 03:58 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-27 17:16 - 2010-11-27 04:31 - 01692860 _____ C:\Windows\WindowsUpdate.log
2013-10-22 11:10 - 2013-10-22 11:10 - 00668878 ____T C:\Users\Jimbo\Desktop\WU_4627160_201310221706_8d9ri.prn
2013-10-22 11:00 - 2013-10-22 11:00 - 00013862 _____ C:\Users\Jimbo\Desktop\Invoice.htm
2013-10-22 10:57 - 2011-01-09 03:58 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-22 10:57 - 2011-01-09 03:58 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-22 10:54 - 2012-12-17 03:52 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-10-22 10:54 - 2011-12-08 06:21 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-10-20 14:22 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-20 12:52 - 2011-01-13 11:50 - 00000252 _____ C:\Windows\Tasks\Epson Printer Software Downloader.job
2013-10-16 05:26 - 2009-07-13 23:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-16 05:26 - 2009-07-13 23:45 - 00013872 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

Files to move or delete:
====================
C:\Users\Jimbo\AppData\Roaming\data.dat
C:\Users\Jimbo\AppData\Roaming\settings.ini
C:\Users\Jimbo\AppData\Roaming\i.ini


Some content of TEMP:
====================
C:\Users\Jimbo\AppData\Local\Temp\-yyywa-q.dll
C:\Users\Jimbo\AppData\Local\Temp\6etfb69a.dll
C:\Users\Jimbo\AppData\Local\Temp\6zvpv2la.dll
C:\Users\Jimbo\AppData\Local\Temp\7zmz-usr.dll
C:\Users\Jimbo\AppData\Local\Temp\AcDeltree.exe
C:\Users\Jimbo\AppData\Local\Temp\AddonsManager.exe
C:\Users\Jimbo\AppData\Local\Temp\ApnStub.exe
C:\Users\Jimbo\AppData\Local\Temp\cre6kugc.dll
C:\Users\Jimbo\AppData\Local\Temp\dqqy8n65.dll
C:\Users\Jimbo\AppData\Local\Temp\f4pmiswo.dll
C:\Users\Jimbo\AppData\Local\Temp\gvubmzn1.dll
C:\Users\Jimbo\AppData\Local\Temp\hovzm1s6.dll
C:\Users\Jimbo\AppData\Local\Temp\installhelper.dll
C:\Users\Jimbo\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Jimbo\AppData\Local\Temp\setup.exe
C:\Users\Jimbo\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Jimbo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jimbo\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Jimbo\AppData\Local\Temp\ubi2A92.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\ubi2D09.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\ubi412B.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\ubiB7A5.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\wyqx9jl9.dll
C:\Users\Jimbo\AppData\Local\Temp\_is10BC.exe
C:\Users\Jimbo\AppData\Local\Temp\_isA1D3.exe
C:\Users\Jimbo\AppData\Local\Temp\_isCD5.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

4
Restore point made on: 2013-09-11 11:02:00
Restore point made on: 2013-09-13 04:33:28
Restore point made on: 2013-09-14 10:55:29
Restore point made on: 2013-10-27 17:18:08

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4030.66 MB
Available physical RAM: 3349.87 MB
Total Pagefile: 4028.81 MB
Available Pagefile: 3345.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.34 GB) (Free:196.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:14.65 GB) (Free:8.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (JAMES USB) (Removable) (Total:3.61 GB) (Free:0 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C60E97D3)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)


LastRegBack: 2013-01-15 12:45

==================== End Of Log ============================



done! what next? :)
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Please note that all instructions provided below are customised for this computer only...If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.


Hi. :)

done! what next? :)

Lets proceed as follows shall we...

Custom FRST Script:

  • Open notepad, Start >> All Programs >> Accessories >> Notepad. Please copy the entire contents of the quote box below(do not copy the word quote).
  • Note: To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste.

Start
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-11-09] (Bandoo Media, inc)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1557160 2012-04-09] (Ask)
HKU\Jimbo\...\Run: [dyK2QKaWt8Rcf4] - C:\Users\Jimbo\AppData\Local\fvJcrgR.exe [123392 2013-09-17] (Корпорация Майкрософт)
HKU\Jimbo\...\Winlogon: [Shell] explorer.exe,C:\Users\Jimbo\AppData\Roaming\data.dat [139264 2011-11-17] () <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll [1791384 2011-11-09] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll [1233816 2011-11-09] (Bandoo Media, inc)
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Windows iLivid Toolbar
C:\PROGRA~2\WI3C8A~1
C:\Users\Jimbo\AppData\Local\fvJcrgR.exe
C:\Users\Jimbo\AppData\Roaming\data.dat
C:\Users\Jimbo\AppData\Roaming\settings.ini
C:\Users\Jimbo\AppData\Roaming\i.ini
C:\Users\Jimbo\AppData\Local\Temp\-yyywa-q.dll
C:\Users\Jimbo\AppData\Local\Temp\6etfb69a.dll
C:\Users\Jimbo\AppData\Local\Temp\6zvpv2la.dll
C:\Users\Jimbo\AppData\Local\Temp\7zmz-usr.dll
C:\Users\Jimbo\AppData\Local\Temp\AcDeltree.exe
C:\Users\Jimbo\AppData\Local\Temp\AddonsManager.exe
C:\Users\Jimbo\AppData\Local\Temp\ApnStub.exe
C:\Users\Jimbo\AppData\Local\Temp\cre6kugc.dll
C:\Users\Jimbo\AppData\Local\Temp\dqqy8n65.dll
C:\Users\Jimbo\AppData\Local\Temp\f4pmiswo.dll
C:\Users\Jimbo\AppData\Local\Temp\gvubmzn1.dll
C:\Users\Jimbo\AppData\Local\Temp\hovzm1s6.dll
C:\Users\Jimbo\AppData\Local\Temp\installhelper.dll
C:\Users\Jimbo\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Jimbo\AppData\Local\Temp\setup.exe
C:\Users\Jimbo\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Jimbo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jimbo\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Jimbo\AppData\Local\Temp\ubi2A92.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\ubi2D09.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\ubi412B.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\ubiB7A5.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\wyqx9jl9.dll
C:\Users\Jimbo\AppData\Local\Temp\_is10BC.exe
C:\Users\Jimbo\AppData\Local\Temp\_isA1D3.exe
C:\Users\Jimbo\AppData\Local\Temp\_isCD5.exe
End

  • Save it on the flashdrive as fixlist.txt
  • Now please enter System Recovery Options then select Command Prompt.
  • Run FRST64 again as outlined in my prior post and then press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt). Please copy and paste the contents of the aforementioned notepad file in your next reply
  • Reboot your machiune back into Normal Mode.
Next:

When completed the above, please post back the following in the order asked for:

  • Is you computer now able to boot up into Normal Mode and if so, how is your computer performing now...any further symptoms and or problems encountered?
  • Custom FRST Log(Fixlog.txt).

  • 0

#7
jh2222

jh2222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
absolute legend! computer has booted and I no longer have the white screen of death.
fixlog listed below

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-10-2013
Ran by SYSTEM at 2013-10-30 02:07:11 Run:3
Running from E:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-11-09] (Bandoo Media, inc)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1557160 2012-04-09] (Ask)
HKU\Jimbo\...\Run: [dyK2QKaWt8Rcf4] - C:\Users\Jimbo\AppData\Local\fvJcrgR.exe [123392 2013-09-17] (?????????? ??????????)
HKU\Jimbo\...\Winlogon: [Shell] explorer.exe,C:\Users\Jimbo\AppData\Roaming\data.dat [139264 2011-11-17] () <==== ATTENTION
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll [1791384 2011-11-09] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll [1233816 2011-11-09] (Bandoo Media, inc)
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\Windows iLivid Toolbar
C:\PROGRA~2\WI3C8A~1
C:\Users\Jimbo\AppData\Local\fvJcrgR.exe
C:\Users\Jimbo\AppData\Roaming\data.dat
C:\Users\Jimbo\AppData\Roaming\settings.ini
C:\Users\Jimbo\AppData\Roaming\i.ini
C:\Users\Jimbo\AppData\Local\Temp\-yyywa-q.dll
C:\Users\Jimbo\AppData\Local\Temp\6etfb69a.dll
C:\Users\Jimbo\AppData\Local\Temp\6zvpv2la.dll
C:\Users\Jimbo\AppData\Local\Temp\7zmz-usr.dll
C:\Users\Jimbo\AppData\Local\Temp\AcDeltree.exe
C:\Users\Jimbo\AppData\Local\Temp\AddonsManager.exe
C:\Users\Jimbo\AppData\Local\Temp\ApnStub.exe
C:\Users\Jimbo\AppData\Local\Temp\cre6kugc.dll
C:\Users\Jimbo\AppData\Local\Temp\dqqy8n65.dll
C:\Users\Jimbo\AppData\Local\Temp\f4pmiswo.dll
C:\Users\Jimbo\AppData\Local\Temp\gvubmzn1.dll
C:\Users\Jimbo\AppData\Local\Temp\hovzm1s6.dll
C:\Users\Jimbo\AppData\Local\Temp\installhelper.dll
C:\Users\Jimbo\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Jimbo\AppData\Local\Temp\setup.exe
C:\Users\Jimbo\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Jimbo\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jimbo\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Jimbo\AppData\Local\Temp\ubi2A92.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\ubi2D09.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\ubi412B.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\ubiB7A5.tmp.exe
C:\Users\Jimbo\AppData\Local\Temp\wyqx9jl9.dll
C:\Users\Jimbo\AppData\Local\Temp\_is10BC.exe
C:\Users\Jimbo\AppData\Local\Temp\_isA1D3.exe
C:\Users\Jimbo\AppData\Local\Temp\_isCD5.exe
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater => Value deleted successfully.
HKU\Jimbo\Software\Microsoft\Windows\CurrentVersion\Run\\dyK2QKaWt8Rcf4 => Value deleted successfully.
HKU\Jimbo\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\Program Files (x86)\Ask.com => Moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar => Moved successfully.
"C:\PROGRA~2\WI3C8A~1" => File/Directory not found.
C:\Users\Jimbo\AppData\Local\fvJcrgR.exe => Moved successfully.
C:\Users\Jimbo\AppData\Roaming\data.dat => Moved successfully.
C:\Users\Jimbo\AppData\Roaming\settings.ini => Moved successfully.
"C:\Users\Jimbo\AppData\Roaming\i.ini" => File/Directory not found.
C:\Users\Jimbo\AppData\Local\Temp\-yyywa-q.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\6etfb69a.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\6zvpv2la.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\7zmz-usr.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\AcDeltree.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\AddonsManager.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\ApnStub.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\cre6kugc.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\dqqy8n65.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\f4pmiswo.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\gvubmzn1.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\hovzm1s6.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\setup.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\SetupDataMngr_Searchqu.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\SRAssetsHelper.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\ubi2A92.tmp.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\ubi2D09.tmp.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\ubi412B.tmp.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\ubiB7A5.tmp.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\wyqx9jl9.dll => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\_is10BC.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\_isA1D3.exe => Moved successfully.
C:\Users\Jimbo\AppData\Local\Temp\_isCD5.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

absolute legend! computer has booted and I no longer have the white screen of death.

Good, please carry out the below with your machine running in Normal Mode...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
Posted Image

  • Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-
Posted Image

  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
  • Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Scan with OTL:

Please download OTL and save it to your desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • AdwCleaner Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#9
jh2222

jh2222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
ADW LOG as requested

# AdwCleaner v3.010 - Report created 30/10/2013 at 21:44:31
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : Dell - DELL-PC
# Running from : C:\Users\Dell\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Updater Service for AMZN
Service Deleted : vToolbarUpdater17.0.12

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AVG Nation toolbar
[!] Folder Deleted : C:\Program Files (x86)\Amazon Browser Bar
[!] Folder Deleted : C:\Program Files (x86)\AVG Nation toolbar
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Dell\AppData\Local\Amazon Browser Bar
[!] Folder Deleted : C:\Users\Dell\AppData\Local\AVG Nation toolbar
[!] Folder Deleted : C:\Users\Dell\AppData\LocalLow\AVG Nation toolbar
[!] Folder Deleted : C:\Users\Dell\AppData\Roaming\DriverCure

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy
Key Deleted : HKLM\SOFTWARE\Classes\AlxTB2.ToolBarProxy.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{33D0AD98-3347-4A54-8929-5163EBEB9F72}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Amazon Browser Bar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


*************************

AdwCleaner[R0].txt - [11318 octets] - [30/10/2013 21:42:44]
AdwCleaner[S0].txt - [11224 octets] - [30/10/2013 21:44:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11285 octets] ##########
  • 0

#10
jh2222

jh2222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 10/30/2013 9:50:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 67.11% Memory free
7.87 Gb Paging File | 5.98 Gb Available in Paging File | 75.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 260.35 Gb Free Space | 91.89% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/30 21:48:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
PRC - [2013/10/29 17:41:29 | 000,573,952 | ---- | M] (BrowserSafeguard) -- C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe
PRC - [2010/11/27 10:04:15 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
PRC - [2010/08/26 21:45:22 | 001,853,248 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/08/20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/08/20 00:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/08/12 00:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/06/08 16:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 16:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 20:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 20:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/29 20:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/10/15 09:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2010/11/27 10:12:58 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\179228277a9bbba9fb2ebeee5b1a41a2\IAStorUtil.ni.dll
MOD - [2010/11/27 10:07:20 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\598a9987f519acb9efe5372a2c556af6\PresentationFramework.Aero.ni.dll
MOD - [2010/11/27 10:07:11 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\064483cd86ddba6c78dd32732f6fd351\System.Web.ni.dll
MOD - [2010/11/27 10:07:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6728ef6a4c4b41eec6af6f48a7109457\System.Runtime.Remoting.ni.dll
MOD - [2010/11/27 10:06:51 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\eb5ff7b60b69cc300751f46c6af316ad\PresentationFramework.ni.dll
MOD - [2010/11/27 10:06:35 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll
MOD - [2010/11/27 10:06:29 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2010/11/27 10:06:27 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a937151be4e65fd89c55b4c603f7d902\PresentationCore.ni.dll
MOD - [2010/11/27 10:06:19 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d80659eacd9554d9606881b0d35835cf\WindowsBase.ni.dll
MOD - [2010/11/27 10:06:15 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2010/11/27 10:06:12 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2010/11/27 10:06:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll
MOD - [2010/11/27 10:06:07 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2010/08/12 00:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/08/12 00:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/08/12 00:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/08/12 00:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/08/12 00:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/08/12 00:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/08/12 00:19:28 | 000,023,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2010/08/12 00:19:28 | 000,023,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2010/08/12 00:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2010/08/12 00:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/10/15 09:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/06/18 05:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/06/02 06:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/03 06:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/01/06 00:04:02 | 000,244,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/01/06 00:04:02 | 000,199,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/01/06 00:04:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2009/12/31 00:13:18 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2009/12/29 20:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/12/15 03:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2009/12/15 03:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2009/12/15 03:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2009/12/15 03:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2009/12/15 03:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2009/12/15 03:08:40 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2009/11/02 18:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 14:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 10:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2010/08/20 23:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/06/08 16:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/03 20:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 20:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/06 00:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/30 19:01:01 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2010/08/12 16:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/06/18 05:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 16:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/02 06:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/02 05:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/12 08:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/05/12 08:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/05/06 13:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/30 19:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 19:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 19:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/30 19:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 19:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/17 21:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 21:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/03 06:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 06:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 06:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/01/06 00:04:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/06 00:04:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/01/06 00:04:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/01/06 00:04:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/06 00:04:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/06 00:04:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/01/06 00:04:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/01/06 00:04:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/11/02 18:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 01:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 09:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 20:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 18:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49181;https=127.0.0.1:49181;

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49181;https=127.0.0.1:49181;

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del...c=ae&l=ar&s=gen
IE - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49181;https=127.0.0.1:49181;


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)



O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20101127042821.dll (McAfee, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20101127042821.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000..\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe (BrowserSafeguard)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 131.227.100.5 131.227.130.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FAA99234-BE29-46A9-8739-26D55A1E2B93}: DhcpNameServer = 131.227.100.5 131.227.130.5
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/30 21:48:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013/10/30 21:47:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.scr
[2013/10/30 21:41:23 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Amazon Browser Bar
[2013/10/30 21:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2013/10/30 21:40:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/30 21:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
[2013/10/30 21:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browsersafeguard
[2013/10/30 21:37:33 | 001,888,040 | ---- | C] (Express Install ) -- C:\Users\Dell\Desktop\Express_Installer.exe
[2013/10/30 21:34:25 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/10/30 21:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/10/30 21:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/10/30 19:02:07 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\AVG2014
[2013/10/30 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\AVG Nation toolbar
[2013/10/30 19:01:29 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\TuneUp Software
[2013/10/30 19:01:18 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/10/30 19:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Nation toolbar
[2013/10/30 19:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/10/30 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Nation toolbar
[2013/10/30 19:01:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013/10/30 19:01:05 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013/10/30 19:00:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/10/30 19:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/10/30 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\SparkTrust
[2013/10/30 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\DriverCure
[2013/10/30 18:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/10/30 18:56:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/10/30 18:56:51 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\MFAData
[2013/10/30 18:56:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/10/30 18:56:51 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Avg2014
[2013/10/30 18:55:49 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/10/30 18:55:49 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/10/30 18:55:49 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/10/30 18:55:44 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/10/30 18:55:44 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/10/30 18:55:44 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/10/30 18:55:36 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/10/30 18:55:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/10/30 18:55:19 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Macromedia
[2013/10/30 18:55:18 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Adobe
[2013/10/30 18:54:03 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Broadcom
[2013/10/30 18:54:03 | 000,000,000 | ---D | C] -- C:\Users\Dell\Documents\Bluetooth Exchange Folder
[2013/10/30 18:41:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/30 18:35:50 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Dell
[2013/10/30 18:35:47 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Roxio
[2013/10/30 18:35:45 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Intel Corporation
[2013/10/30 18:35:44 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Creative
[2013/10/30 18:35:43 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\ATI
[2013/10/30 18:35:43 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\ATI
[2013/10/30 18:35:24 | 000,000,000 | R--D | C] -- C:\Users\Dell\Searches
[2013/10/30 18:35:24 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/10/30 18:35:24 | 000,000,000 | -H-D | C] -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/10/30 18:35:15 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Identities
[2013/10/30 18:35:12 | 000,000,000 | R--D | C] -- C:\Users\Dell\Contacts
[2013/10/30 18:35:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/30 18:35:10 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\VirtualStore
[2013/10/30 18:35:05 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\SoftThinks
[2013/10/30 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Stardock_Corporation
[2013/10/30 18:31:15 | 000,000,000 | --SD | C] -- C:\Users\Dell\AppData\Roaming\Microsoft
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\Videos
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\Saved Games
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\Pictures
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\Music
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\Links
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\Favorites
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\Downloads
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\Documents
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\Desktop
[2013/10/30 18:31:15 | 000,000,000 | R--D | C] -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\AppData\Local\Temporary Internet Files
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Templates
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Start Menu
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\SendTo
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Recent
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\PrintHood
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\NetHood
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Documents\My Videos
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Documents\My Pictures
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Documents\My Music
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\My Documents
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Local Settings
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\AppData\Local\History
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Cookies
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\Application Data
[2013/10/30 18:31:15 | 000,000,000 | -HSD | C] -- C:\Users\Dell\AppData\Local\Application Data
[2013/10/30 18:31:15 | 000,000,000 | -H-D | C] -- C:\Users\Dell\AppData
[2013/10/30 18:31:15 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Temp
[2013/10/30 18:31:15 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Microsoft
[2013/10/30 18:31:15 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\Media Center Programs
[2013/10/30 14:25:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/10/30 13:08:38 | 000,000,000 | ---D | C] -- C:\Windows\SMINST

========== Files - Modified Within 30 Days ==========

[2013/10/30 21:52:53 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 21:52:53 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/30 21:49:57 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/30 21:49:57 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/30 21:49:57 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/30 21:48:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.exe
[2013/10/30 21:47:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\OTL.scr
[2013/10/30 21:45:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/30 21:45:14 | 3169,841,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/30 21:40:12 | 001,060,070 | ---- | M] () -- C:\Users\Dell\Desktop\adwcleaner.exe
[2013/10/30 21:37:33 | 001,888,040 | ---- | M] (Express Install ) -- C:\Users\Dell\Desktop\Express_Installer.exe
[2013/10/30 21:34:53 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DELL-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/10/30 21:33:11 | 000,002,241 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/10/30 21:32:31 | 003,859,661 | ---- | M] () -- C:\Users\Dell\Desktop\tweaking.com_registry_backup_setup.exe
[2013/10/30 19:01:01 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/10/30 18:53:54 | 000,001,443 | ---- | M] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/30 18:37:16 | 000,341,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/30 18:35:42 | 000,001,984 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2013/10/30 14:28:39 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/10/30 14:28:39 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/10/30 21:39:51 | 001,060,070 | ---- | C] () -- C:\Users\Dell\Desktop\adwcleaner.exe
[2013/10/30 21:34:53 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DELL-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/10/30 21:33:11 | 000,002,241 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/10/30 21:32:31 | 003,859,661 | ---- | C] () -- C:\Users\Dell\Desktop\tweaking.com_registry_backup_setup.exe
[2013/10/30 18:53:54 | 000,001,443 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/30 18:35:42 | 000,001,984 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2013/10/30 18:35:29 | 000,001,415 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/10/30 18:35:25 | 000,001,449 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/10/30 18:31:15 | 000,000,290 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/30 18:31:15 | 000,000,272 | ---- | C] () -- C:\Users\Dell\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/10/30 14:25:56 | 3169,841,152 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2010/07/27 14:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 14:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements


#11
jh2222

jh2222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL Extras logfile created on: 10/30/2013 9:50:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dell\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 2.64 Gb Available Physical Memory | 67.11% Memory free
7.87 Gb Paging File | 5.98 Gb Available in Paging File | 75.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 260.35 Gb Free Space | 91.89% Space Free | Partition Type: NTFS

Computer Name: DELL-PC | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A3F0B91-E298-4ED0-BD53-14B1EF014245}" = lport=445 | protocol=6 | dir=in | app=system |
"{4CCFFDAC-BE6F-4067-939F-969EC43BA813}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{55D98B48-51E8-486C-8664-FD8ECD06E15E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A41FB92-C438-4C45-9915-A65D2342451E}" = lport=137 | protocol=17 | dir=in | app=system |
"{651FC374-E949-4E90-AF9E-67F68B0CFD2A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71CC5E88-716C-4D1D-B00B-826B842538DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72740737-90BF-4A61-A539-C0B9F54C8C1B}" = rport=138 | protocol=17 | dir=out | app=system |
"{BE36B3E1-946E-48AE-8CF0-577281609286}" = rport=137 | protocol=17 | dir=out | app=system |
"{CDE23127-FB9B-4D92-8312-0FF0BDDF5C52}" = rport=139 | protocol=6 | dir=out | app=system |
"{D8C4876C-A44F-4754-8627-FFCF20B9381A}" = lport=139 | protocol=6 | dir=in | app=system |
"{DC6606ED-C0E0-40FF-B29A-B72507E85953}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EFC76990-8D85-4C58-A8FD-2E34CD113DB1}" = lport=138 | protocol=17 | dir=in | app=system |
"{F3688C7B-5672-45D6-905F-E3AE10F5E1B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F62BCFAB-2B76-4D8E-9B1E-2060C81522E2}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E52412A-0D47-4964-9093-3625CF5228F2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{288442FF-1E22-4AEC-A89D-7FB626DAF7F4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{3199635A-9D28-4490-91E8-F1BEAA1F7D63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{435D1891-9796-493B-8950-16A88DBCB9FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{4C6F6944-A529-4118-96AF-048C7DC73EFA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{512BC9BE-B3EC-486D-AB21-C685726083AF}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{59DA65D1-7EFF-491B-A862-E82CC068D11F}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{6275E0C4-FD25-40C7-9165-B6B1909F2C3B}" = protocol=1 | dir=out | [email protected],-28544 |
"{8CDE0AB1-E26D-41BA-8ABA-2ADE115ABBCF}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AA5B92B9-2085-459B-A351-1A4F0CD2517B}" = protocol=58 | dir=in | [email protected],-28545 |
"{D5915510-6762-4169-98CA-BC5AF1C125A0}" = protocol=1 | dir=in | [email protected],-28543 |
"{D6536461-AE10-4641-B332-624F3C638791}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
"{E0662F5E-043D-41D7-AFD6-F9C630B9340C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F7DD78ED-9636-4DD2-BA8B-940B9AD86BF6}" = protocol=58 | dir=out | [email protected],-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs
"{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java™ 6 Update 21 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"Dell Support Center" = Dell Support Center
"DW WLAN Card Utility" = DW WLAN Card Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese
"{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{343DB62F-891F-45EC-BED3-E2F56CEB1B7C}" = Adobe Flash Player 10 Plugin
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding
"{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy
"{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean
"{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English
"{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon Browser Settings" = Amazon Browser Settings
"AVG Nation toolbar" = AVG Nation toolbar
"Browsersafeguard" = BrowserSafeguard
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"MSC" = McAfee Security Center
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2010 6:48:56 AM | Computer Name = WIN-SOINC0R9RHV | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 11/27/2010 6:48:57 AM | Computer Name = WIN-SOINC0R9RHV | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 10/30/2013 3:05:37 PM | Computer Name = Dell-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3284 (0xcd4) Thread address : 0x0000000076ECFDCA Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files (x86)\Adobe\Reader
9.0\Esl\AiodLite.dll by \??\C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/30/2013 3:07:20 PM | Computer Name = Dell-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 3268 (0xcc4) Thread address : 0x0000000076ECFDCA Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files (x86)\Common
Files\microsoft shared\ink\mip.exe by \??\C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/30/2013 3:09:00 PM | Computer Name = Dell-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5488 (0x1570) Thread address : 0x0000000076ECFDCA Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files (x86)\Dell
DataSafe Local Backup\Components\AppDrv\STImageM.dll by \??\C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/30/2013 3:10:39 PM | Computer Name = Dell-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2636 (0xa4c) Thread address : 0x0000000076ECFDCA Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files (x86)\McAfee\Temp\qxz2C4D\mpsuc.dll

by \??\C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 10/30/2013 3:12:19 PM | Computer Name = Dell-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 5268 (0x1494) Thread address : 0x0000000076ECFDCA Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files (x86)\Microsoft
Sync Framework\v1.0\Runtime\x86\FileSyncProvider.dll by \??\C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/30/2013 3:13:58 PM | Computer Name = Dell-PC | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 7268 (0x1c64) Thread address : 0x0000000076ECFDCA Thread message : Build VSCORE.14.2.0.723
/ 5400.1158 Object being scanned = \Device\HarddiskVolume3\Program Files (x86)\WildTangent\Dell
Games\FATE Undiscovered Realms\GDF.dll by \??\C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 10/30/2013 2:50:28 PM | Computer Name = Dell-PC | Source = EventSystem | ID = 4621
Description =

Error - 10/30/2013 5:44:40 PM | Computer Name = Dell-PC | Source = EventSystem | ID = 4621
Description =

[ Broadcom Wireless LAN Events ]
Error - 10/30/2013 2:36:04 PM | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 18:36:04, Wed, Oct 30, 13 Error - Unable to get current user admin
status

Error - 10/30/2013 2:38:31 PM | Computer Name = Dell-PC | Source = WLAN-Tray | ID = 0
Description = 18:38:31, Wed, Oct 30, 13 Error - Unable to switch user context, authentication
information not set correctly

[ Dell Events ]
Error - 10/30/2013 5:42:35 PM | Computer Name = Dell-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 10/30/2013 3:05:38 PM | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 10/30/2013 3:07:20 PM | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 2
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 10/30/2013 3:09:00 PM | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 3
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 10/30/2013 3:10:39 PM | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 4
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 10/30/2013 3:12:19 PM | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7031
Description = The McShield service terminated unexpectedly. It has done this 5
time(s). The following corrective action will be taken in 5000 milliseconds: Restart
the service.

Error - 10/30/2013 3:13:58 PM | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7034
Description = The McShield service terminated unexpectedly. It has done this 6
time(s).

Error - 10/30/2013 2:37:38 PM | Computer Name = Dell-PC | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753636.


< End of report >
  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

A few questions first as follows...

1 - Does the presently installed McAfee Security Software have a active subscription or not ?

2 - Also have you made any changes what so ever to the computer since it is now able to boot up normally apart from what I have advised ?

Next:

I have a fair few tasks for your good self to complete below, just take your time and all should go well etc...

Now please go to Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

BrowserSafeguard <-- Adware related dross.
Java™ 6 Update 21 (64-bit) <-- I will advice about a new installation in due course.
Skype Toolbars <-- Has undersirible characteristics.

To do so click once on each of the above to highlight and then click on Uninstall/Change and follow the prompts.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Check Proxy Settings:

Launch Internet Options...

  • Click on Start(Windows 7 Orb) >> Control Panel >> Network and Internet >> Internet Options
  • Or via Start(Windows 7 Orb) >> Control Panel >> >> Internet Options
  • Once the Internet Properties window appears >> click on Connections >> LAN settings
  • Ensure Automatically detect settings is selected and the following are not:
Use automatic configuration script

Use a proxy server for your LAN
  • Click on OK >> OK to close the Internet Properties window.
Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outlined in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution

I advise you download and run the Disable Windows Sidebar and Gadgets Fixtit utility to recify this.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49181;https=127.0.0.1:49181;
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49181;https=127.0.0.1:49181;
IE - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49181;https=127.0.0.1:49181;
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-2468056604-4058212393-1660063125-1000..\Run: [BrowserSafeguard] C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe (BrowserSafeguard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
[2013/10/30 21:41:23 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Amazon Browser Bar
[2013/10/30 21:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon Browser Bar
[2013/10/30 21:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard
[2013/10/30 21:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Browsersafeguard
[2013/10/30 19:02:07 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\AVG2014
[2013/10/30 19:01:34 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\AVG Nation toolbar
[2013/10/30 19:01:29 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\TuneUp Software
[2013/10/30 19:01:18 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/10/30 19:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Nation toolbar
[2013/10/30 19:01:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/10/30 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Nation toolbar
[2013/10/30 19:00:03 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/10/30 19:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/10/30 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\SparkTrust
[2013/10/30 18:58:00 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Roaming\DriverCure
[2013/10/30 18:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/10/30 18:56:51 | 000,000,000 | ---D | C] -- C:\Users\Dell\AppData\Local\Avg2014

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar]

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to your desktop.

Note: The installer will be randomly named, say for example something like 549od2jqai.exe

  • Right-click on the randomly named exe file and select Run as Administrator, then follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered ?
  • Answers to my McAfee and possible changes made queries.
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#13
jh2222

jh2222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi :)

in response two your two questions

1) I do not have an active license for the McAfee Security Software
2) I have made changes to the compute (i have backed up any documents and files that i wished to keep and then proceeded to restore the laptop to its original factory setting)

i hope that i havent done something wrong in making these changes.
i will however continue as you have instructed.
  • 0

#14
jh2222

jh2222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
computer appears to be running better! :)
  • 0

#15
jh2222

jh2222

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2468056604-4058212393-1660063125-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BrowserSafeguard deleted successfully.
C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
C:\Users\Dell\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\Dell\AppData\Local\Amazon Browser Bar folder moved successfully.
C:\Program Files (x86)\Amazon Browser Bar folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard folder moved successfully.
C:\Program Files (x86)\Browsersafeguard\Resources folder moved successfully.
C:\Program Files (x86)\Browsersafeguard folder moved successfully.
C:\Users\Dell\AppData\Roaming\AVG2014\cfgall folder moved successfully.
C:\Users\Dell\AppData\Roaming\AVG2014 folder moved successfully.
C:\Users\Dell\AppData\Local\AVG Nation toolbar\SiteSafety folder moved successfully.
C:\Users\Dell\AppData\Local\AVG Nation toolbar\DNT folder moved successfully.
C:\Users\Dell\AppData\Local\AVG Nation toolbar folder moved successfully.
C:\Users\Dell\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Dell\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Dell\AppData\Roaming\TuneUp Software folder moved successfully.
C:\WINDOWS\SysNative\drivers\avgtpx64.sys moved successfully.
C:\ProgramData\AVG Nation toolbar\Toolbar folder moved successfully.
C:\ProgramData\AVG Nation toolbar\Logger folder moved successfully.
C:\ProgramData\AVG Nation toolbar folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\RewardsInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DriverInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\17.0.12 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\UninstallRes\ClientPackage\Images\uninstall folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\UninstallRes\ClientPackage\Images folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\UninstallRes\ClientPackage folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\UninstallRes folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\Licenses folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\EnableHelperRes\Images folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\EnableHelperRes folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\DSPDlg_IE folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\ChromeRes\AVG Secure Search folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\ChromeRes\AVG SafeGuard toolbar folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\ChromeRes\AVG Nation toolbar folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\ChromeRes folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\Chrome\content\icons folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\Chrome\content folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\Chrome folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar\17.0.0.12 folder moved successfully.
C:\Program Files (x86)\AVG Nation toolbar folder moved successfully.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG folder moved successfully.
C:\ProgramData\AVG2014\log folder moved successfully.
C:\ProgramData\AVG2014\IDS\quarantine folder moved successfully.
C:\ProgramData\AVG2014\IDS\config folder moved successfully.
C:\ProgramData\AVG2014\IDS folder moved successfully.
C:\ProgramData\AVG2014\DB folder moved successfully.
C:\ProgramData\AVG2014\Cfg folder moved successfully.
C:\ProgramData\AVG2014 folder moved successfully.
C:\Users\Dell\AppData\Roaming\SparkTrust\SparkTrust PC Cleaner Plus folder moved successfully.
C:\Users\Dell\AppData\Roaming\SparkTrust folder moved successfully.
C:\Users\Dell\AppData\Roaming\DriverCure folder moved successfully.
C:\ProgramData\SparkTrust\SparkTrust PC Cleaner Plus folder moved successfully.
C:\ProgramData\SparkTrust folder moved successfully.
C:\Users\Dell\AppData\Local\Avg2014\update\prepare folder moved successfully.
C:\Users\Dell\AppData\Local\Avg2014\update\download folder moved successfully.
C:\Users\Dell\AppData\Local\Avg2014\update\backup folder moved successfully.
C:\Users\Dell\AppData\Local\Avg2014\update folder moved successfully.
C:\Users\Dell\AppData\Local\Avg2014\temp folder moved successfully.
C:\Users\Dell\AppData\Local\Avg2014\log folder moved successfully.
C:\Users\Dell\AppData\Local\Avg2014\fet folder moved successfully.
C:\Users\Dell\AppData\Local\Avg2014 folder moved successfully.
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::f597:6bc6:8f68:6b42%13
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{BF21B0DA-5F9D-4A4E-BFC1-99D89E150F31}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{FAA99234-BE29-46A9-8739-26D55A1E2B93}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{D0C2F72B-C430-48B6-A001-3E3EF22BD046}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3c87:df43:7c1c:20bf
Link-local IPv6 Address . . . . . : fe80::3c87:df43:7c1c:20bf%18
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{AA47434D-46E6-461F-BE47-E16C89FC5167}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Dell\Desktop\cmd.bat deleted successfully.
C:\Users\Dell\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::f597:6bc6:8f68:6b42%13
IPv4 Address. . . . . . . . . . . : 192.168.0.105
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{BF21B0DA-5F9D-4A4E-BFC1-99D89E150F31}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{FAA99234-BE29-46A9-8739-26D55A1E2B93}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{D0C2F72B-C430-48B6-A001-3E3EF22BD046}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:14bd:de29:7c1c:20bf
Link-local IPv6 Address . . . . . : fe80::14bd:de29:7c1c:20bf%18
Default Gateway . . . . . . . . . : ::
Tunnel adapter isatap.{AA47434D-46E6-461F-BE47-E16C89FC5167}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Dell\Desktop\cmd.bat deleted successfully.
C:\Users\Dell\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dell\Desktop\cmd.bat deleted successfully.
C:\Users\Dell\Desktop\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Dell\Desktop\cmd.bat deleted successfully.
C:\Users\Dell\Desktop\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Dell\Desktop\cmd.bat deleted successfully.
C:\Users\Dell\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Dell\Desktop\cmd.bat deleted successfully.
C:\Users\Dell\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Dell\Desktop\cmd.bat deleted successfully.
C:\Users\Dell\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Nation toolbar\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dell
->Temp folder emptied: 63123718 bytes
->Temporary Internet Files folder emptied: 51389745 bytes
->Flash cache emptied: 658 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2787637 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 112.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10312013_133457

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
C:\Users\Dell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Dell\AppData\Local\Temp\~DF30FAB7FFB7797289.TMP not found!
File\Folder C:\Users\Dell\AppData\Local\Temp\~DF5CA1C9940F93EC71.TMP not found!
File\Folder C:\Users\Dell\AppData\Local\Temp\~DF7B181BE8F6E32D6C.TMP not found!
File\Folder C:\Users\Dell\AppData\Local\Temp\~DFA43D92F58928582A.TMP not found!
File\Folder C:\Users\Dell\AppData\Local\Temp\~DFD1C9389B543062DB.TMP not found!
File\Folder C:\Users\Dell\AppData\Local\Temp\~DFF7F142BA16CCB2A5.TMP not found!
C:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BMMYJ2HG\page__gopid__2345244[1].htm moved successfully.
C:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Dell\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP