Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop sloooooow no matter what I try to do

Started by CZ2761 , Nov 27 2013 06:26 PM

  • This topic is locked This topic is locked

#1
CZ2761
Posted 27 November 2013 - 06:26 PM

CZ2761

    Member

  • Member
  • PipPip
  • 95 posts
Computer is slow starting up (even after cleaning the registry), slow connecting to the wireless network, slow bringing up the browser, freezing during game play, but browsing has picked up after cleaning and defragging machine. I ran malwarebytes and removed any malware found. Hasn't helped. Someone help, please??

OTL logfile created on: 11/27/2013 6:58:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 58.58% Memory free
6.19 Gb Paging File | 4.92 Gb Available in Paging File | 79.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.46 Gb Total Space | 134.88 Gb Free Space | 60.63% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 1.73 Gb Free Space | 16.58% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 18:57:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Downloads\OTL.exe
PRC - [2013/11/23 01:30:32 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/11/23 01:30:30 | 001,734,680 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
PRC - [2013/11/23 01:30:28 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/23 00:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/09/23 00:17:30 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 00:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 14:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/03/18 01:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/12/13 04:44:32 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012/05/18 13:47:00 | 002,370,448 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
PRC - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/15 13:17:24 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/24 12:59:41 | 004,591,616 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2013/11/24 12:59:41 | 000,112,128 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/11/23 01:30:37 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
MOD - [2013/11/23 01:30:37 | 000,142,360 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll
MOD - [2013/11/23 01:30:32 | 002,420,248 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:30 | 013,582,800 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Disabled | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Disabled | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/11/27 17:24:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/25 03:14:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/23 01:30:30 | 001,734,680 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/12/13 04:44:32 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Disabled | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/18 13:47:00 | 002,370,448 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Running] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2011/10/25 11:51:56 | 000,043,848 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Peachtree\SmartPostingService2011.exe -- (Peachtree SmartPosting 2011)
SRV - [2008/04/15 13:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe -- (STacSV)
SRV - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ajahlois)
DRV - [2013/11/23 01:30:40 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 00:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 00:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 00:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/05/19 21:52:37 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/03/21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/13 04:28:44 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/12/13 04:26:38 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012/12/13 04:26:38 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsint.sys -- (acsint)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/05/13 21:09:00 | 007,443,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/13 21:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/15 13:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/04/15 05:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/11 12:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/27 15:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 15:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/01/24 08:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {8D6A46D9-5333-4F75-BDDB-D177867B0C4E}
IE - HKLM\..\SearchScopes\{053CB6B2-90F2-4A3F-A7DA-69E49DDE3597}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{8D6A46D9-5333-4F75-BDDB-D177867B0C4E}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{053CB6B2-90F2-4A3F-A7DA-69E49DDE3597}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{8D6A46D9-5333-4F75-BDDB-D177867B0C4E}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....fr&d=2013-11-05 12:49:29&v=17.0.1.12&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....fr&d=2013-08-26 21:24:56&v=15.6.1.2&pid=safeguard&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/10 08:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.1.2.1 [2013/11/23 01:42:27 | 000,000,000 | ---D | M]

[2011/11/08 18:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2013/11/27 17:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\extensions
[2013/09/06 21:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/27 17:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/27 17:24:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/23 01:44:18 | 000,003,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_1\
CHR - Extension: Feedly - News, Blogs and Youtube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_1\
CHR - Extension: Google Maps = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: RHCP = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogcbkkjhojimpkmhbpndncicbcfigid\1.0_0\
CHR - Extension: AVG SafeGuard = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.2.1_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: My Chrome Theme = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/11 17:57:53 | 000,001,161 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 forum.alcohol-soft.com
O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
O1 - Hosts: 127.0.0.1 users.alcohol-soft.com
O1 - Hosts: 127.0.0.1 shop.alcohol-soft.com
O1 - Hosts: 127.0.0.1 vodka.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.*
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.1.2.1\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0819543E-146D-4416-8CDE-A68597624A77}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8DA66C-C24A-49EF-B3BB-7F784FC0114A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B72DD6A-D65E-4A6A-A9E0-50489A711B2A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87E9FAAC-BFD4-4AF9-B109-3D504B0C3289}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 08:11:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{44229e24-6ac8-11e1-8a5e-001eecf4b2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{4b2a77ef-c0f9-11e2-8ae5-001eecf4b2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{4b2a77ef-c0f9-11e2-8ae5-001eecf4b2ed}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/27 18:32:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Wise Registry Cleaner
[2013/11/27 18:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2013/11/27 18:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\Wise
[2013/11/27 17:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\ToniArts
[2013/11/27 17:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyCleaner
[2013/11/27 12:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/11/27 12:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/11/25 10:49:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Macromedia
[2013/11/25 03:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/11/25 01:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2013/11/25 01:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013/11/25 01:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/25 01:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/25 00:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/11/25 00:45:30 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/11/25 00:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/11/24 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013/11/24 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\InstallShield
[2013/11/24 13:51:57 | 000,000,000 | ---D | C] -- C:\DRIVERS

========== Files - Modified Within 30 Days ==========

[2013/11/27 18:45:44 | 000,000,644 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/27 18:43:33 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013/11/27 18:42:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 18:42:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/27 18:42:00 | 000,008,268 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/11/27 18:41:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/27 18:40:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/11/27 18:31:53 | 000,000,980 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2013/11/27 18:29:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000UA.job
[2013/11/27 18:29:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000Core.job
[2013/11/27 18:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/27 12:40:35 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/27 12:28:13 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/25 11:09:18 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/25 01:53:51 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/25 01:53:51 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/11/25 01:53:40 | 000,411,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/25 01:23:39 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2013/11/25 00:45:43 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/24 14:15:05 | 000,608,660 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/24 14:15:05 | 000,105,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/24 14:13:13 | 000,997,978 | ---- | M] () -- C:\Windows\System32\oem19.inf
[2013/11/24 14:11:23 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2013/11/23 21:54:41 | 000,002,044 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/23 21:54:39 | 000,002,042 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2013/11/23 21:49:30 | 000,249,739 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/11/23 21:48:37 | 000,249,739 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/11/23 01:42:36 | 000,071,168 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/23 01:30:40 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

========== Files Created - No Company Name ==========

[2013/11/27 18:43:33 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013/11/27 18:31:53 | 000,000,980 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2013/11/27 12:40:35 | 000,000,720 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/27 12:28:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/11/25 02:28:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/25 01:23:39 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2013/11/25 00:47:21 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/11/25 00:47:14 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/11/25 00:47:09 | 000,000,644 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/11/25 00:45:43 | 000,001,930 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/11/25 00:45:43 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/11/24 14:13:49 | 000,997,978 | ---- | C] () -- C:\Windows\System32\oem19.inf
[2013/11/24 14:11:42 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2013/11/23 15:05:51 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/09/29 16:38:11 | 000,000,495 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/05/19 22:15:01 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/04/18 17:25:16 | 000,188,468 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/05/25 18:17:09 | 000,034,814 | ---- | C] () -- C:\Users\Chris\AppData\Local\dt.dat
[2012/01/28 11:19:31 | 000,008,268 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/11/14 00:28:17 | 000,071,168 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 10:09:37 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/11/08 10:09:32 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/16 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG2013
[2013/11/23 01:38:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2013/07/21 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Pro
[2013/05/27 08:53:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Firaxis Games
[2013/08/10 08:48:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
[2013/07/21 21:34:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\My Games
[2013/09/29 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Peachtree
[2013/08/05 09:58:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Riot Games
[2012/12/16 12:31:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2013/11/27 18:40:23 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Wise Registry Cleaner

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
DonnaB
Posted 28 November 2013 - 11:00 AM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi CZ2761,

Computer is slow starting up (even after cleaning the registry),


Please allow me to point out that we advise not to use any registry cleaners as there have been reports of them clearing out needed registry entries and messing up PCs. In addition, what they do clean up is so small that little or no advantages are noticed.

Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time.

Windows is a closed source system. Developers of registry cleaners do not have the core code of Windows and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork.


Could you please open Malwarebytes, click on the Logs tab and post the resultant log in your next post? I'd like to see what was removed.

Also, OTL should have generated an log named Extras.txt that was placed on your desktop after the scan. Please post that as well. If you can not find it, type Extras.txt into Start Search. It should be found in that manner.


Next:

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double-click AdwCleaner.exe to run the tool.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • Click the Scan button.
  • AdwCleaner will begin. Be patient as the scan may take some time to complete.
  • After the scan has finished, click the Report button. A logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, please let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.


Next:

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


In your next reply, please post the following logs:

MBAM
Extras.txt
AdwCleaner[R0].txt
aswMBR.txt

Please note: Due to the Thanksgiving Holiday, my replies might be a bit delayed. Thank you for understanding :)

Thank you,
Donna :)
  • 0

#3
CZ2761
Posted 28 November 2013 - 06:16 PM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Thank you for answering my question, below are the logs that you requested.

MALWARE:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.25.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-PC [administrator]

11/25/2013 11:12:05 AM
mbam-log-2013-11-25 (11-12-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216732
Time elapsed: 25 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Chris\AppData\Local\Temp\ct2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\Temp\ct2504091\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Users\Chris\Downloads\Download (1).exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Users\Chris\Downloads\Download.exe (PUP.Optional.Installrex) -> Quarantined and deleted successfully.
C:\Users\Chris\Downloads\Setup (1).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

(end)

EXTRAS.TXT
OTL Extras logfile created on: 11/27/2013 6:58:04 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 58.58% Memory free
6.19 Gb Paging File | 4.92 Gb Available in Paging File | 79.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.46 Gb Total Space | 134.88 Gb Free Space | 60.63% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 1.73 Gb Free Space | 16.58% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B86FA71-254F-497F-9722-A25C49D28E11}" = rport=137 | protocol=17 | dir=out | app=system |
"{43688AB0-5026-4109-BD35-C9F94C453FB2}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D463317-8AA1-42EB-AAAA-46FB45DC961D}" = lport=3351 | protocol=6 | dir=in | name=pervasive dbengine |
"{5A4CB45D-0259-4C82-9946-CA1380D42EB2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{866D77D3-8AA2-4318-9874-31E4C1A231B7}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A048E29-75EC-4132-B07E-A99D60547B10}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E599228-5F36-4B01-9782-CDAF7A7DF85D}" = lport=1583 | protocol=6 | dir=in | name=pervasive dbengine |
"{9F3C8C1B-6DA2-4F0D-A981-57594F0D6604}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{BFF9B835-B75B-4BE6-9705-0C23AE776AE0}" = lport=139 | protocol=6 | dir=in | app=system |
"{E3BE076D-61DD-4A6A-80A5-333CF65D0B6A}" = rport=445 | protocol=6 | dir=out | app=system |
"{E50F9893-D461-4BE7-A960-869C3F1DB807}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EA01412C-D37A-4237-8C2E-247030DB62A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{EFF98E92-7B6F-4782-BDDF-F331AEFABB92}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0263DABF-EF77-48CB-B81B-61C269F641F2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{064F1C4B-F0A6-49CB-A4D6-E4193C7C9F1E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{0EE63860-31B4-4363-9C13-37DDF7128868}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{12AE9355-D442-4B49-8D73-A748EB38F033}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{16ACDFE2-0220-4AFE-B2BD-324C0E801201}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{2B901E9E-38BB-4139-827E-A9A773D1BD74}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C1CE542-FA9F-407A-8EF9-3C008766CBC5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{414219F8-DCFA-480C-9BAD-F39C217768ED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{4360F3DF-8D98-4686-B86A-828DED02CAE7}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{453DCC76-D754-45D0-BD36-A98A97DE4C5A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{50E9D66C-209C-4C4A-B27B-BC36B3ED0E16}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{51EE844F-74E0-45C8-84FB-73AC69CE33C9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{5D2C68F0-030E-4C92-9B6E-C1204C19C9F1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5DF1C42E-E752-4E4E-A0C0-C68872DD16D5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{67DDD819-4658-46C6-8051-CA0937EE2D06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FC9820B-9A1F-4F8A-958D-C95885E390BE}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{777C8CC4-F17C-4A6D-8F55-DCE99749F8F4}" = protocol=6 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |
"{7FBFF7C6-7B40-4F7D-8D01-5BD55DA6C83F}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{84688B25-7D8D-4393-9CBC-D87794CAC412}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{877F6D89-DE63-41DE-9296-C17D2197C6E9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{91FB66D6-4CCC-4096-8685-5862BC7E4385}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{96FB4ECD-2D07-4261-A690-883D7651706A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{97E906B3-2FF3-4D20-AFC3-DC3D17F13F53}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{98AFDB42-44EF-4B5B-A707-29F3C83C5210}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{B0EDE9EB-A8AC-4ABF-81D9-B42F20C3FB5F}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{BEEA257F-30E6-4739-9C7F-4663398B59F5}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{C4BCAFBB-78E0-4DBA-A0C3-E2A45AAA951E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\team fortress 2\hl2.exe |
"{C72728E7-4B98-4F7C-AA7E-6B0E88A99CA5}" = protocol=1 | dir=out | [email protected],-28544 |
"{CAC52DD3-2A0A-4526-863D-3CF90F8A3295}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD17DD4D-BEDA-45B0-82AC-3F573EB05CD1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{D07DB96B-7551-4F3B-A6F5-B47BA7AAD6B1}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |
"{D2AFDC7C-6CC2-4F66-9AD4-998C3629A97A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{D2F330FE-BD00-4A33-A1F5-2D0356274323}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{D668664D-DA24-4AF9-824A-CECD39592005}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{D6AF57C8-6443-4C2D-82DB-629C14CE0156}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D7788BDD-2654-4E24-9453-68119D2E3AE2}" = protocol=58 | dir=in | [email protected],-28545 |
"{DCCA4B59-4F01-4826-9089-935BE4339170}" = protocol=1 | dir=in | [email protected],-28543 |
"{E124605C-BD1D-416C-A87C-AEB0E0FF81FC}" = protocol=17 | dir=in | app=c:\program files\pervasive software\psql\bin\w3dbsmgr.exe |
"{E6140F30-5818-4775-BEE4-85A093C259F4}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{ED3305B2-4628-4856-BFEF-F7390D70FED3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"TCP Query User{8127EB56-444C-4340-9EB1-1DFF3E3DF79A}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{D7AC601B-8D94-49D2-8350-FF61539E730B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{05D726A8-536F-4D2E-A4B1-CC1A0AB24701}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{45F3E2A8-5D77-43D8-AD1A-9A19BEDC61E1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{54E4EECE-61B9-4D85-9B3C-99686A9ED6A1}" = Peachtree Accounting 2011
"{6280C3D1-00A3-4E79-BDF6-98332A29B706}" = AVG 2013
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729ACA18-2122-4DDF-834C-25BBBBD3526E}" = AVG 2013
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CA5C4DF-8327-4035-AE2B-CA76336A04FD}" = Snagit 11
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9AA9FEE7-9F99-4E69-947A-49F7DA0DDA3A}" = Cisco AnyConnect Secure Mobility Client
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}" = iTunes
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E8C3CF7A-9E8F-4C5D-8EC7-FF5A495E178C}" = VitalSource Bookshelf
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F3FCB08B-E752-444D-86A0-0634A4F3B23D}" = System Requirements Lab CYRI
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{54E4EECE-61B9-4D85-9B3C-99686A9ED6A1}" = Peachtree Accounting 2011
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Integration Services" = Sage Integration Services
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Pervasive PSQL v10 SP2 Workgroup (32-bit)" = Pervasive PSQL v10 SP2 Workgroup (32-bit)
"QWdlIG9mIEVtcGlyZXMgSUkgSEQgKGMpIE1pY3Jvc29mdCBTdHVkaW9z_is1" = Age of Empires II HD © Microsoft Studios version 1
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Steam" = Steam
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 440" = Team Fortress 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.89
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/25/2013 1:19:02 PM | Computer Name = Chris-PC | Source = Perflib | ID = 1010
Description =

Error - 11/25/2013 1:19:08 PM | Computer Name = Chris-PC | Source = PerfNet | ID = 2005
Description =

Error - 11/25/2013 1:19:09 PM | Computer Name = Chris-PC | Source = Perflib | ID = 1008
Description =

Error - 11/25/2013 1:19:48 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/25/2013 5:47:36 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/26/2013 12:50:51 AM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/26/2013 12:08:09 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2013 1:12:26 AM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2013 1:12:44 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/27/2013 1:37:05 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 11/27/2013 6:10:10 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 11/27/2013 6:10:10 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 11/27/2013 6:10:10 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL

Error - 11/27/2013 7:40:38 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67110873
Description = Termination reason code 9: Client PC is shutting down.

Error - 11/27/2013 7:45:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108866
Description = Function: XmlParser::invokeParser File: .\Xml\XmlParser.cpp Line: 182
Invoked
Function: ISAXXMLReader::parse Return Code: -2146697210 (0x800C0006) Description:
WINDOWS_ERROR_CODE

Error - 11/27/2013 7:45:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108866
Description = Function: CPhoneHomeAgent::LoadSettingsFromXmlFile File: ..\PhoneHomeAgent.cpp
Line:
603 Invoked Function: XmlParser::parseFile Return Code: -33554423 (0xFE000009) Description:
GLOBAL_ERROR_UNEXPECTED

Error - 11/27/2013 7:45:41 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108866
Description = Function: CThread::invokeRun File: .\Utility\Thread.cpp Line: 435 Invoked
Function: IRunnable::Run Return Code: -32112629 (0xFE16000B) Description: BROWSERPROXY_ERROR_NO_PROXY_FILE


Error - 11/27/2013 7:50:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 11/27/2013 7:50:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CServicePluginMgr::GetSettings File: .\ServicePluginMgr.cpp
Line:
274 m_pIServicePlugin is NULL

Error - 11/27/2013 7:50:25 PM | Computer Name = Chris-PC | Source = acvpnagent | ID = 67108865
Description = Function: CTelemetryPluginMgr::GetSettings File: .\TelemetryPluginMgr.cpp
Line:
311 m_pITelemetryPlugin is NULL

[ System Events ]
Error - 11/27/2013 6:05:08 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/27/2013 6:47:24 PM | Computer Name = Chris-PC | Source = VDS Dynamic Provider | ID = 16908298
Description =

Error - 11/27/2013 7:40:35 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 11/27/2013 7:43:40 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 11/27/2013 7:43:40 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/27/2013 7:43:40 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2013 7:43:40 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/27/2013 7:44:04 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 11/27/2013 7:45:24 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/27/2013 7:45:25 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

ADWCLEANER:
# AdwCleaner v3.013 - Report created 28/11/2013 at 19:00:43
# Updated 24/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Chris - CHRIS-PC
# Running from : C:\Users\Chris\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : Viewpoint Manager Service

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found C:\Program Files\Common Files\AVG Secure Search
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\Viewpoint
Folder Found C:\Program Files\Vuze
Folder Found C:\Program Files\Vuze_Remote
Folder Found C:\Program Files\Vuze_Remote
Folder Found C:\ProgramData\AVG Security Toolbar
Folder Found C:\ProgramData\Viewpoint
Folder Found C:\Users\Chris\AppData\LocalLow\Conduit
Folder Found C:\Users\Chris\AppData\LocalLow\Vuze_Remote
Folder Found C:\Users\Chris\AppData\LocalLow\Vuze_Remote

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2323EBBB-E878-49FE-9691-268614468C96}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2323EBBB-E878-49FE-9691-268614468C96}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E88AD230-B9A2-48AC-A5DE-43F31805C310}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\Software\Vuze_Remote
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\prefs.js ]

Line Found : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1385590213144,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.machineId", "QOMHOHH36YEYPUF12J/R2XUCZRVUBKBKALSIVXQBLLKOE7S+CM6RTVUWZN/NZUEB5DOVZFSC1R6GKEXEE65N6A");

-\\ Google Chrome v

[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11837 octets] - [28/11/2013 19:00:43]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11898 octets] ##########

aswMBR.txt:
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-28 19:08:03
-----------------------------
19:08:03.235 OS Version: Windows 6.0.6002 Service Pack 2
19:08:03.235 Number of processors: 2 586 0x170A
19:08:03.236 ComputerName: CHRIS-PC UserName: Chris
19:08:04.323 Initialize success
19:08:16.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:08:16.961 Disk 0 Vendor: ST9250827AS 3.AHC Size: 238475MB BusType: 3
19:08:16.977 Disk 0 MBR read successfully
19:08:16.994 Disk 0 MBR scan
19:08:16.998 Disk 0 unknown MBR code
19:08:17.003 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227797 MB offset 63
19:08:17.037 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10674 MB offset 466530304
19:08:17.066 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 3 MB offset 488390656
19:08:17.099 Disk 0 scanning sectors +488397152
19:08:17.387 Disk 0 scanning C:\Windows\system32\drivers
19:08:28.106 Service scanning
19:08:49.707 Modules scanning
19:08:57.781 Disk 0 trace - called modules:
19:08:57.830 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys >>UNKNOWN [0x855711f8]<<
19:08:57.859 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86ca0670]
19:08:57.868 3 CLASSPNP.SYS[827168b3] -> nt!IofCallDriver -> [0x86b9d228]
19:08:57.878 5 hpdskflt.sys[8b9acf05] -> nt!IofCallDriver -> [0x85fcf870]
19:08:57.888 7 acpi.sys[807ba6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85f92230]
19:08:57.898 \Driver\atapi[0x85f8f160] -> IRP_MJ_CREATE -> 0x855711f8
19:08:57.928 Scan finished successfully
19:15:15.150 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
19:15:15.166 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"

Hope you had a wonderful Thanksgiving :D
  • 0

#4
DonnaB
Posted 29 November 2013 - 08:04 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Hi CZ2761,

Hope you had a wonderful Thanksgiving :D

I certainly did! Thank you! :)

I hope your Thanksgiving was as nice as mine was. Thank you for the logs. Now that the Holiday is behind us (and the family has gone their merry little way), lets focus on getting you fixed up here. :happy:

I did point out how Registry cleaners can not be relied upon and can cause damage to your system in due time. Please go to Start > Control Panel > Programs and Features to uninstall the following programs (if found):


Java™ 6 Update 5
EasyCleaner
Wise Registry Cleaner 7.89
Viewpoint Media Player

Also, please uninstall Spybot Search and Destroy, for the time being, to prevent it from interfering with any fixes here. We can reinstall that once we are finished.

I see you also have Ccleaner installed. I use that myself though I have changed the default settings in Ccleaner which include clearing out Windows Log files and Memory Dumps. These are very important log files that might be needed to diagnosis and find solutions. I would recommend un-checking those options found under Windows > System in the user interface of Ccleaner. Ccleaner is not a fix all for slow booting computers. There are many other factors involved as well such as file corruption, hardware failure, etc., etc. and I never use the Registry Cleaner feature for the reasons posted above. cleaner only cleans out the user profile that is it run on as well. I'll introduce you to a much better program after we ensure your system is free of malware and your programs are up to date.


Next:

Double-click AdwCleaner.exe to run the tool again.
  • Click the Scan button.
    Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


Next:

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.


Next:

  • Open OTL again and click the Quick Scan button.
No Extras.txt log will be generated this time. I just need to see what leftovers are present that need to be removed.

Please post the following logs in your next reply:

AdwCleaner[S0].txt
checkup.txt
OTL.tx

Thank you,
Donna
  • 0

#5
CZ2761
Posted 29 November 2013 - 09:12 PM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Our Thanksgiving was wonderful as well, thanks. Here are the logs:

AdwCleaner:
# AdwCleaner v3.013 - Report created 29/11/2013 at 21:44:20
# Updated 24/11/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Chris - CHRIS-PC
# Running from : C:\Users\Chris\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Vuze_Remote
Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Chris\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Chris\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2323EBBB-E878-49FE-9691-268614468C96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E88AD230-B9A2-48AC-A5DE-43F31805C310}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16520


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\prefs.js ]

Line Deleted : user_pref("CT2504091_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1385590213144,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.machineId", "QOMHOHH36YEYPUF12J/R2XUCZRVUBKBKALSIVXQBLLKOE7S+CM6RTVUWZN/NZUEB5DOVZFSC1R6GKEXEE65N6A");

-\\ Google Chrome v

[ File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [11979 octets] - [28/11/2013 19:00:43]
AdwCleaner[R1].txt - [11099 octets] - [29/11/2013 21:42:05]
AdwCleaner[S0].txt - [10140 octets] - [29/11/2013 21:44:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10201 octets] ##########


checkup.txt:
Results of screen317's Security Check version 0.99.77
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 45
Adobe Flash Player 11.9.900.152
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (25.0.1)
Google Chrome 30.0.1599.101
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


OTL:
OTL logfile created on: 11/29/2013 10:02:18 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Chris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 58.88% Memory free
6.19 Gb Paging File | 5.21 Gb Available in Paging File | 84.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.46 Gb Total Space | 134.18 Gb Free Space | 60.32% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 1.73 Gb Free Space | 16.58% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 18:57:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Chris\Downloads\OTL.exe
PRC - [2013/09/23 00:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/09/23 00:17:30 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 00:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 14:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/03/18 01:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/15 13:17:24 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/24 12:59:41 | 004,591,616 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll
MOD - [2013/11/24 12:59:41 | 000,112,128 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll
MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
SRV - [2013/11/27 17:24:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/25 03:14:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/12/13 04:44:32 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/18 13:47:00 | 002,370,448 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Stopped] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2011/10/25 11:51:56 | 000,043,848 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Peachtree\SmartPostingService2011.exe -- (Peachtree SmartPosting 2011)
SRV - [2008/04/15 13:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe -- (STacSV)
SRV - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (auegi2g4)
DRV - [2013/11/23 01:30:40 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 00:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 00:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 00:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/05/19 21:52:37 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/03/21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/13 04:28:44 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/12/13 04:26:38 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012/12/13 04:26:38 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsint.sys -- (acsint)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/05/13 21:09:00 | 007,443,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/13 21:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/15 13:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/04/15 05:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/11 12:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/27 15:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 15:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/01/24 08:23:12 | 000,052,736 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{053CB6B2-90F2-4A3F-A7DA-69E49DDE3597}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D6A46D9-5333-4F75-BDDB-D177867B0C4E}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{053CB6B2-90F2-4A3F-A7DA-69E49DDE3597}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{8D6A46D9-5333-4F75-BDDB-D177867B0C4E}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....fr&d=2013-08-26 21:24:56&v=15.6.1.2&pid=safeguard&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/10 08:37:54 | 000,000,000 | ---D | M]

[2011/11/08 18:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2013/11/27 17:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\extensions
[2013/09/06 21:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/27 17:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/27 17:24:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/23 01:44:18 | 000,003,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Feedly - News, Blogs and Youtube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0\
CHR - Extension: Google Maps = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: RHCP = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogcbkkjhojimpkmhbpndncicbcfigid\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: My Chrome Theme = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/11 17:57:53 | 000,001,161 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 forum.alcohol-soft.com
O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
O1 - Hosts: 127.0.0.1 users.alcohol-soft.com
O1 - Hosts: 127.0.0.1 shop.alcohol-soft.com
O1 - Hosts: 127.0.0.1 vodka.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.*
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0819543E-146D-4416-8CDE-A68597624A77}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8DA66C-C24A-49EF-B3BB-7F784FC0114A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B72DD6A-D65E-4A6A-A9E0-50489A711B2A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87E9FAAC-BFD4-4AF9-B109-3D504B0C3289}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 08:11:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{44229e24-6ac8-11e1-8a5e-001eecf4b2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{4b2a77ef-c0f9-11e2-8ae5-001eecf4b2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{4b2a77ef-c0f9-11e2-8ae5-001eecf4b2ed}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/28 19:00:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/27 12:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/11/27 12:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/11/25 10:49:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Macromedia
[2013/11/25 03:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/11/25 01:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2013/11/25 01:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013/11/25 01:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/25 01:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/25 00:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/11/24 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013/11/24 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\InstallShield
[2013/11/24 13:51:57 | 000,000,000 | ---D | C] -- C:\DRIVERS

========== Files - Modified Within 30 Days ==========

[2013/11/29 21:48:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 21:48:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/29 21:48:10 | 000,008,268 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/11/29 21:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/29 21:26:25 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini
[2013/11/29 21:14:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/28 19:29:04 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000UA.job
[2013/11/28 19:15:15 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/11/27 19:31:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/11/27 18:29:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000Core.job
[2013/11/27 12:40:35 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/27 12:28:13 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/25 11:09:18 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/25 01:53:40 | 000,411,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/25 01:23:39 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2013/11/24 14:15:05 | 000,608,660 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/24 14:15:05 | 000,105,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/24 14:13:13 | 000,997,978 | ---- | M] () -- C:\Windows\System32\oem19.inf
[2013/11/24 14:11:23 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2013/11/23 21:54:41 | 000,002,044 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/23 21:54:39 | 000,002,042 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2013/11/23 21:49:30 | 000,249,739 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/11/23 21:48:37 | 000,249,739 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/11/23 01:42:36 | 000,071,168 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/23 01:30:40 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

========== Files Created - No Company Name ==========

[2013/11/29 21:26:00 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/28 19:15:15 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/11/27 12:40:35 | 000,000,720 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/27 12:28:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/11/25 02:28:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/25 01:23:39 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2013/11/24 14:13:49 | 000,997,978 | ---- | C] () -- C:\Windows\System32\oem19.inf
[2013/11/24 14:11:42 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2013/11/23 15:05:51 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/09/29 16:38:11 | 000,000,495 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/05/19 22:15:01 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/04/18 17:25:16 | 000,188,468 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/05/25 18:17:09 | 000,034,814 | ---- | C] () -- C:\Users\Chris\AppData\Local\dt.dat
[2012/01/28 11:19:31 | 000,008,268 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/11/14 00:28:17 | 000,071,168 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 10:09:37 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/11/08 10:09:32 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/16 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG2013
[2013/11/23 01:38:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2013/07/21 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Pro
[2013/05/27 08:53:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Firaxis Games
[2013/08/10 08:48:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
[2013/07/21 21:34:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\My Games
[2013/09/29 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Peachtree
[2013/08/05 09:58:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Riot Games
[2012/12/16 12:31:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >


I hope this helps, thanks again!
  • 0

#6
DonnaB
Posted 29 November 2013 - 10:14 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
CZ2761,

Your Adobe reader needs updating. You should ensure you use the latest Adobe Reader and install any security updates that are released. You can download the latest reader and updates from here.

As a side note: I'd suggest uninstalling it and using FoxIt Reader. Adobe has become very vulnerable over the last couple of years and really uses up resources more than FoxIt Reader. The "footprint" for Foxit Reader is considerably smaller than Adobe's and consequently uses less resources (RAM as well as hard drive space). It's been said that there are a few things Foxit cannot do compared to Adobe, but I haven't come across them yet.

If you choose to install Foxit Reader, please be advised that you may have to uncheck any pre-checked software. Choose custom install.

If you'd like, you can download Foxit Reader from here, though make sure to uninstall Adobe Reader.

The choice is yours.

Next:

Let's verify that you are clean with the following online scanner:

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the Posted Image icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Posted Image
    (Selecting Uninstall application on close if you so wish)

Please post the log in your next reply.

Also, please explain in great detail if you are still experiencing slowness and when......

Thank you,
Donna :)
  • 0

#7
CZ2761
Posted 30 November 2013 - 06:00 AM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Here is the log from ESET:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=901b604c5520ab469d756edeca80d5e5
# engine=16084
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-11-30 08:14:29
# local_time=2013-11-30 03:14:29 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1039 16777213 100 99 0 71990053 0 0
# compatibility_mode=5892 16776574 100 95 46710766 222406797 0 0
# scanned=194105
# found=17
# cleaned=0
# scan_time=11830
sh=E0B37C57E99FE566CE70DE1FE6B0A8E222BC133A ft=1 fh=040dd3f1fe168480 vn="Win32/Somoto.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu.exe.vir"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_27_5p83tu.dll.vir"
sh=0AC76F0DCEC5A2957E9135A82012933D40AC6A63 ft=1 fh=f9c9bf4621013cb3 vn="a variant of Win32/Bunndle application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_31_5p83tu.dll.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\ldrtbVuze.dll.vir"
sh=A2D929A9864513C0E8ED84AAD622EF6ADCC9B950 ft=1 fh=22c06217fc444ec5 vn="Win32/Toolbar.Conduit.O application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\prxtbVuze.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuze.dll.vir"
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe.vir"
sh=0460B794834ED78BE69BA5EB9C0E6211EBEAD9B6 ft=1 fh=0f8145e534b0e78b vn="a variant of Win32/Toolbar.Conduit.P application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir"
sh=8CA209A796CAB152BC9907BCEF283C221AC5F058 ft=1 fh=16efebacbcd5a9c9 vn="a variant of Win32/Toolbar.Conduit.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir"
sh=9954E1FC06442EDE50FE96EFE949181F7EEB5BC1 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Crack.BQ application" ac=I fn="C:\Age.of.Empires.II.HD-RELOADED\rld-aoe2hd.iso"
sh=EBE0F3003AB49F5F5304004A8420A167B3D13A79 ft=1 fh=deed394e2b579aa7 vn="a variant of Win32/OpenInstall application" ac=I fn="C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W9733Q3I\download-file-x86-afh[1].exe"
sh=069ED2484B4311588C42A3227AA729E0FC920551 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5bb1246-6499db37"
sh=B67FC4F22A0F7D42CD5B3D4CE7E4C365AB25829E ft=1 fh=8374f279f29d2031 vn="a variant of Win32/AirAdInstaller.A application" ac=I fn="C:\Users\Chris\Downloads\setup.exe"
sh=E17CEF57426D519615794FCEA3E9F5D1084A0F80 ft=1 fh=25db613a53b77ef1 vn="Win32/InstalleRex.I application" ac=I fn="C:\Users\Chris\Downloads\Shopping List 2.exe"
sh=D67176FC289B98582569F001C2C340E248036AD6 ft=1 fh=8e02c037bcb671ce vn="a variant of Win32/Adware.MediaFinder.F application" ac=I fn="C:\Users\Chris\Downloads\Your_file_download (1).exe"
sh=20C135AE9DDD35A074CF24859B2DFE3112A01430 ft=1 fh=a123c23ebcb671ce vn="a variant of Win32/Adware.MediaFinder.F application" ac=I fn="C:\Users\Chris\Downloads\Your_file_download (2).exe"
sh=88DB1BE343BF75CF38AFF0785B084A70CA80A53C ft=1 fh=18809191cae1fca6 vn="a variant of Win32/Adware.MediaFinder.F application" ac=I fn="C:\Users\Chris\Downloads\Your_file_download.exe"


The laptop seems to be running much faster now, I will let you know if that changes.
  • 0

#8
CZ2761
Posted 30 November 2013 - 06:26 AM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Upon further review, the only issue I'm having now is a rather slow startup time. Everything else is great!
  • 0

#9
CZ2761
Posted 30 November 2013 - 11:45 AM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
posted log again in error. please ignore.

Edited by CZ2761, 30 November 2013 - 11:47 AM.

  • 0

#10
DonnaB
Posted 30 November 2013 - 08:53 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts

The laptop seems to be running much faster now,


That's good news! :happy:

Let's remove the malicious files that ESET found and we'll work on the startup issue thereafter. :)

  • Double click on the Posted Image to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe -- (vToolbarUpdater17.1.2)
    [2012/12/16 12:31:13 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software

    :Files
    C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu.exe.vir
    C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_27_5p83tu.dll.vir
    C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_31_5p83tu.dll.vir
    C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\ldrtbVuze.dll.vir
    C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\prxtbVuze.dll.vir
    C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuze.dll.vir
    C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe.vir
    C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir
    C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir
    C:\Age.of.Empires.II.HD-RELOADED\rld-aoe2hd.iso
    C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W9733Q3I\download-file-x86-afh[1].exe
    C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5bb1246-6499db37
    C:\Users\Chris\Downloads\setup.exe
    C:\Users\Chris\Downloads\Shopping List 2.exe
    C:\Users\Chris\Downloads\Your_file_download (1).exe
    C:\Users\Chris\Downloads\Your_file_download (2).exe
    C:\Users\Chris\Downloads\Your_file_download.exe

    :Commands
    [emptytemp]

  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

Please post the following logs in your next reply:

C:\_OTL\Moved Files
OTL.txt

Thank you,
Donna :)
  • 0

Advertisements

#11
CZ2761
Posted 01 December 2013 - 05:07 PM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Moved Files:
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service vToolbarUpdater17.1.2 stopped successfully!
Service vToolbarUpdater17.1.2 deleted successfully!
File C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe not found.
C:\Users\Chris\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Chris\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Chris\AppData\Roaming\TuneUp Software folder moved successfully.
========== FILES ==========
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_20_5p83tu.exe.vir moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_27_5p83tu.dll.vir moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Vuze\.install4j\i4j_extf_31_5p83tu.dll.vir moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\ldrtbVuze.dll.vir moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\prxtbVuze.dll.vir moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\tbVuze.dll.vir moved successfully.
C:\AdwCleaner\Quarantine\C\Program Files\Vuze_Remote\Vuze_RemoteToolbarHelper.exe.vir moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\Vuze_Remote\ldrtbVuze.dll.vir moved successfully.
C:\AdwCleaner\Quarantine\C\Users\Chris\AppData\LocalLow\Vuze_Remote\tbVuze.dll.vir moved successfully.
C:\Age.of.Empires.II.HD-RELOADED\rld-aoe2hd.iso moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W9733Q3I\download-file-x86-afh[1].exe moved successfully.
C:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\5bb1246-6499db37 moved successfully.
C:\Users\Chris\Downloads\setup.exe moved successfully.
C:\Users\Chris\Downloads\Shopping List 2.exe moved successfully.
C:\Users\Chris\Downloads\Your_file_download (1).exe moved successfully.
C:\Users\Chris\Downloads\Your_file_download (2).exe moved successfully.
C:\Users\Chris\Downloads\Your_file_download.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris
->Temp folder emptied: 4908754 bytes
->Temporary Internet Files folder emptied: 204997326 bytes
->Java cache emptied: 2057208 bytes
->FireFox cache emptied: 95129884 bytes
->Google Chrome cache emptied: 107607670 bytes
->Flash cache emptied: 8583424 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10028316 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 413.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12012013_165833

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

And the OTL.txt:
OTL logfile created on: 12/1/2013 5:29:24 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = c:\Users\Chris\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.09% Memory free
6.19 Gb Paging File | 4.99 Gb Available in Paging File | 80.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.46 Gb Total Space | 118.24 Gb Free Space | 53.15% Space Free | Partition Type: NTFS
Drive D: | 10.42 Gb Total Space | 1.73 Gb Free Space | 16.58% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/27 18:57:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\Chris\Downloads\OTL.exe
PRC - [2013/11/25 03:14:17 | 000,829,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
PRC - [2013/09/23 00:17:34 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/09/23 00:17:30 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 00:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 14:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/03/18 01:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/15 13:17:24 | 000,442,433 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe
PRC - [2008/01/20 21:25:00 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\vdsldr.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/29 23:58:27 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3327.19637__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2013/11/29 23:58:26 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3327.19623__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2013/11/29 23:58:26 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3327.19642__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2013/11/29 23:58:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3327.19631__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2013/11/29 23:58:24 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3327.19640__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2013/11/29 23:58:23 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3327.19704__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2013/11/29 23:58:22 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3327.19667__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2013/11/29 23:58:20 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3327.19726__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2013/11/29 23:58:20 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3327.19681__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2013/11/29 23:58:18 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3327.19630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2013/11/29 23:58:16 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3327.19727__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2013/11/29 23:58:09 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3327.19688__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2013/11/29 23:58:08 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3327.19688__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2013/11/29 23:58:08 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3327.19687__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2013/11/29 23:58:05 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3327.19726__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll
MOD - [2013/11/29 23:58:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3327.19725__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2013/11/29 23:57:48 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3327.19698__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2013/11/29 23:57:47 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3327.19669__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2013/11/29 23:57:47 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3327.19668__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2013/11/29 23:57:45 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3327.19642__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2013/11/29 23:57:43 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3327.19678__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2013/11/29 23:57:42 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3327.19632__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2013/11/29 23:57:42 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3327.19678__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2013/11/29 23:57:39 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3327.19643__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2013/11/29 23:57:38 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3327.19646__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2013/11/29 23:57:36 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3327.19647__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2013/11/29 23:57:35 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3327.19680__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2013/11/29 23:57:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3327.19680__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2013/11/29 23:57:34 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3327.19663__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2013/11/29 23:57:33 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3327.19667__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2013/11/29 23:57:31 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3327.19668__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2013/11/29 23:57:30 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3327.19668__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2013/11/29 23:57:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2013/11/29 23:57:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2013/11/29 23:57:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2013/11/29 23:57:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2013/11/29 23:57:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2013/11/29 23:57:26 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2013/11/29 23:57:26 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2013/11/29 23:57:22 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2013/11/29 23:57:22 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2013/11/29 23:57:21 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2013/11/29 23:57:21 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2013/11/29 23:57:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll
MOD - [2013/11/29 23:57:21 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2013/11/29 23:57:20 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2013/11/29 23:57:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2013/11/29 23:57:20 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2013/11/29 23:57:19 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2013/11/29 23:57:19 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2013/11/29 23:57:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2013/11/29 23:57:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2013/11/29 23:57:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2013/11/29 23:57:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2013/11/29 23:57:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2013/11/29 23:57:17 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2013/11/29 23:57:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2013/11/29 23:57:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2013/11/29 23:57:15 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2013/11/29 23:57:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2013/11/29 23:57:10 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2013/11/29 23:57:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2013/11/29 23:57:08 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2013/11/29 23:57:08 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2013/11/29 23:57:07 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2013/11/29 23:57:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2013/11/29 23:57:06 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2013/11/29 23:57:05 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2013/11/29 23:57:04 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2013/11/29 23:57:03 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2013/11/29 23:57:03 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2013/11/29 23:57:02 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll
MOD - [2013/11/29 23:57:01 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2013/11/29 23:57:01 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2013/11/29 23:57:01 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3327.19746__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2013/11/29 23:57:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3327.19736__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2013/11/29 23:56:58 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2013/11/29 23:56:58 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2013/11/29 23:56:58 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3327.19620__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2013/11/29 23:56:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2013/11/29 23:56:56 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3327.19720__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2013/11/29 23:56:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2013/11/29 23:56:55 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2013/11/29 23:56:54 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3327.19718__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2013/11/29 23:56:53 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2013/11/29 23:56:53 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2013/11/29 23:56:52 | 000,532,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3327.19714__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2013/11/29 23:56:52 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3327.19636__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2013/11/29 23:56:51 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3327.19622__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2013/11/29 23:56:50 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2013/11/29 23:56:49 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3327.19621__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2013/11/29 23:56:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2013/11/29 23:56:44 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3327.19627__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2013/11/29 23:56:43 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2013/11/29 23:56:42 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2013/11/29 23:56:41 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3327.19621__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2013/11/29 23:56:41 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3327.19719__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2013/11/29 23:56:40 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2013/11/29 23:56:38 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3327.19619__90ba9c70f846762e\APM.Server.dll
MOD - [2013/11/29 23:56:33 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3327.19620__90ba9c70f846762e\AEM.Server.dll
MOD - [2013/10/10 03:09:25 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/10/10 03:07:19 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/08/15 22:29:30 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/15 22:29:09 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 22:26:50 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/15 22:25:42 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/15 22:22:28 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/12 06:32:44 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
MOD - [2013/07/12 06:26:10 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/02/08 19:47:56 | 000,159,744 | ---- | M] () -- C:\WINDOWS\System32\atitmmxx.dll
MOD - [2008/10/29 17:34:28 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2007/04/15 23:56:10 | 000,389,120 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll


========== Services (SafeList) ==========

SRV - [2013/11/27 17:24:08 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/25 03:14:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/07/23 18:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 14:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/03/09 00:10:32 | 030,798,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/12/13 04:44:32 | 000,544,840 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/18 13:47:00 | 002,370,448 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Stopped] -- C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/10/31 10:00:15 | 000,435,528 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2011/10/25 11:51:56 | 000,043,848 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Sage\Peachtree\SmartPostingService2011.exe -- (Peachtree SmartPosting 2011)
SRV - [2008/04/15 13:18:38 | 000,221,239 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\stacsv.exe -- (STacSV)
SRV - [2008/03/26 17:26:56 | 000,341,328 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/12 15:05:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_030ac640\AEstSrv.exe -- (AESTFilters)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (aoloa0q7)
DRV - [2013/11/23 01:30:40 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/09/10 00:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/05 00:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 00:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 00:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 00:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 00:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 00:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/05/19 21:52:37 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2013/03/21 02:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/12/13 04:28:44 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2012/12/13 04:26:38 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2012/12/13 04:26:38 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\acsint.sys -- (acsint)
DRV - [2009/02/08 21:06:20 | 004,172,800 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/09/04 01:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/05/13 21:09:00 | 007,443,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/13 21:09:00 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/15 13:19:54 | 000,378,368 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/04/15 05:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/11 12:55:04 | 000,084,240 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/27 15:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 15:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2007/07/11 12:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 02:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{053CB6B2-90F2-4A3F-A7DA-69E49DDE3597}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D6A46D9-5333-4F75-BDDB-D177867B0C4E}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{053CB6B2-90F2-4A3F-A7DA-69E49DDE3597}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{8D6A46D9-5333-4F75-BDDB-D177867B0C4E}: "URL" = http://search.yahoo....ing}&fr=hp-pvnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....fr&d=2013-08-26 21:24:56&v=15.6.1.2&pid=safeguard&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/10 08:37:54 | 000,000,000 | ---D | M]

[2011/11/08 18:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2013/11/27 17:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\wpufm3lp.default\extensions
[2013/09/06 21:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/27 17:24:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/27 17:24:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/23 01:44:18 | 000,003,741 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chris\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: HP Product Detection Plugin = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\2.0.5.6_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Feedly - News, Blogs and Youtube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob\18.1_0\
CHR - Extension: Google Maps = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: RHCP = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mogcbkkjhojimpkmhbpndncicbcfigid\1.0_0\
CHR - Extension: Google Wallet = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: My Chrome Theme = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/11 17:57:53 | 000,001,161 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 forum.alcohol-soft.com
O1 - Hosts: 127.0.0.1 support.alcohol-soft.com
O1 - Hosts: 127.0.0.1 users.alcohol-soft.com
O1 - Hosts: 127.0.0.1 shop.alcohol-soft.com
O1 - Hosts: 127.0.0.1 vodka.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.com
O1 - Hosts: 127.0.0.1 *.alcohol-soft.*
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0819543E-146D-4416-8CDE-A68597624A77}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8DA66C-C24A-49EF-B3BB-7F784FC0114A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B72DD6A-D65E-4A6A-A9E0-50489A711B2A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{87E9FAAC-BFD4-4AF9-B109-3D504B0C3289}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/10 08:11:44 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{44229e24-6ac8-11e1-8a5e-001eecf4b2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{4b2a77ef-c0f9-11e2-8ae5-001eecf4b2ed}\Shell - "" = AutoRun
O33 - MountPoints2\{4b2a77ef-c0f9-11e2-8ae5-001eecf4b2ed}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{cc973cc0-02d5-11e3-93df-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/01 16:58:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/30 07:10:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\openvr
[2013/11/30 07:06:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ATI
[2013/11/30 07:06:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ATI
[2013/11/30 07:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/11/29 23:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013/11/29 23:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/11/29 23:53:39 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/11/29 23:51:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/11/29 23:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/11/29 23:32:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics
[2013/11/28 19:00:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/27 12:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/11/27 12:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/11/25 10:49:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Macromedia
[2013/11/25 03:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/11/25 01:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2013/11/25 01:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013/11/25 01:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/11/25 01:20:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/11/25 00:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/11/24 14:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2013/11/24 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\InstallShield
[2013/11/24 13:51:57 | 000,000,000 | ---D | C] -- C:\DRIVERS

========== Files - Modified Within 30 Days ==========

[2013/12/01 17:29:28 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000UA.job
[2013/12/01 17:21:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/01 17:21:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/01 17:21:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/01 17:20:56 | 3216,211,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/01 17:14:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/30 18:29:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1961090724-942705277-1128008459-1000Core.job
[2013/11/30 07:08:33 | 000,608,660 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/30 07:08:33 | 000,105,842 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/30 07:02:39 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/11/29 23:32:10 | 000,008,268 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2013/11/29 22:10:07 | 000,036,140 | ---- | M] () -- C:\Users\Chris\Desktop\chefme.jpg
[2013/11/29 21:26:25 | 000,000,079 | ---- | M] () -- C:\Windows\wininit.ini
[2013/11/28 19:15:15 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/11/27 19:31:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/11/27 12:40:35 | 000,000,720 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/27 12:28:13 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/25 11:09:18 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/25 01:53:40 | 000,411,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/25 01:23:39 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2013/11/24 14:13:13 | 000,997,978 | ---- | M] () -- C:\Windows\System32\oem19.inf
[2013/11/24 14:11:23 | 000,006,656 | ---- | M] () -- C:\Windows\System32\bcmwlrc.dll
[2013/11/23 21:54:41 | 000,002,044 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/23 21:54:39 | 000,002,042 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk
[2013/11/23 21:49:30 | 000,249,739 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/11/23 21:48:37 | 000,249,739 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/11/23 01:42:36 | 000,071,168 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/23 01:30:40 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

========== Files Created - No Company Name ==========

[2013/11/30 07:02:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/11/30 07:02:37 | 3216,211,968 | -HS- | C] () -- C:\hiberfil.sys
[2013/11/29 22:10:07 | 000,036,140 | ---- | C] () -- C:\Users\Chris\Desktop\chefme.jpg
[2013/11/29 21:26:00 | 000,000,079 | ---- | C] () -- C:\Windows\wininit.ini
[2013/11/28 19:15:15 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2013/11/27 12:40:35 | 000,000,720 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/11/27 12:28:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/11/25 02:28:32 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/25 01:23:39 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2013/11/24 14:13:49 | 000,997,978 | ---- | C] () -- C:\Windows\System32\oem19.inf
[2013/11/24 14:11:42 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2013/11/23 15:05:51 | 000,218,228 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2013/09/29 16:38:11 | 000,000,495 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013/05/19 22:15:01 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2013/04/18 17:25:16 | 000,188,468 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/05/25 18:17:09 | 000,034,814 | ---- | C] () -- C:\Users\Chris\AppData\Local\dt.dat
[2012/01/28 11:19:31 | 000,008,268 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/11/14 00:28:17 | 000,071,168 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/08 10:09:37 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011/11/08 10:09:32 | 000,249,739 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/16 13:03:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG2013
[2013/11/23 01:38:48 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Azureus
[2013/07/21 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools Pro
[2013/05/27 08:53:45 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Firaxis Games
[2013/08/10 08:48:50 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\LolClient
[2013/07/21 21:34:27 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\My Games
[2013/11/30 07:10:28 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\openvr
[2013/09/29 17:11:06 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Peachtree
[2013/08/05 09:58:26 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Riot Games

========== Purity Check ==========



< End of report >
  • 0

#12
DonnaB
Posted 01 December 2013 - 06:12 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Perfect! Let's remove the tools:

OTL Clean-Up

Right click on the Posted Image icon on your desktop and choose Run as administrator to open the main window.

Next click on the Posted Image button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.

This will remove most of the programs we have used including itself.

If there are any left over tools or logs on your computer please delete them now.

Clear Restore Points

Go Start > All Programs > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press System Restore and Shadow Copies Cleanup button

Uninstall AdwCleaner

Double-click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.

Uninstall ESET online scanner

  • Go to Start > Control Panel > Programs and Features
  • Look for ESET online scanner in the list, click to highlight then uninstall.
    Next:
  • Go to Start > Computer > Local Disk C: > Programs Files
  • Look for the ESET folder, right click and delete.

Make sure to follow through with the outdated Adobe Reader. Outdated software are invitations for infections and Adobe Reader is a vulnerable piece of software.

Let me know when you have completed the above steps and we'll look into your slow boot issues.

Thank you,
Donna :)
  • 0

#13
CZ2761
Posted 01 December 2013 - 06:43 PM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
Alright, everything is removed :D
  • 0

#14
DonnaB
Posted 01 December 2013 - 06:50 PM

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 8,529 posts
Great! Now. Explain to me when the slowness occurs in detail, such as before Windows loads, during, after, etc. What happens from the time you boot the system till Windows actually boots?

Are you still experiencing slow to connect to the wireless? Mine does that but it could be because I have so many computers connected. It's kinda like turning the clothes washer on and trying to take a shower and wash dishes at the same time, if you know what I mean. The water pressure is just not what you would like for it to be.
  • 0

#15
CZ2761
Posted 03 December 2013 - 09:50 AM

CZ2761

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
The laptop begins booting normally until I get to the Vista welcome screen. It just says "Welcome" with the small spinning loading graphic. It stays on that screen for about 2 minutes, and then the screen goes black and the mouse cursor appears (this is right before it loads the desktop). The laptop will stay on this black screen for about 3-4 minutes, and then the desktop will load.

The wireless connects immediately. Once the desktop loads, the wireless is already connected and everything runs fine.

I hope this helps! Thanks again :D !
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP