Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MyPC BackUp pop-ups [Closed]


  • This topic is locked This topic is locked

#1
BG Runner

BG Runner

    Member

  • Member
  • PipPip
  • 60 posts
I have been getting annoying unwanted pop-ups on start-up and accessing certain websites. These all relate to arranging PC back-ups. I have noticed a desktop shortcut icon called MyPC Backup which I have not made. Also the laptop is generally much slower than usual. Running Malware Antimalware has not cured the problem. Any advice would be appreciated. Thanks.
My OTL log is:

OTL logfile created on: 11/11/2013 21:36:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julie\Desktop\Geeks
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.62% Memory free
4.22 Gb Paging File | 2.37 Gb Available in Paging File | 56.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 119.86 Gb Free Space | 54.41% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.85 Gb Free Space | 48.45% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JULIE-PC | User Name: Julie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/11 21:35:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Desktop\Geeks\OTL.exe
PRC - [2013/11/11 17:07:13 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/11/11 17:07:12 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
PRC - [2013/11/11 17:07:11 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
PRC - [2013/10/16 18:07:48 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/10/16 18:07:39 | 001,673,680 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/10/11 09:34:21 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files\Whilokii\bin\utilWhilokii.exe
PRC - [2013/10/09 18:48:01 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013/10/05 01:05:26 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files\Whilokii\updateWhilokii.exe
PRC - [2013/09/19 22:45:18 | 001,953,320 | ---- | M] (MyPCBackup.com) -- C:\Program Files\MyPC Backup\MyPC Backup.exe
PRC - [2013/09/19 22:45:18 | 000,038,440 | ---- | M] (Just Develop It) -- C:\Program Files\MyPC Backup\BackupStack.exe
PRC - [2013/09/10 22:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 22:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/10 10:12:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/01 03:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/07/25 08:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/07/25 08:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/07/30 05:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2010/06/24 13:00:14 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/24 18:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/11 17:07:15 | 000,142,360 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
MOD - [2013/11/11 17:07:14 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
MOD - [2013/11/11 17:07:13 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/10/11 10:50:56 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/11 10:49:13 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/09/19 22:37:30 | 000,012,288 | ---- | M] () -- C:\Program Files\MyPC Backup\GetText.dll
MOD - [2013/09/19 22:32:28 | 000,904,704 | ---- | M] () -- C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
MOD - [2013/08/18 14:10:47 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/18 14:10:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 14:10:35 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e0ade6fc2bcb5fbd4c8978bf92784a3\System.Transactions.ni.dll
MOD - [2013/08/18 14:10:33 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.ni.dll
MOD - [2013/08/18 14:08:23 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/18 14:07:52 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/18 14:07:30 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/18 14:06:40 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/08/06 07:39:21 | 000,996,080 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\57595\RapportMS.dll
MOD - [2013/07/14 15:21:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/03/30 04:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 04:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/12/08 14:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - [2013/11/11 17:07:12 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - [2013/10/16 18:07:48 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/10/11 09:34:21 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files\Whilokii\bin\utilWhilokii.exe -- (Util Whilokii)
SRV - [2013/10/09 18:49:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/05 01:05:26 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files\Whilokii\updateWhilokii.exe -- (Update Whilokii)
SRV - [2013/09/19 22:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/09/10 22:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/10 10:12:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/25 08:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/07/25 08:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/30 05:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2010/06/24 13:00:14 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2013/11/11 17:07:15 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 22:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 22:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 22:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/21 00:14:53 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2012/11/12 04:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/10 10:12:47 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/09/10 10:12:46 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/09/01 08:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/30 05:51:50 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/06/24 13:00:14 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...fr&d=2011-12-12 11:45:39&v=15.2.0.5&pid=avg&sg=0&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 04 31 3C 87 80 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol...125035&tsp=5030
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 11:45:39&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{B96EC0DD-4441-4379-AC72-376FF4E882B1}: "URL" = http://websearch.ask...CC-636199E00A92
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1 [2013/11/11 17:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/10 20:32:08 | 000,000,000 | ---D | M]

[2013/10/09 22:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: SearchGol (Enabled)
CHR - default_search_provider: search_url = http://www.searchgol...125035&tsp=5030
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Ask Toolbar = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\25.60699_0\
CHR - Extension: SparkleBox = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjigkifooejljidiapmgeaoeglmgonll\10.22.0.588_0\
CHR - Extension: SparkleBox = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjigkifooejljidiapmgeaoeglmgonll\10.22.0.588_0\nativeMessaging\nmHost
CHR - Extension: Whilokii = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_1\
CHR - Extension: Wajam = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_1\
CHR - Extension: AVG Secure Search = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.2.1_0\
CHR - Extension: Google Wallet = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} https://vpn.nhsstock...ies/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://vpn.nhsstock...COL /cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn.nhsstock...COL /cscopf.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC9E4B55-386C-45D6-B435-F6D7CC00619B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/07 23:31:07 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\emma and james_files
[2013/10/25 13:08:37 | 000,000,000 | -HSD | C] -- C:\found.013
[2013/10/17 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\Sport, Culture & Media - Rowe, David - Google Books_files
[2013/10/17 21:31:59 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\Sport, History, and Heritage Studies in Public Representation - Google Books_files
[2013/10/17 20:23:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2013/11/11 21:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/11 21:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/11 20:23:51 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 20:23:51 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 19:40:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/11 19:40:39 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/11/11 19:39:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/11 18:23:37 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/11 17:15:23 | 143,144,488 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/11/11 17:07:15 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/11/10 19:08:42 | 000,454,430 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013/11/08 13:44:19 | 006,622,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/08 13:44:17 | 003,228,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/07 23:31:07 | 000,554,733 | ---- | M] () -- C:\Users\Julie\Documents\emma and james.htm
[2013/10/25 17:40:57 | 241,880,094 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/24 19:30:52 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/21 21:46:07 | 000,161,296 | ---- | M] () -- C:\Users\Julie\Documents\celtic.pdf
[2013/10/17 22:30:40 | 000,138,428 | ---- | M] () -- C:\Users\Julie\Documents\Sport, Culture & Media - Rowe, David - Google Books.htm
[2013/10/17 21:31:59 | 000,167,482 | ---- | M] () -- C:\Users\Julie\Documents\Sport, History, and Heritage Studies in Public Representation - Google Books.htm
[2013/10/14 22:13:38 | 000,055,720 | ---- | M] () -- C:\Users\Julie\Documents\football governance.pdf
[2013/10/13 11:14:12 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2013/11/07 23:31:04 | 000,554,733 | ---- | C] () -- C:\Users\Julie\Documents\emma and james.htm
[2013/10/25 17:40:57 | 241,880,094 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/10/21 21:46:06 | 000,161,296 | ---- | C] () -- C:\Users\Julie\Documents\celtic.pdf
[2013/10/17 22:30:40 | 000,138,428 | ---- | C] () -- C:\Users\Julie\Documents\Sport, Culture & Media - Rowe, David - Google Books.htm
[2013/10/17 21:31:58 | 000,167,482 | ---- | C] () -- C:\Users\Julie\Documents\Sport, History, and Heritage Studies in Public Representation - Google Books.htm
[2013/10/14 22:13:37 | 000,055,720 | ---- | C] () -- C:\Users\Julie\Documents\football governance.pdf
[2013/10/12 14:24:54 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/10/09 22:30:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2011/11/12 22:01:51 | 000,000,000 | ---- | C] () -- C:\Users\Julie\AppData\Local\{32E91E92-7276-4F47-922E-B981E8B6271D}
[2011/10/26 12:27:21 | 000,000,000 | ---- | C] () -- C:\Users\Julie\AppData\Local\{518E4141-3390-48BB-BF84-3F0C6B4ABBA1}
[2011/09/19 21:46:59 | 000,000,000 | ---- | C] () -- C:\Users\Julie\AppData\Local\{BBB2E6C0-188E-405D-9D4D-A8DEABADA71A}
[2011/05/16 11:01:36 | 000,198,421 | ---- | C] () -- C:\Users\Julie\AQA-3701-2H-W-QP-NOV09.pdf
[2010/10/04 07:58:01 | 000,005,989 | ---- | C] () -- C:\Users\Julie\Session 4 Identifying Verbs.notebook
[2010/10/04 07:57:41 | 000,012,405 | ---- | C] () -- C:\Users\Julie\Session 3 Baking Bread Instructions.notebook
[2010/07/01 19:09:25 | 000,000,798 | ---- | C] () -- C:\Users\Julie\AppData\Local\Images.fl
[2010/03/25 20:45:05 | 000,000,370 | ---- | C] () -- C:\Users\Julie\Pictures - Shortcut.lnk
[2010/02/15 13:01:35 | 000,005,632 | ---- | C] () -- C:\Users\Julie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 20:00:19 | 000,000,680 | ---- | C] () -- C:\Users\Julie\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/09 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2010/10/14 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\AVG10
[2011/02/06 16:26:48 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Cisco
[2010/06/25 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\GetRightToGo
[2010/04/12 07:16:19 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\licenses
[2010/04/12 07:16:12 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\PCMM2010
[2011/02/03 21:16:35 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Samsung
[2013/10/09 22:31:41 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\searchgol
[2013/10/13 12:06:55 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Systweak
[2010/01/19 22:44:28 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\TMP
[2013/06/17 19:39:10 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\VSO
[2010/06/25 22:10:38 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Xilisoft

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello BG Runner :welcome:

My name is Nutloaf, and I will be helping you with Malware Removal.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

Please read all instructions and fixes thoroughly.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode and access to the GeeksToGo website will be unavailable.
  • Any fixes provided by myself are for this log file only and cannot be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened if you still require assitance.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.

Finally before we start:

Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders.




Let's begin :)

I need you to run OTL again with the instructions below. This will produce 2 log files, OTL.txt and Extras.txt I need both.

Follow in the order given

1. OTL Custom Scan

  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Include 64bit Scans - If present.
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

2. aswMBR

  • Using this link download aswMBR.exe to your desktop.
  • Right click aswMBR.exe and Run as Administrator select No for AVAST virus definitions.
  • Click the Scan button to start.
  • When the scan ends click Save Log and save it to your desktop
  • Post this log in your next reply

3. Run ADWcleaner

  • Using this link Download ADWcleaner and save to Desktop.
  • Right click ADWcleaner and Run as Administrator then select Scan
  • When the search is complete click Report. Please post this report in your next reply.

4. Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I want to see in your next post.

  • OTL.txt
  • Extras.txt
  • aswMBR log
  • ADWcleaner log
  • checkup.txt

  • 0

#3
BG Runner

BG Runner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
OTL logfile created on: 11/11/2013 23:24:15 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julie\Desktop\Geeks
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.10% Memory free
4.22 Gb Paging File | 2.05 Gb Available in Paging File | 48.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 119.85 Gb Free Space | 54.41% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.85 Gb Free Space | 48.45% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JULIE-PC | User Name: Julie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/11 21:35:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Julie\Desktop\Geeks\OTL.exe
PRC - [2013/11/11 17:07:13 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/11/11 17:07:12 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
PRC - [2013/11/11 17:07:11 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
PRC - [2013/10/16 18:07:48 | 000,166,352 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/10/16 18:07:39 | 001,673,680 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/10/11 09:34:21 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files\Whilokii\bin\utilWhilokii.exe
PRC - [2013/10/09 00:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/05 01:05:26 | 000,065,304 | ---- | M] (Whilokii) -- C:\Program Files\Whilokii\updateWhilokii.exe
PRC - [2013/09/19 22:45:18 | 001,953,320 | ---- | M] (MyPCBackup.com) -- C:\Program Files\MyPC Backup\MyPC Backup.exe
PRC - [2013/09/19 22:45:18 | 000,038,440 | ---- | M] (Just Develop It) -- C:\Program Files\MyPC Backup\BackupStack.exe
PRC - [2013/09/10 22:18:16 | 002,476,312 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/09/10 22:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/10 10:12:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/01 03:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/07/25 08:46:44 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/07/25 08:46:42 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/07/30 05:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2010/06/24 13:00:14 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/13 15:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
PRC - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/24 18:02:42 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/11 17:07:15 | 000,142,360 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
MOD - [2013/11/11 17:07:14 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
MOD - [2013/11/11 17:07:13 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/10/11 10:50:56 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/11 10:49:13 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/10/09 00:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/09 00:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/09 00:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/09 00:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/09/19 22:37:30 | 000,012,288 | ---- | M] () -- C:\Program Files\MyPC Backup\GetText.dll
MOD - [2013/09/19 22:32:28 | 000,904,704 | ---- | M] () -- C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
MOD - [2013/08/18 14:10:47 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/18 14:10:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 14:10:35 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\9e0ade6fc2bcb5fbd4c8978bf92784a3\System.Transactions.ni.dll
MOD - [2013/08/18 14:10:33 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5ba1ebef462c4f9cb1a8fe05c0419d0e\System.EnterpriseServices.ni.dll
MOD - [2013/08/18 14:08:23 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/18 14:07:52 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/18 14:07:30 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/18 14:06:40 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/08/06 07:39:21 | 000,996,080 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\57595\RapportMS.dll
MOD - [2013/07/14 15:21:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2009/03/30 04:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 04:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2007/12/08 14:34:10 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - [2013/11/11 17:07:12 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - [2013/10/16 18:07:48 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/10/11 09:34:21 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files\Whilokii\bin\utilWhilokii.exe -- (Util Whilokii)
SRV - [2013/10/09 18:49:03 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/05 01:05:26 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files\Whilokii\updateWhilokii.exe -- (Update Whilokii)
SRV - [2013/09/19 22:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/09/10 22:18:16 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/05/10 07:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/10 10:12:51 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/25 08:46:44 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/07/25 08:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/30 05:51:50 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2010/06/24 13:00:14 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 15:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 15:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/07/24 18:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - [2013/11/11 17:07:15 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 22:18:28 | 000,222,416 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/09/10 22:18:28 | 000,148,688 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/09/10 22:18:28 | 000,097,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/08/21 00:14:53 | 000,330,960 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_56758.sys -- (RapportCerberus_56758)
DRV - [2012/11/12 04:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/10 10:12:47 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2012/09/10 10:12:46 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/05/27 18:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/09/01 08:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/07/30 05:51:50 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010/06/24 13:00:14 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007/09/13 15:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/06 23:21:32 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...fr&d=2011-12-12 11:45:39&v=15.2.0.5&pid=avg&sg=0&sap=hp
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 04 31 3C 87 80 CD 01 [binary data]
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol...125035&tsp=5030
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 11:45:39&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\SearchScopes\{B96EC0DD-4441-4379-AC72-376FF4E882B1}: "URL" = http://websearch.ask...CC-636199E00A92
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1 [2013/11/11 17:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/10 20:32:08 | 000,000,000 | ---D | M]

[2013/10/09 22:31:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: SearchGol (Enabled)
CHR - default_search_provider: search_url = http://www.searchgol...125035&tsp=5030
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Ask Toolbar = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\25.60699_0\
CHR - Extension: SparkleBox = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjigkifooejljidiapmgeaoeglmgonll\10.22.0.588_0\
CHR - Extension: SparkleBox = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjigkifooejljidiapmgeaoeglmgonll\10.22.0.588_0\nativeMessaging\nmHost
CHR - Extension: Whilokii = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaimhpklononapfjngelgdokckfjekfc\1.0.0_0\
CHR - Extension: AVG Safe Search = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_1\
CHR - Extension: Wajam = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_1\
CHR - Extension: AVG Secure Search = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.2.1_0\
CHR - Extension: Google Wallet = C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {705EC6D4-B138-4079-A307-EF13E4889A82} https://vpn.nhsstock...ies/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius....tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B8E73359-3422-4384-8D27-4EA1B4C01232} https://vpn.nhsstock...COL /cscopf.cab (CISCO Portforwarder Control)
O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn.nhsstock...COL /cscopf.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC9E4B55-386C-45D6-B435-F6D7CC00619B}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/07 23:31:07 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\emma and james_files
[2013/10/25 13:08:37 | 000,000,000 | -HSD | C] -- C:\found.013
[2013/10/17 22:30:40 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\Sport, Culture & Media - Rowe, David - Google Books_files
[2013/10/17 21:31:59 | 000,000,000 | ---D | C] -- C:\Users\Julie\Documents\Sport, History, and Heritage Studies in Public Representation - Google Books_files
[2013/10/17 20:23:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2013/11/11 23:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/11 23:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/11 22:23:52 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 22:23:52 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/11 19:40:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/11 19:40:39 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/11/11 19:39:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/11 18:23:37 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/11 17:15:23 | 143,144,488 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/11/11 17:07:15 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/11/10 19:08:42 | 000,454,430 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013/11/08 13:44:19 | 006,622,682 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/08 13:44:17 | 003,228,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/07 23:31:07 | 000,554,733 | ---- | M] () -- C:\Users\Julie\Documents\emma and james.htm
[2013/10/25 17:40:57 | 241,880,094 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/24 19:30:52 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/21 21:46:07 | 000,161,296 | ---- | M] () -- C:\Users\Julie\Documents\celtic.pdf
[2013/10/17 22:30:40 | 000,138,428 | ---- | M] () -- C:\Users\Julie\Documents\Sport, Culture & Media - Rowe, David - Google Books.htm
[2013/10/17 21:31:59 | 000,167,482 | ---- | M] () -- C:\Users\Julie\Documents\Sport, History, and Heritage Studies in Public Representation - Google Books.htm
[2013/10/14 22:13:38 | 000,055,720 | ---- | M] () -- C:\Users\Julie\Documents\football governance.pdf
[2013/10/13 11:14:12 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2013/11/07 23:31:04 | 000,554,733 | ---- | C] () -- C:\Users\Julie\Documents\emma and james.htm
[2013/10/25 17:40:57 | 241,880,094 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/10/21 21:46:06 | 000,161,296 | ---- | C] () -- C:\Users\Julie\Documents\celtic.pdf
[2013/10/17 22:30:40 | 000,138,428 | ---- | C] () -- C:\Users\Julie\Documents\Sport, Culture & Media - Rowe, David - Google Books.htm
[2013/10/17 21:31:58 | 000,167,482 | ---- | C] () -- C:\Users\Julie\Documents\Sport, History, and Heritage Studies in Public Representation - Google Books.htm
[2013/10/14 22:13:37 | 000,055,720 | ---- | C] () -- C:\Users\Julie\Documents\football governance.pdf
[2013/10/12 14:24:54 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/10/09 22:30:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2011/11/12 22:01:51 | 000,000,000 | ---- | C] () -- C:\Users\Julie\AppData\Local\{32E91E92-7276-4F47-922E-B981E8B6271D}
[2011/10/26 12:27:21 | 000,000,000 | ---- | C] () -- C:\Users\Julie\AppData\Local\{518E4141-3390-48BB-BF84-3F0C6B4ABBA1}
[2011/09/19 21:46:59 | 000,000,000 | ---- | C] () -- C:\Users\Julie\AppData\Local\{BBB2E6C0-188E-405D-9D4D-A8DEABADA71A}
[2011/05/16 11:01:36 | 000,198,421 | ---- | C] () -- C:\Users\Julie\AQA-3701-2H-W-QP-NOV09.pdf
[2010/10/04 07:58:01 | 000,005,989 | ---- | C] () -- C:\Users\Julie\Session 4 Identifying Verbs.notebook
[2010/10/04 07:57:41 | 000,012,405 | ---- | C] () -- C:\Users\Julie\Session 3 Baking Bread Instructions.notebook
[2010/07/01 19:09:25 | 000,000,798 | ---- | C] () -- C:\Users\Julie\AppData\Local\Images.fl
[2010/03/25 20:45:05 | 000,000,370 | ---- | C] () -- C:\Users\Julie\Pictures - Shortcut.lnk
[2010/02/15 13:01:35 | 000,005,632 | ---- | C] () -- C:\Users\Julie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/19 20:00:19 | 000,000,680 | ---- | C] () -- C:\Users\Julie\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/12 08:57:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/12 08:57:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/10/09 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
[2010/10/14 20:58:26 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\AVG10
[2011/02/06 16:26:48 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Cisco
[2010/06/25 22:06:44 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\GetRightToGo
[2010/04/12 07:16:19 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\licenses
[2010/04/12 07:16:12 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\PCMM2010
[2011/02/03 21:16:35 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Samsung
[2013/10/09 22:31:41 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\searchgol
[2013/10/13 12:06:55 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Systweak
[2010/01/19 22:44:28 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\TMP
[2013/06/17 19:39:10 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\VSO
[2010/06/25 22:10:38 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Xilisoft

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/30 03:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/10/28 02:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008/01/21 02:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\System32\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\System32\userinit.exe
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 02:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 02:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008/01/21 02:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 628E-60E5
Directory of C:\
02/11/2006 13:02 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 13:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 13:02 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 13:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:02 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:02 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:02 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:02 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:02 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:02 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Julie
19/01/2010 20:00 <JUNCTION> Application Data [C:\Users\Julie\AppData\Roaming]
19/01/2010 20:00 <JUNCTION> Cookies [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies]
19/01/2010 20:00 <JUNCTION> Local Settings [C:\Users\Julie\AppData\Local]
19/01/2010 20:00 <JUNCTION> My Documents [C:\Users\Julie\Documents]
19/01/2010 20:00 <JUNCTION> NetHood [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
19/01/2010 20:00 <JUNCTION> PrintHood [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
19/01/2010 20:00 <JUNCTION> Recent [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Recent]
19/01/2010 20:00 <JUNCTION> SendTo [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\SendTo]
19/01/2010 20:00 <JUNCTION> Start Menu [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu]
19/01/2010 20:00 <JUNCTION> Templates [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Julie\AppData\Local
19/01/2010 20:00 <JUNCTION> Application Data [C:\Users\Julie\AppData\Local]
19/01/2010 20:00 <JUNCTION> History [C:\Users\Julie\AppData\Local\Microsoft\Windows\History]
19/01/2010 20:00 <JUNCTION> Temporary Internet Files [C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Julie\Documents
19/01/2010 20:00 <JUNCTION> My Music [C:\Users\Julie\Music]
19/01/2010 20:00 <JUNCTION> My Pictures [C:\Users\Julie\Pictures]
19/01/2010 20:00 <JUNCTION> My Videos [C:\Users\Julie\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
19/01/2010 23:26 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
19/01/2010 23:26 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
19/01/2010 23:26 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
19/01/2010 23:26 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
19/01/2010 23:26 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old
27/11/2008 20:28 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings
02/11/2006 13:02 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\All Users
02/11/2006 13:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:02 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:02 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:02 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:02 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:02 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\AppData\Local
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:02 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Default\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Julie
19/01/2010 20:00 <JUNCTION> Application Data [C:\Users\Julie\AppData\Roaming]
19/01/2010 20:00 <JUNCTION> Cookies [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies]
19/01/2010 20:00 <JUNCTION> Local Settings [C:\Users\Julie\AppData\Local]
19/01/2010 20:00 <JUNCTION> My Documents [C:\Users\Julie\Documents]
19/01/2010 20:00 <JUNCTION> NetHood [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
19/01/2010 20:00 <JUNCTION> PrintHood [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
19/01/2010 20:00 <JUNCTION> Recent [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Recent]
19/01/2010 20:00 <JUNCTION> SendTo [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\SendTo]
19/01/2010 20:00 <JUNCTION> Start Menu [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu]
19/01/2010 20:00 <JUNCTION> Templates [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Julie\AppData\Local
19/01/2010 20:00 <JUNCTION> Application Data [C:\Users\Julie\AppData\Local]
19/01/2010 20:00 <JUNCTION> History [C:\Users\Julie\AppData\Local\Microsoft\Windows\History]
19/01/2010 20:00 <JUNCTION> Temporary Internet Files [C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Julie\Documents
19/01/2010 20:00 <JUNCTION> My Music [C:\Users\Julie\Music]
19/01/2010 20:00 <JUNCTION> My Pictures [C:\Users\Julie\Pictures]
19/01/2010 20:00 <JUNCTION> My Videos [C:\Users\Julie\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Documents and Settings\Public\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData
27/11/2008 20:28 <JUNCTION> Application Data [C:\ProgramData]
27/11/2008 20:28 <JUNCTION> Desktop [C:\Users\Public\Desktop]
27/11/2008 20:28 <JUNCTION> Documents [C:\Users\Public\Documents]
27/11/2008 20:28 <JUNCTION> Favorites [C:\Users\Public\Favorites]
27/11/2008 20:28 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
27/11/2008 20:28 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Application Data
02/11/2006 13:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\ProgramData\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users
27/11/2008 20:28 <SYMLINKD> All Users [C:\ProgramData]
27/11/2008 20:28 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\All Users
02/11/2006 13:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 13:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 13:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 13:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default
27/11/2008 20:28 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
27/11/2008 20:28 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
27/11/2008 20:28 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
27/11/2008 20:28 <JUNCTION> My Documents [C:\Users\Default\Documents]
27/11/2008 20:28 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/11/2008 20:28 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/11/2008 20:28 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
27/11/2008 20:28 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
27/11/2008 20:28 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
27/11/2008 20:28 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local
27/11/2008 20:28 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
27/11/2008 20:28 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
27/11/2008 20:28 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\AppData\Local\Application Data
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:02 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Documents
27/11/2008 20:28 <JUNCTION> My Music [C:\Users\Default\Music]
27/11/2008 20:28 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
27/11/2008 20:28 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\Local Settings
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:02 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default\My Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 13:02 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 13:02 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 13:02 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 13:02 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 13:02 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 13:02 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 13:02 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\AppData\Local
02/11/2006 13:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 13:02 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 13:02 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Default User\Documents
02/11/2006 13:02 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 13:02 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 13:02 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Julie
27/11/2008 20:32 <JUNCTION> Application Data [C:\Users\Julie\AppData\Roaming]
27/11/2008 20:32 <JUNCTION> Cookies [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Cookies]
27/11/2008 20:32 <JUNCTION> Local Settings [C:\Users\Julie\AppData\Local]
27/11/2008 20:32 <JUNCTION> My Documents [C:\Users\Julie\Documents]
27/11/2008 20:32 <JUNCTION> NetHood [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
27/11/2008 20:32 <JUNCTION> PrintHood [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
27/11/2008 20:32 <JUNCTION> Recent [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Recent]
27/11/2008 20:32 <JUNCTION> SendTo [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\SendTo]
27/11/2008 20:32 <JUNCTION> Start Menu [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu]
27/11/2008 20:32 <JUNCTION> Templates [C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Julie\AppData\Local
27/11/2008 20:32 <JUNCTION> Application Data [C:\Users\Julie\AppData\Local]
27/11/2008 20:32 <JUNCTION> History [C:\Users\Julie\AppData\Local\Microsoft\Windows\History]
27/11/2008 20:32 <JUNCTION> Temporary Internet Files [C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Julie\AppData\Local\Application Data
19/01/2010 20:00 <JUNCTION> Application Data [C:\Users\Julie\AppData\Local]
19/01/2010 20:00 <JUNCTION> History [C:\Users\Julie\AppData\Local\Microsoft\Windows\History]
19/01/2010 20:00 <JUNCTION> Temporary Internet Files [C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Julie\Documents
27/11/2008 20:32 <JUNCTION> My Music [C:\Users\Julie\Music]
27/11/2008 20:32 <JUNCTION> My Pictures [C:\Users\Julie\Pictures]
27/11/2008 20:32 <JUNCTION> My Videos [C:\Users\Julie\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Julie\Local Settings
19/01/2010 20:00 <JUNCTION> Application Data [C:\Users\Julie\AppData\Local]
19/01/2010 20:00 <JUNCTION> History [C:\Users\Julie\AppData\Local\Microsoft\Windows\History]
19/01/2010 20:00 <JUNCTION> Temporary Internet Files [C:\Users\Julie\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Julie\My Documents
19/01/2010 20:00 <JUNCTION> My Music [C:\Users\Julie\Music]
19/01/2010 20:00 <JUNCTION> My Pictures [C:\Users\Julie\Pictures]
19/01/2010 20:00 <JUNCTION> My Videos [C:\Users\Julie\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Users\Public\Documents
27/11/2008 20:28 <JUNCTION> My Music [C:\Users\Public\Music]
27/11/2008 20:28 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
27/11/2008 20:28 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\System32\config\systemprofile
20/11/2008 15:15 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
20/11/2008 15:15 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
20/11/2008 15:15 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local
20/11/2008 15:15 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
20/11/2008 15:15 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
20/11/2008 15:15 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\System32\config\systemprofile\AppData\Local\Application Data
19/01/2010 23:26 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
19/01/2010 23:26 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
19/01/2010 23:26 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows.old\Windows\System32\config\systemprofile\Local Settings
19/01/2010 23:26 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
19/01/2010 23:26 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
19/01/2010 23:26 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
200 Dir(s) 128,541,483,008 bytes free

< End of report >

OTL Extras logfile created on: 11/11/2013 23:24:15 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Julie\Desktop\Geeks
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.10% Memory free
4.22 Gb Paging File | 2.05 Gb Available in Paging File | 48.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 119.85 Gb Free Space | 54.41% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.85 Gb Free Space | 48.45% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: JULIE-PC | User Name: Julie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D062DC1-48E9-4E25-A743-725C66507ED6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2DBE9D9B-08C3-4316-80FA-4E01C2E65C78}" = rport=445 | protocol=6 | dir=out | app=system |
"{397FA5F9-0FB4-49C1-B2F2-4114585463A4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{52B3D892-6F96-4A81-87AD-016E582353BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B7A2EAA-DD64-4B7A-8191-E8FEE0F59679}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69E280FC-DFCA-4620-BF0D-B9E77564D050}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7B2C15F9-396F-4015-B8DD-A6CCB672F7B7}" = rport=138 | protocol=17 | dir=out | app=system |
"{830B6558-F490-4E30-A367-9B9D2924C8BC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9D569D38-E32B-40F0-BCF2-687DDC073B96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A260F5E5-107D-41B9-A911-80AE18896D4B}" = lport=445 | protocol=6 | dir=in | app=system |
"{A9B1A70F-DEAB-40C9-AAD3-03A9640D1A17}" = lport=138 | protocol=17 | dir=in | app=system |
"{AE042D6F-B36C-4FF5-99E7-47E4C0D38A86}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AED3904C-84E3-491A-8BDE-E30DB5B44288}" = rport=137 | protocol=17 | dir=out | app=system |
"{B2ECED14-5637-47B7-A336-3BDAA44EC8E6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3D63D64-625B-4D2B-811E-993604CC85EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C46F1C3B-2C58-4D8D-A00E-92A0BD2C2592}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D43DBFBA-CEE5-4E16-8535-54C40FE98E95}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDED07F7-7458-4E89-ACEF-DD804C43DA03}" = rport=139 | protocol=6 | dir=out | app=system |
"{E74C6E00-69CA-4758-9895-64B927EE791E}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F93C74-943A-4A05-827A-953F1EC2D5AC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0D8437E9-BE77-4C05-9C97-3AA30CD73949}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0E58F732-6F6D-45F2-AD08-F37F099E6566}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{11983C6A-AEB4-49DE-B33F-05A60B0187C1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{1239E043-FF49-4B56-AB32-E28D8F660257}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{12DCD094-B147-4A4B-9CC9-3E1E4615CAB0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{18672E67-2B69-4DAA-B5A0-DA244938D5F8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19C8BFD2-B84C-48F0-815F-DFC9BD9CAA5F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F23C6DE-BEE7-4DBF-AF46-038BB6E06CF3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{225B2692-2548-40A4-A9E5-362BFAFD996A}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2A324199-FBB0-49ED-9683-2CFDE7921539}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{2C9F47FB-A91B-4AA8-991E-9719C8BCEC71}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2FA6A48D-5F53-40C1-A08B-0FB6517EA00C}" = protocol=58 | dir=out | [email protected],-28546 |
"{30607618-54A3-412B-B408-12181BEB66ED}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{40D61C5D-AF3D-4447-858D-BACC073B7AD1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44F32126-62F0-4228-A9C9-8AA2E2905113}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{4EA5686A-E145-4463-B809-5DBA486C8BE2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5941B7E8-AA47-44FC-9CB4-FD57B2B26748}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{5E566F2F-0E9D-4B47-AE1F-76CF3F2EC12C}" = protocol=58 | dir=in | [email protected],-28545 |
"{6013778F-DF4C-44B2-8386-C5E949C46B2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{82A457E5-87F9-49FE-A95F-AFDDE9D30FDD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{8469B328-4B3D-41F8-887C-C7509573E13C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8C978D2C-ADE5-4EDF-8527-11754F34D9B9}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{8F12A04D-02F3-4E59-A5F7-9015B45A3210}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{92EAE00B-259C-47FF-BE0D-CC326F4DE5EB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{97C913E0-A4D5-4167-8AE6-3BBA41D585D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{99434582-F24F-4A64-908B-09C221322B0D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A355F8BD-564B-4F16-8C7C-C540B75FAAEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{A4BB05D1-E28B-4194-BE3F-7B3B0F465DA6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{AE595102-38C6-43D1-B520-AF3A67804247}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{B74262F7-2DF9-486A-AD07-8FFBE57B5492}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{C312C90D-5EEA-406D-8016-724367F92274}" = protocol=1 | dir=in | [email protected],-28543 |
"{C9AD7E1C-BB0A-466F-88A4-0EED2B1893DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{CB9FE1FE-8DC9-41CF-BE89-D4FD9E9BA8C3}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{D9D23260-C4F1-40CD-8E5B-2FB29C6BA998}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DCA65060-24AF-40A6-84ED-ED456353260B}" = protocol=1 | dir=out | [email protected],-28544 |
"{E3031F05-C157-445F-8C41-8BAD59F8A035}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{E4C2F2B1-9E1C-4F58-85C4-C1C233C19425}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{E7EF69C8-E670-4FB3-96F5-3E17E2BC9C2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{F7E29805-DA09-42D2-9A33-CFA76E286FDE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{F9ED1D4A-C256-438B-9762-6EAC3A5A79A9}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{FC06B5A0-DE33-46D0-A6FD-2FDE47A04C50}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{FE60B53F-7949-470D-A449-58CC75AEF111}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"TCP Query User{A0A73AD9-FDC8-44BC-8A6D-70F3B391A17B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F1E1C13B-3737-4E90-A641-5D3ADB5D28A3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{4F524A2D-5637-006A-76A7-A758B70C0600}" = Ask Toolbar
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{56504C77-8B9F-4EB2-B33B-C5B9F50B5D64}" = AVG 2011
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.0.36
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B486871-27EB-49A5-8832-77176E63333C}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0FE0292-D3BE-3447-80F2-72E032A54875}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C8FC7066-4457-4365-9BDF-4E439BF703C8}" = AVG 2011
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CAC5A4CF-0800-4D0B-9DD6-A5BC2708D6D7}" = AVG 2011
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2011
"AVG Secure Search" = AVG Security Toolbar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"MyPC Backup" = MyPC Backup
"PDF Creator" = PDF Creator
"Rapport_msi" = Trusteer Endpoint Protection
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"Shop for HP Supplies" = Shop for HP Supplies
"Whilokii" = Whilokii 1.0.0
"Xilisoft Video Converter Standard" = Xilisoft Video Converter Standard 6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PDF Writer Packages" = PDF Writer Packages
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2013 15:40:20 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 748040

Error - 11/11/2013 15:40:24 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/11/2013 15:40:24 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 751144

Error - 11/11/2013 15:40:24 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 751144

Error - 11/11/2013 15:40:39 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/11/2013 15:40:39 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 766791

Error - 11/11/2013 15:40:39 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 766791

Error - 11/11/2013 15:40:55 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/11/2013 15:40:55 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 782423

Error - 11/11/2013 15:40:55 | Computer Name = Julie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 782423

[ Broadcom Wireless LAN Events ]
Error - 16/10/2013 20:27:06 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 01:27:06, Thu, Oct 17, 13 Error - Unable to gain access to user store


Error - 21/10/2013 09:58:48 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 14:58:48, Mon, Oct 21, 13 Error - Unable to gain access to user store


Error - 25/10/2013 13:43:30 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 18:43:30, Fri, Oct 25, 13 Error - Unable to gain access to user store


Error - 25/10/2013 19:56:33 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 00:56:33, Sat, Oct 26, 13 Error - Unable to gain access to user store


Error - 29/10/2013 14:50:04 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 18:50:04, Tue, Oct 29, 13 Error - Unable to gain access to user store


Error - 31/10/2013 19:18:53 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 23:18:53, Thu, Oct 31, 13 Error - Unable to gain access to user store


Error - 10/11/2013 03:31:48 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 07:31:48, Sun, Nov 10, 13 Error - Unable to gain access to user store


Error - 10/11/2013 03:37:40 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 07:37:40, Sun, Nov 10, 13 Error - Unable to gain access to user store


Error - 11/11/2013 14:25:47 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 18:25:47, Mon, Nov 11, 13 Error - Unable to gain access to user store


Error - 11/11/2013 14:31:36 | Computer Name = Julie-PC | Source = WLAN-Tray | ID = 0
Description = 18:31:36, Mon, Nov 11, 13 Error - Unable to gain access to user store


[ OSession Events ]
Error - 01/12/2011 16:52:07 | Computer Name = Julie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 126 seconds with 120 seconds of active time. This session ended with a crash.

Error - 10/06/2012 13:35:03 | Computer Name = Julie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 68 seconds with 60 seconds of active time. This session ended with a crash.

Error - 07/10/2013 01:15:47 | Computer Name = Julie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session
lasted 41001 seconds with 180 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 11/11/2013 15:39:42 | Computer Name = Julie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/11/2013 15:40:12 | Computer Name = Julie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/11/2013 15:40:12 | Computer Name = Julie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/11/2013 15:40:33 | Computer Name = Julie-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/11/2013 15:41:10 | Computer Name = Julie-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/11/2013 15:41:10 | Computer Name = Julie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/11/2013 15:41:11 | Computer Name = Julie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/11/2013 15:41:41 | Computer Name = Julie-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/11/2013 18:30:39 | Computer Name = Julie-PC | Source = Print | ID = 6161
Description = The document Meanings%20of%20Theory%20(1).pdf, owned by Julie, failed
to print on printer HP Photosmart C4380 series. Try to print the document again,
or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in
bytes: 8454144. Number of bytes printed: 0. Total number of pages in the document:
9. Number of pages printed: 0. Client computer: \\JULIE-PC. Win32 error code returned
by the print processor: 6. The handle is invalid.

Error - 11/11/2013 18:48:02 | Computer Name = Julie-PC | Source = Print | ID = 6161
Description = The document Meanings%20of%20Theory%20(1).pdf, owned by Julie, failed
to print on printer HP Photosmart C4380 series. Try to print the document again,
or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in
bytes: 8454144. Number of bytes printed: 0. Total number of pages in the document:
9. Number of pages printed: 0. Client computer: \\JULIE-PC. Win32 error code returned
by the print processor: 6. The handle is invalid.


< End of report >

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-11 23:52:34
-----------------------------
23:52:34.848 OS Version: Windows 6.0.6002 Service Pack 2
23:52:34.848 Number of processors: 2 586 0xF0D
23:52:34.848 ComputerName: JULIE-PC UserName: Julie
23:52:36.735 Initialize success
23:52:59.081 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:52:59.081 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
23:52:59.315 Disk 0 MBR read successfully
23:52:59.315 Disk 0 MBR scan
23:52:59.315 Disk 0 Windows VISTA default MBR code
23:52:59.331 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
23:52:59.347 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 225280
23:52:59.362 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 225563 MB offset 21196800
23:52:59.362 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 483151872
23:52:59.409 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 483153920
23:52:59.409 Disk 0 scanning sectors +488394752
23:52:59.581 Disk 0 scanning C:\Windows\system32\drivers
23:53:10.096 Service scanning
23:53:45.882 Modules scanning
23:54:23.291 Disk 0 trace - called modules:
23:54:23.322 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
23:54:23.322 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89276968]
23:54:23.338 3 CLASSPNP.SYS[8b7b58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x88206030]
23:54:23.338 Scan finished successfully
00:13:31.178 Disk 0 MBR has been saved successfully to "C:\Users\Julie\Desktop\Geeks\MBR.dat"
00:13:31.193 The log file has been saved successfully to "C:\Users\Julie\Desktop\Geeks\aswMBR.txt"


# AdwCleaner v3.012 - Report created 11/11/2013 at 23:59:06
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Julie - JULIE-PC
# Running from : C:\Users\Julie\Desktop\Geeks\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP
Service Found : BackupStack
Service Found : update whilokii
Service Found : Util Whilokii

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Found : C:\Users\Julie\Desktop\MyPC Backup.lnk
File Found : C:\Users\Public\Desktop\Advanced System Protector.lnk
File Found : C:\Users\Public\Desktop\RegClean Pro.lnk
File Found : C:\Windows\System32\Tasks\Advanced System Protector
File Found : C:\Windows\System32\Tasks\Advanced System Protector_startup
File Found : C:\Windows\System32\Tasks\EPUpdater
File Found : C:\Windows\System32\Tasks\RegClean Pro
Folder Found : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjigkifooejljidiapmgeaoeglmgonll
Folder Found : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Found : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files\AskPartnerNetwork
Folder Found C:\Program Files\AVG Secure Search
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\MyPC Backup
Folder Found C:\Program Files\searchgol
Folder Found C:\Program Files\Whilokii
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\AskPartnerNetwork
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found C:\ProgramData\Systweak
Folder Found C:\Users\Julie\AppData\Local\AVG Secure Search
Folder Found C:\Users\Julie\AppData\Local\Temp\apn
Folder Found C:\Users\Julie\AppData\Local\Wajam
Folder Found C:\Users\Julie\AppData\LocalLow\AVG Secure Search
Folder Found C:\Users\Julie\AppData\LocalLow\Conduit
Folder Found C:\Users\Julie\AppData\LocalLow\Inbox Toolbar
Folder Found C:\Users\Julie\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Found C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Found C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found C:\Users\Julie\AppData\Roaming\searchgol
Folder Found C:\Users\Julie\AppData\Roaming\Systweak

***** [ Shortcuts ] *****

Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk ( /showurl hxxp://toolbar.inbox.com/faq.aspx )
Shortcut Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk ( /showurl hxxp://www.inbox.com/homepage.aspx?tbid=82435&iwk=257&lng=en )

***** [ Registry ] *****

Key Found : HKCU\Software\5d4d68cb23cb944
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\distromatic
Key Found : HKCU\Software\Google\Chrome\Extensions\cjigkifooejljidiapmgeaoeglmgonll
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchgol
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search-Gol Chrome Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Whilokii
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\systweak
Key Found : HKCU\Software\Whilokii
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\5d4d68cb23cb944
Key Found : HKLM\Software\AskPartnerNetwork
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Found : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjigkifooejljidiapmgeaoeglmgonll
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\Inbox Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5CBB76-7379-4490-AA5B-B037C0A36381}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Advanced System Protector
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Advanced System Protector_startup
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\EPUpdater
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\RegClean Pro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124B8C86-A31F-4B3F-9897-712DB1BAA275}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124B8C86-A31F-4B3F-9897-712DB1BAA275}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24C966A1-9396-4E97-916C-C20DDE3376FB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A679F241-9DC5-4A10-A0B1-99204E621380}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6DA8030-0CC1-439A-88F5-153AFACB0419}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Whilokii
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Whilokii
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.avg.com/?cid={13C5DFAC-8873-4C79-B65F-3897D657AB17}&mid=5bc14335263b1c9aff30dc32e95589b6-3550ea5b749d35f128fd9d3b24b1635218411da4&lang=us&ds=AVG&pr=fr&d=2011-12-12 11:45:39&v=15.2.0.5&pid=avg&sg=0&sap=hp

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [17948 octets] - [11/11/2013 23:59:06]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [18009 octets] ##########

Results of screen317's Security Check version 0.99.76
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2011
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 40
Java version out of Date!
Adobe Reader 10.1.8 Adobe Reader out of Date!
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

I hope I have done the scans correctly. Thanks for your help.
  • 0

#4
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there, thanks for the scans. I notice you have AVG installed. I'm not a big fan of this as it installs some questionable software some of which we will remove. I can recommend you a free Antivirus later if you like.


Follow in the order given

1. Uninstall

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • MyPC Backup
  • Whilokii 1.0.0
  • MyPC Backup
  • AVG Security Toolbar
  • AVG Safe Search - If Present

2. OTL Fix

  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.


    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    SRV - [2013/11/11 17:07:12 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
    SRV - [2013/10/16 18:07:48 | 000,166,352 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
    SRV - [2013/10/11 09:34:21 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files\Whilokii\bin\utilWhilokii.exe -- (Util Whilokii)
    SRV - [2013/10/05 01:05:26 | 000,065,304 | ---- | M] (Whilokii) [Auto | Running] -- C:\Program Files\Whilokii\updateWhilokii.exe -- (Update Whilokii)
    SRV - [2013/09/19 22:45:18 | 000,038,440 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)

    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol...125035&tsp=5030
    IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\SearchScopes\{B96EC0DD-4441-4379-AC72-376FF4E882B1}: "URL" = http://websearch.ask...CC-636199E00A92
    IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...fr&d=2011-12-12 11:45:39&v=15.2.0.5&pid=avg&sg=0&sap=hp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.c...fr&d=2011-12-12 11:45:39&v=15.2.0.5&pid=avg&sg=0&sap=hp
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 11:45:39&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 11:45:39&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1 [2013/11/11 17:10:56 | 000,000,000 | ---D | M]
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll (AVG Secure Search)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2252881703-585418222-1894100648-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O4 - Startup: C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
    O16 - DPF: {C861B75F-EE32-4AA4-B610-281AF26A8D1C} https://vpn.nhsstock...COL+/cscopf.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
    [2012/12/12 08:57:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
    [2012/12/12 08:57:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
    [2013/10/09 22:31:16 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
    [2010/04/12 07:16:12 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\PCMM2010
    [2013/10/09 22:31:41 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\searchgol
    [2010/06/25 22:10:38 | 000,000,000 | ---D | M] -- C:\Users\Julie\AppData\Roaming\Xilisoft
    [2013/11/11 19:40:39 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

    :FILES
    C:\Program Files\Whilokii
    C:\Program Files\MyPC Backup
    C:\Program Files\AskPartnerNetwork
    C:\Program Files\AVG Secure Search
    C:\Program Files\Common Files\AVG Secure Search

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.


3. Run ADWcleaner

  • Right click ADWcleaner and Run as Administrator then select Scan
  • Once the scan is complete click Clean
  • A reboot will be asked for click O.K
  • On reboot a log will be produced, please post in your next reply.

4. Junkware Removal Tool

Posted Image 1. Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

5. OPEN CHROME BROWSER

  • In the Chrome Search Bar Copy and Paste the following: chrome://settings/ and press Enter
  • Under On Start-Up check the box Open a specific page or set of pages and click the link Set Pages
  • In the StartUp pages box hover the mouse over www.searchgol.com to highlight, now click the x to remove.
  • Copy and Paste the following into the Add a new page box: www.google.com and click O.K. Now back to the settings page


    EXTENSIONS
  • Top left of page click on Extensions and remove the following:
  • AVG Secure Search
  • Wajam
  • Whilokii
  • Ask Toolbar

Things I want to see in your next post.

  • OTL fix.txt
  • ADWCleaner log
  • JRT log

  • 0

#5
BG Runner

BG Runner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named vToolbarUpdater17.1.2 was found to stop!
Service\Driver key vToolbarUpdater17.1.2 not found.
File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe not found.
Service APNMCP stopped successfully!
Service APNMCP deleted successfully!
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe moved successfully.
Error: No service named Util Whilokii was found to stop!
Service\Driver key Util Whilokii not found.
File C:\Program Files\Whilokii\bin\utilWhilokii.exe not found.
Error: No service named Update Whilokii was found to stop!
Service\Driver key Update Whilokii not found.
File C:\Program Files\Whilokii\updateWhilokii.exe not found.
Error: No service named BackupStack was found to stop!
Service\Driver key BackupStack not found.
File C:\Program Files\MyPC Backup\BackupStack.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B96EC0DD-4441-4379-AC72-376FF4E882B1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B96EC0DD-4441-4379-AC72-376FF4E882B1}\ not found.
HKU\S-1-5-21-2252881703-585418222-1894100648-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ not found.
File C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected] not found.
File C:\ProgramData\AVG Secure Search\FireFoxExt\17.1.2.1 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files\AVG Secure Search\17.1.2.1\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-2252881703-585418222-1894100648-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
File C:\Program Files\AVG Secure Search\vprot.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon deleted successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
File move failed. C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk scheduled to be moved on reboot.
File C:\Program Files\MyPC Backup\MyPC Backup.exe not found.
Starting removal of ActiveX control {C861B75F-EE32-4AA4-B610-281AF26A8D1C}
C:\Windows\Downloaded Program Files\cscopf.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C861B75F-EE32-4AA4-B610-281AF26A8D1C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C861B75F-EE32-4AA4-B610-281AF26A8D1C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C861B75F-EE32-4AA4-B610-281AF26A8D1C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C861B75F-EE32-4AA4-B610-281AF26A8D1C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll not found.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Default\AppData\Roaming\TuneUp Software folder moved successfully.
Folder C:\Users\Default User\AppData\Roaming\TuneUp Software\ not found.
C:\Users\Julie\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\PDF Writer Packages folder moved successfully.
C:\Users\Julie\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z folder moved successfully.
C:\Users\Julie\AppData\Roaming\PCMM2010\diagnostic folder moved successfully.
C:\Users\Julie\AppData\Roaming\PCMM2010 folder moved successfully.
C:\Users\Julie\AppData\Roaming\searchgol folder moved successfully.
C:\Users\Julie\AppData\Roaming\Xilisoft\Video Converter Standard 6\profiles_users folder moved successfully.
C:\Users\Julie\AppData\Roaming\Xilisoft\Video Converter Standard 6\index folder moved successfully.
C:\Users\Julie\AppData\Roaming\Xilisoft\Video Converter Standard 6 folder moved successfully.
C:\Users\Julie\AppData\Roaming\Xilisoft folder moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Whilokii not found.
C:\Program Files\MyPC Backup folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\ORJ-V7 folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\Updater folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar\Updater folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files\AskPartnerNetwork folder moved successfully.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files scheduled to be moved on reboot.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\common appdata\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\common appdata\AskPartnerNetwork folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\common appdata folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder} folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\appdata\Mozilla\Firefox\Profiles folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\appdata\Mozilla\Firefox folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\appdata\Mozilla folder moved successfully.
C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\appdata folder moved successfully.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork scheduled to be moved on reboot.
File\Folder C:\Program Files\AVG Secure Search not found.
File\Folder C:\Program Files\Common Files\AVG Secure Search not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Julie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 75171072 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 287932468 bytes
->Flash cache emptied: 58223 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41563970 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10093568 bytes

Total Files Cleaned = 396.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11122013_183755

Files\Folders moved on Reboot...
File\Folder C:\Users\Julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found!
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source\program files scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7\Source scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-V7 scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork\Toolbar scheduled to be moved on reboot.
Folder move failed. C:\Program Files\AskPartnerNetwork scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.012 - Report created 12/11/2013 at 18:55:21
# Updated 11/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Julie - JULIE-PC
# Running from : C:\Users\Julie\Desktop\Geeks\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6DA8030-0CC1-439A-88F5-153AFACB0419}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{124B8C86-A31F-4B3F-9897-712DB1BAA275}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6DA8030-0CC1-439A-88F5-153AFACB0419}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{124B8C86-A31F-4B3F-9897-712DB1BAA275}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{24C966A1-9396-4E97-916C-C20DDE3376FB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24C966A1-9396-4E97-916C-C20DDE3376FB}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A679F241-9DC5-4A10-A0B1-99204E621380}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A679F241-9DC5-4A10-A0B1-99204E621380}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.AppServer
Key Deleted : HKLM\SOFTWARE\Classes\Inbox.IBX404
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5d4d68cb23cb944
Key Deleted : HKLM\SOFTWARE\5d4d68cb23cb944
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{88AF4F6A-C6B7-4229-9275-824E98BF97F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C5CBB76-7379-4490-AA5B-B037C0A36381}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\AskPartnerNetwork
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\Software\systweak
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RegClean Pro_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search-Gol Chrome Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchgol
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [18090 octets] - [11/11/2013 23:59:06]
AdwCleaner[R1].txt - [12512 octets] - [12/11/2013 18:49:57]
AdwCleaner[R2].txt - [10470 octets] - [12/11/2013 18:53:59]
AdwCleaner[S0].txt - [2404 octets] - [12/11/2013 18:52:54]
AdwCleaner[S1].txt - [10580 octets] - [12/11/2013 18:55:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [10641 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Julie on 12/11/2013 at 19:20:14.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2252881703-585418222-1894100648-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2252881703-585418222-1894100648-1000\Software\wajam



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Julie\appdata\local\cre"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/11/2013 at 19:25:44.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I hope I have done everything correctly. Once again thanks for your help.
  • 0

#6
BG Runner

BG Runner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
5. Open Chrome Browser

- 3rd instruction "In the StartUp pages box....". I could not see www.searchgol.com so just went to 4th instruction
- Extensions - there were no extensions to remove

I hope these do not matter
  • 0

#7
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello to you :)

Good job everything present and correct. I will double check Chrome with you next post.

A lot of stuff removed there so let's check for any leftovers. :thumbsup:


Follow in the....you know the drill by now!


1. UPDATE AND RUN MALWAREBYTES

  • Important - Open Malwarebytes select the Updates Tab - Select Check for Updates and click O.K
  • Once complete click the Scanner Tab and select Perform quick scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • If a reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs Tab then Open Log I need to see this.

2. ESET SCAN ONLY

You will need to disable your currently installed Anti-Virus, how to do so can be read here.


IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



Things I want to see in your next post.

  • Malwarebytes log
  • ESET results
  • How is everything running? Browsers behaving themselves?

  • 0

#8
BG Runner

BG Runner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Here is the Malwarebytes scan:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.12.16

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Julie :: JULIE-PC [administrator]

12/11/2013 23:32:27
mbam-log-2013-11-12 (23-32-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210446
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Unfortunately although I have run the ESET scan two times the computer has shut down at the end both times so no log file saved. I will try and run the EST scan again in the next day or two and let you know.
  • 0

#9
BG Runner

BG Runner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Sorry forgot to say that things are working much quicker and no longer have pop-ups.
  • 0

#10
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there, the ESET results should be saved on your PC at the following location:

C:\Program Files\ESET\EsetOnlineScanner\log.txt

Have a look there and post the text files present, there may be 2 for each scan :thumbsup:
  • 0

Advertisements


#11
BG Runner

BG Runner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
Only one log file for ESET and does not look useful:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

Should I run the scan again?
  • 0

#12
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Yes try the scan again and make sure to uncheck Remove found threats and run IE in Administrator mode. :)
  • 0

#13
BG Runner

BG Runner

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts
I have run the ESET scan (uncheck Remove found threats and run IE in Administrator mode done) but it has frozen on 2 occasions around 48% after more than 4hrs 30mins having scanned 292006 files. It had picked up 2 threats both worded the same: "a variant of Win32/InstallCore.CVapplication".There is no further useful log file. I am not sure what else I can do with this. The only other thing to mention is that I think the AVG antivirus programme became active again. I did not have an option to temporarily disable this for more than 15 minutes.
  • 0

#14
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
OK try to disable using the instructions below, if that fails then Uninstall AVG and run the ESET scan. You can then reinstall AVG or Choose AVAST.

1. Disable AVG

  • Open the AVG Program.
  • On the Tools menu, click Advanced settings.
  • Click Temporarily disable AVG protection in the menu on the left side.
  • Select the Temporarily disable AVG protection check box, and then click OK.
  • Choose how long you want the protection to be disabled from the drop down menu, then click Disable real-time protection.


OR


2. Uninstall AVG

  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • AVG


Now run the ESET scan


3. Re-ininstall AVG or AVAST


  • 0

#15
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there, are you still with me?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP