Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Security Center can't be started (or found)

Started by IlseL , Oct 29 2013 06:37 AM

  • Please log in to reply

#1
IlseL
Posted 29 October 2013 - 06:37 AM

IlseL

    New Member

  • Member
  • Pip
  • 2 posts
I've tried everything -I don't know much about computers, but all the solutions I've tried either fail because I can't follow the instructions to the letter (I can't find Security Center in the services link, as instructed by microsoft fix) or they aren't compatible with my operating system (although the description file says they are). I'm using Windows 7 Home Premium version 6.1 version 7600, and can't start automatic updates or the windows security center. I'm running the free version of Avast as antispyware.

The OTL text is
OTL logfile created on: 2013/10/29 02:20:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

3.86 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 48.54% Memory free
7.73 Gb Paging File | 5.24 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 230.78 Gb Free Space | 51.16% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/10/29 14:20:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013/10/16 04:41:48 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/15 11:05:34 | 000,410,416 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013/10/15 10:16:53 | 000,639,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2013/10/14 19:41:22 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/10/14 19:41:21 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/14 19:41:19 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/10/10 18:10:18 | 029,768,376 | ---- | M] (Dropbox, Inc.) -- C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/09 02:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/03/15 15:18:26 | 000,107,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2013/01/17 16:08:26 | 000,267,792 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2012/12/17 18:33:38 | 002,107,304 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe
PRC - [2010/01/14 07:30:16 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
PRC - [2009/11/26 11:53:44 | 000,447,488 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/28 13:42:58 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/10/15 11:05:34 | 000,410,416 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013/10/15 11:03:00 | 001,057,792 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013/10/10 18:09:30 | 003,558,400 | ---- | M] () -- C:\Users\user\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/09 15:22:58 | 000,254,976 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\plugins\npDefaultTabSearch.dll
MOD - [2013/10/09 02:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 02:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 02:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/09 02:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/09 02:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\user\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/15 11:05:30 | 001,754,928 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013/10/14 19:41:21 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/10/14 19:41:19 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2013/09/06 18:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2009/12/17 17:57:06 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/08/17 21:09:52 | 000,868,128 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/17 09:06:22 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2007/02/12 16:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013/10/28 13:42:59 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/07 18:54:08 | 000,573,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/02 01:26:16 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/15 15:18:26 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/01/18 17:10:18 | 000,577,536 | ---- | M] (Research In Motion Limited) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (Blackberry Device Manager)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/14 07:30:16 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe -- (QDLService2kDell)
SRV - [2009/11/26 11:53:44 | 000,447,488 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2009/09/30 20:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 20:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/14 19:41:57 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/10/14 19:41:57 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/14 19:41:57 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/10/14 19:41:56 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/10/14 19:41:56 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013/10/14 19:41:56 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013/10/14 19:41:56 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/14 19:41:56 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/14 19:41:56 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/14 19:41:56 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/10/14 19:41:56 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/03/13 20:01:59 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2013/01/03 13:50:48 | 000,078,336 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/10 15:48:02 | 000,044,544 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/05/16 09:34:34 | 000,120,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2010/09/08 10:23:18 | 000,235,520 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV:64bit: - [2010/09/08 10:23:18 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2010/09/08 10:23:18 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2010/09/08 10:23:18 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010/09/08 10:23:18 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010/09/08 10:23:18 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2010/09/01 14:33:12 | 000,075,776 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum)
DRV:64bit: - [2010/02/26 23:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/23 08:14:02 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/17 18:30:28 | 006,178,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/18 18:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/13 14:42:52 | 000,074,272 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdgx64.sys -- (O2MDGRDR)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/17 09:06:20 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/17 09:06:16 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 01:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/01 12:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 12:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 12:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/11/12 13:50:46 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pur...008&lg=EN&cc=ZA
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur...008&lg=EN&cc=ZA
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...E-0026B9B5E557}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=3513&t=07
IE - HKCU\..\SearchScopes,DefaultScope = {2F005745-2BDC-4FB3-BA31-F4D74038F813}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...3_ctrl&tsp=4951
IE - HKCU\..\SearchScopes\{2F005745-2BDC-4FB3-BA31-F4D74038F813}: "URL" = http://search.ividi....&affilt=3&r=614
IE - HKCU\..\SearchScopes\{516BD968-3DAF-45BA-90C8-BF07FF15C348}: "URL" = http://search.condui...5522053166&UM=1
IE - HKCU\..\SearchScopes\{AF228AE0-9183-47B6-A02F-DD9052D6924F}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur...008&lg=EN&cc=ZA
IE - HKCU\..\SearchScopes\{EABC546B-9CC1-442B-9FB5-6AFAEC4414AB}: "URL" = http://search.sweeti...E-0026B9B5E557}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\user\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll (Search.Us.com)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\user\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll (Search.Us.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/07/17 18:12:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/09/02 12:31:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2013/09/02 12:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2013/04/11 10:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions
[2013/04/11 10:24:54 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2013/07/17 10:26:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013/03/15 15:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2013/03/15 15:02:32 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\0\extensions\[email protected]
[2012/07/31 17:59:18 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\extensions\[email protected]
[2013/01/24 22:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.sweetpack...?barid=&src=10
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Disabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: npAPI Plugin (Disabled) = C:\Users\user\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll
CHR - plugin: npAPI Ghost Plugin (Disabled) = C:\Users\user\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Babylon Toolbar = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: BitTorrentControl_v12 = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf\10.16.100.504_0\
CHR - Extension: Discount App = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebecfccgbkpeokcdilobdffbkkibjdgh\1.0.0.1_0\
CHR - Extension: Delta Toolbar = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.1_0\
CHR - Extension: avast! Online Security = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: SeAArcuh-NewTaB = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaniefbalkpcpmenlphenpinpdipbca\1\
CHR - Extension: saffe savve = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmonibglblhdpdpekconfbiefgdgglgj\1\
CHR - Extension: RealDownloader = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Torntv = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf\1.1_0\
CHR - Extension: StumbleUpon = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.9.19.1_0\
CHR - Extension: DefaultTab = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\
CHR - Extension: SeAArcuh-NewTaB = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiniocdpjkcdkciinlhmejcblohdldnc\1\
CHR - Extension: StayFocusd = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.4.4_0\
CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
CHR - Extension: saffe savve = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahpeadnfncopdppoelifoccmgohkjao\1\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Groove GFS Browser Helper) - {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\dhcpcsvcc6.dll ()
O2 - BHO: (saffe savve) - {3C523068-8BE6-04F8-0FE2-774405EF900A} - C:\ProgramData\saffe savve\51ecf5f371092.dll File not found
O2 - BHO: (wxDownload) - {3FBFEDF7-354D-9C26-96F3-4EB0559206F8} - C:\ProgramData\wxDownload\51056ec77b9a9.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (ividi Helper Object) - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll (Unitech LLC)
O2 - BHO: (SeAArcuh-NewTaB) - {8BB64FC3-8B04-CF3A-57E5-55E885ED4D75} - C:\ProgramData\SeAArcuh-NewTaB\51ecf9346051f.dll File not found
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Discount App BHO ) - {9A725C93-BD12-4901-ACFB-887FB5CF3475} - C:\Program Files (x86)\DiscountApp\1.0.0.1\Extension.dll (Discount App)
O2 - BHO: (SeAArcuh-NewTaB) - {9C24F966-6BF6-974D-5D1F-1D1A8EC6A576} - C:\ProgramData\SeAArcuh-NewTaB\51ecf66958ca3.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (wxDownload) - {AEA57908-4CAB-A394-9841-DA701A452380} - C:\ProgramData\wxDownload\5101a5b5f2249.dll ()
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Discount App ) - {F5AED250-DDA0-483F-B941-AAB3297E1FE8} - C:\Program Files (x86)\DiscountApp\1.0.0.1\Extension.dll (Discount App)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [FreeCT] C:\Program Files (x86)\FreeCountdownTimer\FreeCountdownTimer.exe (Comfort Software Group)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{072D6A1B-C29D-45BC-8DA2-2DB387B48863}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15F74F7D-DC21-4E68-82C3-6E93CD4C79BB}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABD0074A-644E-4A9B-A0D0-04D9E121EDA1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2FD33A7-279D-4FE1-9967-C1517CF07CD2}: NameServer = 196.207.35.29 196.207.35.30
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{010931d0-c2be-11e1-81a3-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{010931d0-c2be-11e1-81a3-0026b9b5e557}\Shell\AutoRun\command - "" = E:\Setup.exe /Auto
O33 - MountPoints2\{41b0a1ad-a7f2-11e1-8cdc-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{41b0a1ad-a7f2-11e1-8cdc-0026b9b5e557}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{73854d88-7608-11e2-a4bd-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{73854d88-7608-11e2-a4bd-0026b9b5e557}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ba03a3cf-7f46-11e1-b049-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{ba03a3cf-7f46-11e1-b049-0026b9b5e557}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d261bee1-1792-11e3-845a-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{d261bee1-1792-11e3-845a-0026b9b5e557}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/29 14:19:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/10/28 15:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/10/28 15:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2013/10/28 14:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Countdown Timer
[2013/10/28 14:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeCountdownTimer
[2013/10/28 14:20:37 | 001,985,112 | ---- | C] (Comfort Software Group ) -- C:\Users\user\Desktop\FreeCountdownTimerSetup.exe
[2013/10/28 13:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/10/28 13:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/10/28 13:25:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/26 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/26 15:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/26 15:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/26 15:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/26 15:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/22 13:42:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diner Dash 5 - BOOM
[2013/10/22 13:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxy Games
[2013/10/22 13:42:25 | 000,000,000 | ---D | C] -- C:\Downloads
[2013/10/22 12:41:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diner Dash Flo Through Time
[2013/10/22 12:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diner Dash Flo Through Time
[2013/10/22 12:40:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3052
[2013/10/22 11:48:46 | 000,000,000 | ---D | C] -- C:\Windows\Diner Dash Flo Through Time
[2013/10/22 11:48:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\3045
[2013/10/21 15:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/21 15:38:48 | 000,270,824 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/10/21 15:38:47 | 000,131,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013/10/21 15:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/10/21 08:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ljkb
[2013/10/21 08:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013/10/16 16:45:46 | 000,044,544 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2013/10/16 16:45:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2013/10/16 16:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\XCPCSync.OEM
[2013/10/16 15:29:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Blackberry Desktop
[2013/10/16 15:15:32 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\BlackBerry
[2013/10/16 15:14:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Research In Motion
[2013/10/16 15:14:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Research In Motion
[2013/10/16 15:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2013/10/16 15:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2013/10/16 15:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2013/10/15 11:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2013/10/15 10:16:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2013/10/15 10:15:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\uTorrent
[2013/10/15 10:15:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\uTorrent
[2013/10/11 10:31:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wedding Dash Ready, Aim, Love D-Reamz.com
[2013/10/11 10:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bigup16
[2013/10/09 16:29:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wedding Dash
[2013/10/08 15:25:06 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Downloads
[2013/10/08 15:24:58 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\qBittorrent
[2013/10/08 15:12:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Easy BitTorrent Client
[2013/10/08 15:12:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Easy BitTorrent Client
[2013/10/08 15:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiscountApp
[2013/10/07 17:02:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\ZTEMTUI
[2013/10/05 17:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/05 17:00:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/10/05 17:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/05 17:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/03 17:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wedding Dash
[2013/10/03 17:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade
[2013/10/03 16:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2013/10/03 15:36:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameHouse
[2013/10/02 18:14:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/10/02 11:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unitech LLC
[2013/10/02 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Unitech LLC
[2013/10/02 10:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/10/02 10:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/10/02 10:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

========== Files - Modified Within 30 Days ==========

[2013/10/29 14:23:32 | 000,002,110 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/10/29 14:23:31 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013/10/29 14:22:32 | 012,154,520 | ---- | M] () -- C:\Users\user\Desktop\Unconfirmed 130611.crdownload
[2013/10/29 14:20:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2013/10/29 14:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/29 13:58:06 | 000,000,258 | RHS- | M] () -- C:\Users\user\ntuser.pol
[2013/10/29 13:47:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/29 13:30:32 | 001,059,840 | ---- | M] () -- C:\Users\user\Desktop\MicrosoftFixit50981.msi
[2013/10/29 13:25:02 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 13:25:01 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 13:17:26 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/29 13:17:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/29 13:17:12 | 3111,550,976 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/29 12:13:51 | 000,086,898 | ---- | M] () -- C:\Users\user\Desktop\800px-01Kolmannskuppe.jpg
[2013/10/29 11:57:09 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-10448698-1835952776-3826272774-1000UA.job
[2013/10/29 11:57:02 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-10448698-1835952776-3826272774-1000Core.job
[2013/10/29 11:44:20 | 000,071,952 | ---- | M] () -- C:\Users\user\Desktop\listverse-author-guide.pdf
[2013/10/29 11:17:02 | 000,073,790 | ---- | M] () -- C:\Users\user\Desktop\23.jpg
[2013/10/29 10:12:15 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\At1.job
[2013/10/29 08:13:17 | 001,109,051 | ---- | M] () -- C:\Users\user\Desktop\Yoga_for_starter_Infographic.pdf
[2013/10/28 15:16:51 | 000,001,931 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/10/28 15:16:51 | 000,001,931 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/10/28 14:21:33 | 000,001,127 | ---- | M] () -- C:\Users\user\Desktop\Free Countdown Timer.lnk
[2013/10/28 14:21:09 | 001,985,112 | ---- | M] (Comfort Software Group ) -- C:\Users\user\Desktop\FreeCountdownTimerSetup.exe
[2013/10/28 13:25:39 | 000,002,299 | ---- | M] () -- C:\Users\user\Desktop\Chrome App Launcher.lnk
[2013/10/28 06:41:19 | 000,391,145 | ---- | M] () -- C:\Users\user\Desktop\Six.Feet.Under.S01-S05.Complete.torrent
[2013/10/26 15:46:38 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/22 18:37:28 | 001,095,945 | ---- | M] () -- C:\Users\Public\Documents\Microwave manual.pdf
[2013/10/21 15:38:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/21 15:31:47 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/10/16 16:46:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2013/10/16 16:45:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2013/10/16 16:45:19 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2013/10/16 15:15:57 | 000,004,608 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/16 15:15:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2013/10/16 13:28:56 | 000,782,044 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/16 13:28:56 | 000,667,004 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/16 13:28:56 | 000,125,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/15 11:05:30 | 001,754,928 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe
[2013/10/15 10:59:58 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2013/10/15 10:16:54 | 000,000,967 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/10/15 10:16:54 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/10/14 19:41:57 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/14 19:41:57 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/14 19:41:57 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/14 19:41:56 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/14 19:41:56 | 000,270,824 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/10/14 19:41:56 | 000,131,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013/10/14 19:41:56 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/14 19:41:56 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/14 19:41:56 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/14 19:41:56 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/14 19:41:56 | 000,022,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013/10/14 19:41:27 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/14 19:41:03 | 000,295,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/14 18:14:31 | 000,001,047 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/03 17:31:18 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat

========== Files Created - No Company Name ==========

[2013/10/29 14:23:31 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2013/10/29 14:22:28 | 005,570,560 | ---- | C] () -- C:\Users\user\Desktop\Unconfirmed 130611.crdownload
[2013/10/29 13:24:58 | 001,059,840 | ---- | C] () -- C:\Users\user\Desktop\MicrosoftFixit50981.msi
[2013/10/29 12:13:51 | 000,086,898 | ---- | C] () -- C:\Users\user\Desktop\800px-01Kolmannskuppe.jpg
[2013/10/29 11:44:19 | 000,071,952 | ---- | C] () -- C:\Users\user\Desktop\listverse-author-guide.pdf
[2013/10/29 11:17:02 | 000,073,790 | ---- | C] () -- C:\Users\user\Desktop\23.jpg
[2013/10/29 08:13:16 | 001,109,051 | ---- | C] () -- C:\Users\user\Desktop\Yoga_for_starter_Infographic.pdf
[2013/10/28 14:21:33 | 000,001,127 | ---- | C] () -- C:\Users\user\Desktop\Free Countdown Timer.lnk
[2013/10/28 13:43:06 | 000,001,931 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/10/28 13:43:06 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/10/28 13:25:39 | 000,002,299 | ---- | C] () -- C:\Users\user\Desktop\Chrome App Launcher.lnk
[2013/10/28 06:41:19 | 000,391,145 | ---- | C] () -- C:\Users\user\Desktop\Six.Feet.Under.S01-S05.Complete.torrent
[2013/10/26 15:46:38 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/22 18:37:28 | 001,095,945 | ---- | C] () -- C:\Users\Public\Documents\Microwave manual.pdf
[2013/10/22 11:48:13 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\At1.job
[2013/10/21 15:31:47 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/10/16 16:46:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
[2013/10/16 16:45:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
[2013/10/16 15:15:56 | 000,004,608 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/10/16 15:15:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2013/10/16 15:12:54 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2013/10/15 10:16:54 | 000,000,967 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013/10/15 10:16:54 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013/10/04 19:34:21 | 000,001,047 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/10/03 17:31:18 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/09/15 14:49:20 | 001,675,665 | ---- | C] () -- C:\Users\user\fac_ebe_UG_2013.pdf
[2013/09/15 14:46:42 | 000,366,176 | ---- | C] () -- C:\Users\user\Admission requirements 2013-2014.pdf
[2013/09/15 14:44:39 | 000,100,603 | ---- | C] () -- C:\Users\user\ND ENGINEERING MECHANICAL MECHATRONICS Course Information and Fees Cape Peninsula University of Technology.htm
[2013/08/21 10:43:26 | 000,112,970 | ---- | C] () -- C:\Users\user\944790_619442984743690_2084329888_n.jpg
[2013/07/31 12:35:35 | 000,125,370 | ---- | C] () -- C:\Users\user\Buzzy.pdf
[2013/07/31 12:30:40 | 000,137,446 | ---- | C] () -- C:\Users\user\BluesPhrases.pdf
[2013/07/31 12:29:50 | 000,043,538 | ---- | C] () -- C:\Users\user\NobleWattsLicks.pdf
[2013/07/31 12:28:35 | 000,093,962 | ---- | C] () -- C:\Users\user\call it stormy monday.jpg
[2013/07/31 12:27:34 | 000,023,458 | ---- | C] () -- C:\Users\user\old man blues.png
[2013/07/31 12:27:22 | 000,026,241 | ---- | C] () -- C:\Users\user\fair dunkem blues.png
[2013/07/31 12:26:49 | 000,445,776 | ---- | C] () -- C:\Users\user\dominant-7th-scales-alto-bari-sax2.jpg
[2013/07/31 12:26:29 | 000,624,365 | ---- | C] () -- C:\Users\user\pentonic minor scales.jpeg
[2013/07/31 12:25:53 | 000,097,916 | ---- | C] () -- C:\Users\user\c minor.jpg
[2013/07/31 12:25:43 | 001,085,614 | ---- | C] () -- C:\Users\user\Sacel.jpg
[2013/07/31 12:25:25 | 000,108,951 | ---- | C] () -- C:\Users\user\SCALES.png
[2013/07/31 12:23:50 | 000,066,209 | ---- | C] () -- C:\Users\user\One octave scale.png
[2013/07/25 12:26:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\d3ddx10_42.dll
[2013/07/23 11:19:54 | 000,033,599 | ---- | C] () -- C:\Users\user\alto_sax.gif
[2013/05/26 22:30:45 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg
[2013/03/27 11:54:21 | 010,975,452 | ---- | C] () -- C:\Users\user\econ252_11.zip
[2013/03/27 11:53:41 | 001,290,949 | ---- | C] () -- C:\Users\user\econ251.zip
[2013/03/27 11:43:33 | 011,437,594 | ---- | C] () -- C:\Users\user\econ159.zip
[2013/03/27 11:39:41 | 018,632,297 | ---- | C] () -- C:\Users\user\econ252.zip
[2013/03/27 11:07:53 | 003,083,054 | ---- | C] () -- C:\Users\user\beng100.zip
[2013/03/15 15:18:31 | 000,000,258 | RHS- | C] () -- C:\Users\user\ntuser.pol
[2013/03/01 17:25:41 | 000,114,176 | ---- | C] () -- C:\Users\user\AppData\Roaming\BabMaint.exe
[2010/10/14 11:54:11 | 000,002,655 | ---- | C] () -- C:\Users\user\Microsoft Office Excel 2007.lnk
[2010/10/04 08:59:14 | 000,002,144 | ---- | C] () -- C:\Users\user\Dell Mobile Broadband Utility.lnk
[2010/10/01 13:17:21 | 000,002,014 | ---- | C] () -- C:\Users\user\Adobe Reader 9.lnk

========== ZeroAccess Check ==========

[2009/07/14 03:43:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\@
[2013/07/22 14:30:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\L
[2013/10/14 13:29:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\U
[2013/08/27 09:53:56 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\L\00000004.@
[2013/07/22 12:12:45 | 000,001,024 | ---- | M] () -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\U\00000008.@
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009/11/12 22:03:21 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/11/12 21:43:07 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/24 22:57:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BabSolution
[2013/01/24 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
[2013/10/14 10:41:35 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitTorrent
[2013/10/16 15:29:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Blackberry Desktop
[2013/07/22 12:05:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Comical
[2013/03/15 15:18:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DefaultTab
[2013/03/15 15:03:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Delta
[2013/09/06 14:38:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Diary Defender
[2013/10/29 13:18:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2013/10/08 15:25:06 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Easy BitTorrent Client
[2013/07/22 15:02:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HoolappForAndroid
[2013/10/22 13:51:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
[2013/06/21 13:35:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PotPlayer
[2013/05/11 19:02:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PotPlayerMini
[2013/10/08 15:24:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\qBittorrent
[2013/10/16 15:15:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Research In Motion
[2013/09/02 12:31:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thunderbird
[2013/10/02 11:58:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unitech LLC
[2013/10/29 14:29:37 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2013/09/07 12:47:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Vodafone
[2011/11/29 17:22:24 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2013/10/07 17:03:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ZTEEVDO
[2013/10/07 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ZTEMTUI

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E5DE9C8F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:33384BC0

< End of report >
  • 0

Advertisements

#2
23red
Posted 29 October 2013 - 08:00 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
I'm 23red, and it'll be my pleasure to assist you with your problem. :D I am currently reviewing your log. In the meantime, I'd be grateful if you would note the following:

• As I am currently in training, I will be helping you under the supervision of our Expert Teachers. As such, there will likely be a delay between posts.

• Please make sure to carefully read every post completely before doing anything.

If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!

Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

• Please stick with me until all malware is gone from your system. Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear of malware.

• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

• Thanks for your understanding and patience. I'll be back with you as soon as possible.

• In the mean time, may you please post the Extras.txt that was produced at the same time as the log posted. It should be located on your Desktop.
  • 0

#3
IlseL
Posted 29 October 2013 - 09:23 AM

IlseL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi 23rd, thanks for the help. I will follow all your instructions, herewith the extras you requested:
OTL Extras logfile created on: 2013/10/29 02:20:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

3.86 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 48.54% Memory free
7.73 Gb Paging File | 5.24 Gb Available in Paging File | 67.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 230.78 Gb Free Space | 51.16% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0B7CA3E4-4BA2-216B-51AC-6A28FCA3D13F}" = ATI Catalyst Install Manager
"{1B63EC30-5A9F-449D-BBCA-8DA4214FBFA9}" = O2Micro Flash Memory Card Windows Driver
"{2A6F3EB0-17B2-CF6E-EA21-4FA0F7133CC8}" = ATI AVIVO64 Codecs
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6A1A7434-D996-350A-F6FD-3A3EF8189B7E}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A04DCB25-7040-4935-A30D-8E0A893ABF2D}" = iTunes
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 5.00 beta 7 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{045EB31E-AE9B-9726-428B-C56CED299D17}" = CCC Help Korean
"{07A80ED7-EE6F-DAF7-2B68-7BFC0AB394C8}" = Catalyst Control Center Localization All
"{088DF54D-6FFC-8C91-02D5-A461DCC2E652}" = wxDownload
"{0B2B4860-D5C9-5903-99A2-844B2F3184CC}" = CCC Help German
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{1A7CDBFD-9FE9-83AC-6AB4-19EDD22D06E2}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{233DC280-BF32-3C6A-3DE0-9C0E15A55294}" = CCC Help Swedish
"{2353A12B-AA20-5EB7-3361-CEB8055FD3AC}" = CCC Help Chinese Standard
"{26427E43-8B33-7063-F26D-59C1120CE2DF}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{26C96F4B-F019-3F40-1352-AD5298450372}" = CCC Help French
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{404245D0-E836-4737-9C12-D4D0034540F5}_is1" = Free Countdown Timer 2.7.2
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ADEAE70-10F8-6EE1-1CB5-B68B4917C565}" = CCC Help Norwegian
"{4C11F1A6-CE0F-93C8-B108-228A4A551789}" = Catalyst Control Center InstallProxy
"{4E15A0E1-A588-C578-E0C3-4835BA0225ED}" = CCC Help Finnish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{5030C973-F5BA-4432-860C-A3DA77BFEB05}" = Qualcomm Gobi 2000 Package for Dell
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57FE772D-FA6C-65C7-58E7-9CEC7E3501B7}" = CCC Help Italian
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64A7F1FB-ACEC-BAFB-8FAD-BB87580D796C}" = Catalyst Control Center Graphics Full Existing
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79FC04F1-E592-C8D7-41CE-319A8B900902}" = CCC Help Portuguese
"{82B21A86-5526-9BA3-2B17-65AF582BF267}" = Catalyst Control Center Core Implementation
"{8C3737D8-5958-218F-8219-9117054430F5}" = Catalyst Control Center Graphics Light
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F803766-0BAB-CACF-5943-4099F0DFBCE7}" = CCC Help Chinese Traditional
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A725C93-BD12-4901-ACFB-887FB5CF3475}" = DiscountApp
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AFA32E15-B53C-0C82-2C91-93C927258842}" = CCC Help Spanish
"{B4483ACC-2281-6167-02E6-4171E7F9A9A8}" = Catalyst Control Center Graphics Previews Vista
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BE5B0450-DCCB-4FE9-93E2-3B38D88A745B}" = BlackBerry Desktop Software 7.1
"{C31E0F2C-FB0F-552D-C864-138726D5C19A}" = CCC Help English
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" = SeAArcuh-NewTaB
"{CA886961-382C-8282-AD77-0AB1659FE40D}" = Catalyst Control Center Graphics Previews Common
"{CDD2DDE1-30BB-05D8-BBCE-433F54531F78}" = ccc-core-static
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D48B6973-9CC4-DFC3-3696-1BA76796C1F3}" = CCC Help Dutch
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{DBF0A096-6EE7-488E-8C04-2536C7B3F120}" = Dell Touch Zone
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0D32964-37E5-8405-1AF0-D31F1120B9AE}" = CCC Help Russian
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" = Babylon Chrome Toolbar
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F278E7E7-89AE-0F98-DEBF-DB0C5AF4971B}" = CCC Help Japanese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = TornTV
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Internet Security
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"DefaultTab" = DefaultTab
"delta" = Delta toolbar
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"Diary Defender" = Diary Defender
"Diner Dash 5 - BOOM1.0" = Diner Dash 5 - BOOM
"Diner Dash Flo Through Time1.2" = Diner Dash Flo Through Time
"Diner Dash1.0 (Cracked By CoffeeMan)" = Diner Dash
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"InstallShield_{1B63EC30-5A9F-449D-BBCA-8DA4214FBFA9}" = O2Micro Flash Memory Card Windows Driver
"ividi" = Unitech LLC toolbar
"Mozilla Thunderbird 24.0 (x86 en-US)" = Mozilla Thunderbird 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PotPlayer" = Daum PotPlayer 1.5.35238
"RealPlayer 16.0" = RealPlayer
"SP_0beb79c1" = WxDownload 1.74
"SP_4e24eecb" = Search Assistant WebSearch 1.74
"SP_e14dcdfa" = ContinueToSave 1.74
"SupermarketMania" = SupermarketMania (remove only)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.7
"Wedding Dash 2" = Wedding Dash 2
"Wedding Dash 4 Ever 1.00" = Wedding Dash 4 Ever 1.00
"Wedding Dash Ready, Aim, Love D-Reamz.com" = Wedding Dash Ready, Aim, Love D-Reamz.com
"WeddingSalon" = Wedding Salon (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip
"WNLT" = IB Updater Service

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{ADE47254-EF23-4129-A262-85309F187B71}" = Search.us.com
"Comical_is1" = Comical 0.8
"Dropbox" = Dropbox
"f031ef6ac137efc5" = Dell Driver Download Manager
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2013/10/28 01:00:53 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7285

Error - 2013/10/28 01:00:53 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7285

Error - 2013/10/28 01:00:54 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2013/10/28 01:00:54 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8283

Error - 2013/10/28 01:00:54 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8283

Error - 2013/10/28 01:00:55 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2013/10/28 01:00:55 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9297

Error - 2013/10/28 01:00:55 PM | Computer Name = user-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9297

Error - 2013/10/29 07:17:41 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x5252e730 Faulting module name: DefaultTabSearch.exe, version: 0.0.0.0,
time stamp: 0x5252e730 Exception code: 0xc0000005 Fault offset: 0x00002c60 Faulting
process id: 0x948 Faulting application start time: 0x01ced49871c6d42d Faulting application
path: C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Faulting module path:
C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe Report Id: b99d5da1-408b-11e3-960b-0026b9b5e557

Error - 2013/10/29 08:13:49 AM | Computer Name = user-PC | Source = MsiInstaller | ID = 10005
Description =

[ Broadcom Wireless LAN Events ]
Error - 2013/09/27 07:40:23 PM | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 01:40:21, Sat, Sep 28, 13 Error - Unable to gain access to user store


[ Media Center Events ]
Error - 2013/04/06 12:02:58 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 06:02:53 PM - Error connecting to the internet. 06:02:53 PM - Unable
to contact server..

Error - 2013/04/07 04:58:32 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 10:58:32 AM - Error connecting to the internet. 10:58:32 AM - Unable
to contact server..

Error - 2013/04/07 04:58:44 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 10:58:38 AM - Error connecting to the internet. 10:58:38 AM - Unable
to contact server..

Error - 2013/04/08 05:33:05 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 11:33:05 AM - Error connecting to the internet. 11:33:05 AM - Unable
to contact server..

Error - 2013/04/08 05:33:20 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 11:33:10 AM - Error connecting to the internet. 11:33:10 AM - Unable
to contact server..

Error - 2013/04/09 03:47:13 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 09:47:13 AM - Error connecting to the internet. 09:47:13 AM - Unable
to contact server..

Error - 2013/04/09 03:47:27 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 09:47:19 AM - Error connecting to the internet. 09:47:19 AM - Unable
to contact server..

Error - 2013/04/15 03:49:49 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 09:49:49 AM - Error connecting to the internet. 09:49:49 AM - Unable
to contact server..

Error - 2013/04/15 03:50:05 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 09:49:54 AM - Error connecting to the internet. 09:49:54 AM - Unable
to contact server..

Error - 2013/04/16 04:50:22 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = 10:50:16 AM - Error connecting to the internet. 10:50:16 AM - Unable
to contact server..

[ System Events ]
Error - 2013/10/29 01:38:04 AM | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = The name "USER-PC :20" could not be registered on the interface
with IP address 192.168.1.103. The computer with the IP address 192.168.1.106 did
not allow the name to be claimed by this computer.

Error - 2013/10/29 01:38:04 AM | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = The name "USER-PC :0" could not be registered on the interface
with IP address 192.168.1.103. The computer with the IP address 192.168.1.106 did
not allow the name to be claimed by this computer.

Error - 2013/10/29 02:13:13 AM | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = The name "USER-PC :0" could not be registered on the interface
with IP address 192.168.1.103. The computer with the IP address 192.168.1.106 did
not allow the name to be claimed by this computer.

Error - 2013/10/29 05:17:01 AM | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = The name "USER-PC :0" could not be registered on the interface
with IP address 192.168.1.103. The computer with the IP address 192.168.1.106 did
not allow the name to be claimed by this computer.

Error - 2013/10/29 05:24:10 AM | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = The name "USER-PC :0" could not be registered on the interface
with IP address 192.168.1.103. The computer with the IP address 192.168.1.106 did
not allow the name to be claimed by this computer.

Error - 2013/10/29 05:44:17 AM | Computer Name = user-PC | Source = NetBT | ID = 4321
Description = The name "USER-PC :0" could not be registered on the interface
with IP address 192.168.1.103. The computer with the IP address 192.168.1.106 did
not allow the name to be claimed by this computer.

Error - 2013/10/29 07:17:19 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 2013/10/29 07:17:25 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 2013/10/29 07:17:30 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 2013/10/29 07:18:08 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7034
Description = The DefaultTabSearch service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

#4
23red
Posted 29 October 2013 - 09:55 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi :)
Thank you for the extras.txt :thumbsup: I've some checking to do, will post back soon as I can.
  • 0

#5
23red
Posted 03 November 2013 - 09:48 AM

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi llseL :)

My sincere apologies for the delay. My time has been shorter than normal in previous days. :rolleyes:

First

P2P Warning

Going over your logs I noticed that you have µTorrent installed and cracked programs. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

1. Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

2. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

3. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

4. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start ~> Control Panel ~> Add/Remove Programs.

~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*

Second

The computer is infected with a backdoor Trojan.

Backdoor Trojans are software programs that give an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. Backdoor Trojan functionality allows unauthorized remote access to the infected computer while running in the background. A backdoor compromises system integrity by making changes to the system that allow it to be used by the attacker for malicious purposes unknown to the user.

If this computer is ever used for on-line banking, I suggest you do the following IMMEDIATELY:

•Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

•From a clean computer, change ALL your on-line passwords for email, for banks, financial accounts, PayPal, eBay, on-line companies, any on-line forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information. Please refrain from using this computer for online-banking/financial purpose until we give it all clear


~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*
~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*~*


If you choose to continue:

Step 1

You appear to have two antivirus applications installed.
Only one antivirus should be on a computer, more than one will cause problems.
Let me know which you uninstall, we'll run the removal tool to make sure it's completely gone.

Avast
McAfee

Please uninstall one via Start ~> Control Panel ~> Programs and Features
While you're in there, keep an eye out for and also uninstall these programs (if found) that are junkware:

Babylon Chrome Toolbar
TornTV
DefaultTab
Delta toolbar
Delta Chrome Toolbar
Unitech LLC toolbar
WxDownload 1.74
Search Assistant WebSearch 1.74
ContinueToSave 1.74
SupermarketMania
IB Updater Service
Search.us.com

and the following Optional Removals


Diner Dash1.0 (Cracked By CoffeeMan)
uTorrent


Step 2

Uninstall Chrome extensions.

1. Launch your Google Chrome browser.

2. In the address bar type the following:

chrome:extensions

3. ChromeExtension list will appear.

4. Find there these not good extensions:

Babylon Toolbar extension.
BitTorrentControl_v12 Optional
Discount App
Delta Toolbar
SeAArcuh-NewTaB
Extension: saffe savve
StumbleUpon
DefaultTab
Chrome In-App Payments service
SweetPacks Chrome Extension
saffe savve

5. Click on the recycle bin icon near them to uninstall each.

6. Restart your browser.


Step 3

Run OTL

Please right click on Posted Image on your Desktop, and choose Run as Administrator, accept UAC prompts.

Under Posted Image in the textbox at the bottom, please paste in the following:

:Commands
[CreateRestorePoint]
:OTL
PRC - File not found --
PRC - [2013/10/15 11:05:34 | 000,410,416 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013/03/15 15:18:26 | 000,107,520 | ---- | M] () -- C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
SRV:64bit: - [2013/10/15 11:05:30 | 001,754,928 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV - [2013/10/07 18:54:08 | 000,573,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/03/15 15:18:26 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pur...008&lg=EN&cc=ZA
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur...008&lg=EN&cc=ZA
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...E-0026B9B5E557}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchr...om/?c=3513&t=07
IE - HKCU\..\SearchScopes,DefaultScope = {2F005745-2BDC-4FB3-BA31-F4D74038F813}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...3_ctrl&tsp=4951
IE - HKCU\..\SearchScopes\{2F005745-2BDC-4FB3-BA31-F4D74038F813}: "URL" = http://search.ividi....&affilt=3&r=614
IE - HKCU\..\SearchScopes\{516BD968-3DAF-45BA-90C8-BF07FF15C348}: "URL" = http://search.condui...5522053166&UM=1
IE - HKCU\..\SearchScopes\{AF228AE0-9183-47B6-A02F-DD9052D6924F}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pur...008&lg=EN&cc=ZA
IE - HKCU\..\SearchScopes\{EABC546B-9CC1-442B-9FB5-6AFAEC4414AB}: "URL" = http://search.sweeti...E-0026B9B5E557}
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\user\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll (Search.Us.com)
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\user\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll (Search.Us.com)
[2013/03/15 15:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\0\extensions
[2013/03/15 15:02:32 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\0\extensions\[email protected]
CHR - homepage: http://www.sweetpack....?barid=&src=10
CHR - plugin: npAPI Plugin (Disabled) = C:\Users\user\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll
CHR - plugin: npAPI Ghost Plugin (Disabled) = C:\Users\user\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll
CHR - Extension: Babylon Toolbar = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: Discount App = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebecfccgbkpeokcdilobdffbkkibjdgh\1.0.0.1_0\
CHR - Extension: Delta Toolbar = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.1_0\
CHR - Extension: SeAArcuh-NewTaB = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaniefbalkpcpmenlphenpinpdipbca\1\
CHR - Extension: saffe savve = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmonibglblhdpdpekconfbiefgdgglgj\1\
CHR - Extension: SeAArcuh-NewTaB = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpaniefbalkpcpmenlphenpinpdipbca\1\
CHR - Extension: saffe savve = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmonibglblhdpdpekconfbiefgdgglgj\1\
CHR - Extension: Torntv = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf\1.1_0\
CHR - Extension: StumbleUpon = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.9.19.1_0\
CHR - Extension: DefaultTab = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.29_0\
CHR - Extension: SeAArcuh-NewTaB = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiniocdpjkcdkciinlhmejcblohdldnc\1\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
CHR - Extension: saffe savve = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pahpeadnfncopdppoelifoccmgohkjao\1\
O2 - BHO: (Groove GFS Browser Helper) - {390C7E87-153C-12DB-2EA6-0BB301EB26E9} - C:\Windows\SysWOW64\dhcpcsvcc6.dll ()
O2 - BHO: (saffe savve) - {3C523068-8BE6-04F8-0FE2-774405EF900A} - C:\ProgramData\saffe savve\51ecf5f371092.dll File not found
O2 - BHO: (wxDownload) - {3FBFEDF7-354D-9C26-96F3-4EB0559206F8} - C:\ProgramData\wxDownload\51056ec77b9a9.dll ()
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (ividi Helper Object) - {8B8B2E80-1444-451D-AC8E-EB9A847F3887} - C:\Program Files (x86)\Unitech LLC\ividi\1.8.23.0\bh\ividi.dll (Unitech LLC)
O2 - BHO: (SeAArcuh-NewTaB) - {8BB64FC3-8B04-CF3A-57E5-55E885ED4D75} - C:\ProgramData\SeAArcuh-NewTaB\51ecf9346051f.dll File not found
O2 - BHO: (Discount App BHO ) - {9A725C93-BD12-4901-ACFB-887FB5CF3475} - C:\Program Files (x86)\DiscountApp\1.0.0.1\Extension.dll (Discount App)
O2 - BHO: (SeAArcuh-NewTaB) - {9C24F966-6BF6-974D-5D1F-1D1A8EC6A576} - C:\ProgramData\SeAArcuh-NewTaB\51ecf66958ca3.dll File not found
O2 - BHO: (wxDownload) - {AEA57908-4CAB-A394-9841-DA701A452380} - C:\ProgramData\wxDownload\5101a5b5f2249.dll ()
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Discount App ) - {F5AED250-DDA0-483F-B941-AAB3297E1FE8} - C:\Program Files (x86)\DiscountApp\1.0.0.1\Extension.dll (Discount App)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Discount App ) - {F5AED250-DDA0-483F-B941-AAB3297E1FE8} - C:\Program Files (x86)\DiscountApp\1.0.0.1\Extension.dll (Discount App)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe File not found
O33 - MountPoints2\{010931d0-c2be-11e1-81a3-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{010931d0-c2be-11e1-81a3-0026b9b5e557}\Shell\AutoRun\command - "" = E:\Setup.exe /Auto
O33 - MountPoints2\{41b0a1ad-a7f2-11e1-8cdc-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{41b0a1ad-a7f2-11e1-8cdc-0026b9b5e557}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{73854d88-7608-11e2-a4bd-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{73854d88-7608-11e2-a4bd-0026b9b5e557}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ba03a3cf-7f46-11e1-b049-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{ba03a3cf-7f46-11e1-b049-0026b9b5e557}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{d261bee1-1792-11e3-845a-0026b9b5e557}\Shell - "" = AutoRun
O33 - MountPoints2\{d261bee1-1792-11e3-845a-0026b9b5e557}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
[2013/10/21 08:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ljkb
[2013/10/08 15:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiscountApp
[2013/10/02 11:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unitech LLC
[2013/10/02 11:58:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Unitech LLC
[2013/10/29 10:12:15 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\At1.job
[2013/03/01 17:25:41 | 000,114,176 | ---- | C] () -- C:\Users\user\AppData\Roaming\BabMaint.exe
[2009/07/14 03:43:10 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\@
[2013/07/22 14:30:58 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\L
[2013/10/14 13:29:21 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\U
[2013/08/27 09:53:56 | 000,000,804 | ---- | M] () -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\L\00000004.@
[2013/07/22 12:12:45 | 000,001,024 | ---- | M] () -- C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}\U\00000008.@
[2013/01/24 22:57:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BabSolution
[2013/01/24 22:57:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
[2013/03/15 15:18:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DefaultTab
[2013/03/15 15:03:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Delta
[2013/10/02 11:58:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unitech LLC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E5DE9C8F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:33384BC0
:Files
C:\Windows\SysNative\dmwu.exe
C:\Program Files (x86)\DefaultTab
C:\Windows\SysWOW64\jmdp
C:\Users\user\AppData\Roaming\DefaultTab
C:\Windows\Installer\{1dc2499d-255f-ed35-5f7b-c1194bed8831}
ipconfig /flushdns /c
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" =-
"{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}" =-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{ADE47254-EF23-4129-A262-85309F187B71}" =-
:Commands
[purity]
[resethosts]







* Then click the Posted Image button at the top
* Let the program run unhindered, reboot the PC when it is done
* Please post that log when you return.

One More TIme!

Step 4

Fresh OTL Log:

• Please right click on Posted Image on your Desktop and Run as Administrator, then accept UAC prompts to start the program.

• Please make sure the following boxes are checked:

• Scan All Users

• LOP Check

• Purity Check

• In the Extra Registry box select Use Safe List

• Under Posted Image in the textbox at the bottom, please paste in the following:


netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
[CREATERESTORPOINT]







•Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.

•When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

•Please copy (Edit ~> Select All, Edit ~> Copy) the logs it produces in your next reply.


When you return please:
OTL fix.txt
Fresh OTL log
Please let me know how the Uninstalls went and how your computer is running after.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP