scottlad Posted November 18, 2012 Author Posted November 18, 2012 yea i cleared the avg with that thing.ive changed google chrome to desktop.dont have firefox.im just downloading quick time update.it flashed up on my screen.ill do the otl when thats finished and post results.so what do you think of when im watching utube vids,if i scroll down to comments the vid plays perfect.only prob there i can here it but not see it lol Quote
Starbuck Posted November 18, 2012 Posted November 18, 2012 If you are using Chrome to watch youtube videos, try using Internet Explorer and see if it's still the same. Also take a look at this link and see if it helps. http://support.google.com/youtube/bin/answer.py?hl=en&answer=56115 Quote Member of:UNITE
scottlad Posted November 18, 2012 Author Posted November 18, 2012 OTL logfile created on: 18/11/2012 20:38:15 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.75 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 58.14% Memory free 3.74 Gb Paging File | 3.01 Gb Available in Paging File | 80.51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.28 Gb Total Space | 94.51 Gb Free Space | 67.85% Space Free | Partition Type: NTFS Computer Name: TONI_BABEE-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Users\Administrator\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\atitmmxx.dll () ========== Services (SafeList) ========== SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys () DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{D0B32FED-7B88-4D29-A717-2F8442578FCE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/28 21:47:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ ========== Chrome ========== CHR - homepage: http://www.google.co.uk/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.co.uk/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.3_0\ CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/11/17 14:31:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control) O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D76F5822-7F1C-4008-8C03-00DB33481E3B}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/11/18 20:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/18 20:18:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012/11/18 20:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/11/18 20:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2012/11/18 20:09:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/11/17 19:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012/11/17 19:29:56 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2012/11/17 19:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/11/17 14:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012/11/17 14:49:20 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012/11/17 14:49:20 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/11/17 14:48:56 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/11/17 14:48:56 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/11/17 14:48:56 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012/11/17 14:29:56 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/17 14:19:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013 [2012/11/16 14:53:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes [2012/11/16 14:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/16 14:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/16 14:53:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/11/16 14:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/11/16 14:49:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer [2012/11/16 08:25:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/11/16 08:24:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/11/16 08:24:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/11/16 08:24:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/11/16 08:24:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/11/16 08:24:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/11/16 08:24:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/11/16 08:24:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/11/15 22:36:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012/11/15 22:36:16 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/11/14 03:25:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverFinder [2012/11/12 01:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup [2012/11/12 01:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2012/11/09 17:01:15 | 000,022,912 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe [2012/11/08 22:54:11 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012/11/07 21:39:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI [2012/11/07 21:39:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI [2012/11/07 01:27:53 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/11/07 01:27:53 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/11/07 01:02:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software [2012/11/07 00:29:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\MFAData [2012/11/05 14:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2012/11/05 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/11/05 14:20:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/11/05 14:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue [2012/11/05 14:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012/11/05 14:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/11/05 14:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue [2012/11/05 13:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Vittalia [2012/10/25 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sony [2012/10/25 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sony [2012/10/25 22:21:26 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012/10/25 22:20:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012/10/25 22:20:21 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012/10/25 22:20:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012/10/25 22:19:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012/10/25 22:19:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012/10/25 22:19:29 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012/10/25 22:19:29 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012/10/25 22:19:28 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012/10/25 22:19:28 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012/10/25 22:19:28 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012/10/25 22:19:27 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2012/10/25 22:19:21 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2012/10/25 22:07:07 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2012/10/25 22:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012/10/25 22:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012/10/25 22:01:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll [2012/10/25 22:01:29 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax [2012/10/25 22:01:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax [2012/10/25 22:01:28 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax [2012/10/25 21:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/10/25 21:56:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google [2012/10/25 21:56:26 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll [2012/10/25 21:55:16 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll [2012/10/25 21:55:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll [2012/10/25 21:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix [2012/10/25 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Citrix [2012/10/25 21:15:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple [2012/10/25 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia [2012/10/25 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe [2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches [2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/10/25 20:49:37 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012/10/25 20:49:36 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012/10/25 20:49:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities [2012/10/25 20:49:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data [2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data [2012/10/25 20:49:12 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop [2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/10/25 20:49:12 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData [2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp [2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla [2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help [2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft [2012/10/25 20:49:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012/10/25 20:49:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012/10/25 20:48:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012/10/25 20:48:27 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012/10/25 20:48:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012/10/25 20:42:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps [2012/10/25 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\IObit [2012/10/25 03:12:26 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2012/10/25 03:12:26 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts ========== Files - Modified Within 30 Days ========== [2012/11/18 20:39:20 | 000,003,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/18 20:39:20 | 000,003,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/18 20:36:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012/11/18 20:36:38 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/18 20:36:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/18 20:19:55 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/18 20:19:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/18 20:19:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe [2012/11/18 20:07:23 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/17 19:32:20 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif [2012/11/17 14:48:31 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012/11/17 14:48:28 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2012/11/17 14:48:28 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012/11/17 14:48:28 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012/11/17 14:48:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012/11/17 14:48:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012/11/17 14:31:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012/11/16 14:53:18 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/16 10:43:18 | 000,293,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/11/16 10:12:44 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/16 10:12:44 | 000,121,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/14 03:38:30 | 000,003,584 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/14 03:36:59 | 000,000,940 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012/11/09 17:12:07 | 000,000,000 | ---- | M] () -- C:\asc_rdflag [2012/11/08 22:53:59 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012/11/07 01:27:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/11/07 01:27:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012/11/05 14:46:52 | 000,001,997 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/11/05 14:46:52 | 000,001,973 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk [2012/10/25 20:10:04 | 000,000,945 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/10/25 11:01:29 | 000,000,086 | ---- | M] () -- C:\Windows\System32\_system.ini [2012/10/25 03:12:26 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx [2012/10/25 03:12:26 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts ========== Files Created - No Company Name ========== [2012/11/18 20:19:55 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/17 19:32:20 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif [2012/11/17 19:31:52 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012/11/16 14:53:18 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/14 03:36:59 | 000,000,940 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2012/11/09 17:12:07 | 000,000,000 | ---- | C] () -- C:\asc_rdflag [2012/11/09 04:05:37 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/07 01:27:59 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/10/25 21:59:48 | 000,001,997 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/10/25 21:59:48 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk [2012/10/25 21:56:49 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/10/25 21:56:46 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/10/25 20:49:48 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/10/25 20:49:45 | 000,000,946 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2012/10/25 20:49:31 | 000,000,917 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012/10/25 20:49:13 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/10/25 20:49:13 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012/10/25 20:10:04 | 000,000,945 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/10/25 11:01:29 | 000,000,086 | ---- | C] () -- C:\Windows\System32\_system.ini [2011/02/15 20:59:51 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe [2011/02/15 20:59:51 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys ========== ZeroAccess Check ========== [2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Quote
scottlad Posted November 18, 2012 Author Posted November 18, 2012 OTL Extras logfile created on: 18/11/2012 20:38:15 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1.75 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 58.14% Memory free 3.74 Gb Paging File | 3.01 Gb Available in Paging File | 80.51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 139.28 Gb Total Space | 94.51 Gb Free Space | 67.85% Space Free | Partition Type: NTFS Computer Name: TONI_BABEE-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- Reg Error: Key error. File not found [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{001ABF0F-C70E-4D2D-8B40-23DD108507CA}" = lport=445 | protocol=6 | dir=in | app=system | "{01060D68-1F5A-4024-8EE5-5289D85D00F9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{0178A097-CC23-4998-AF7D-58E0B32A9090}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | "{0586EC97-CF19-47FD-8968-BE72D4E0252E}" = lport=445 | protocol=6 | dir=in | app=system | "{07061314-1B91-433F-966B-709A7617C548}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{08C3FDCE-3C4C-4A30-B56D-47935C2E325C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{1317736D-F315-451D-963B-1C85266F8E16}" = rport=1701 | protocol=17 | dir=out | app=system | "{141A06EE-9EB8-44DE-AF13-2DFE59E1A1BE}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe | "{19F5A4D7-CA7F-4B51-9D17-4135F9D1C00C}" = rport=137 | protocol=17 | dir=out | app=system | "{1A057CE5-4338-42B3-9BC3-7C45F4D595E9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{1B7E37B8-010B-4DB1-ACD8-3C3A470FA9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{1C9DC42C-B4A5-443B-A488-151B6C893128}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe | "{23AA4105-991A-463E-B8DB-DF2E15CA4794}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{243D1901-3DFD-4389-8B37-484D8ADC4BD2}" = lport=139 | protocol=6 | dir=in | app=system | "{250486F8-D99D-4E77-9BB1-E32B19F79ED6}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe | "{2E07FF1B-2723-4DCE-B4E3-9CD4200A9490}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | "{32992451-BA2A-471D-8056-84B3EC5B566E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) | "{32AEA606-63AB-485E-BD51-17AED3D27E33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{32E60633-0CCC-4BE7-8240-6D25AF9FDB23}" = rport=139 | protocol=6 | dir=out | app=system | "{355DC2AC-0E68-467A-A39F-3D1BAD4F57CE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{375E6F55-5971-4690-B884-39C849BB7DFE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{40294166-DB8F-4838-B283-82596E5BBD9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | "{413F8CF8-5435-4A71-A798-686516D0528A}" = lport=445 | protocol=6 | dir=in | app=system | "{42C606CE-9EA0-4CC2-B0EA-C789C36203A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe | "{4425B760-7102-428D-AB94-5E4F9D7DF890}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe | "{4664E99C-D3BA-4541-A8D0-EED86250E044}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{4698080B-9F9C-4C2B-8C6E-30EEB7D03974}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{4CE3F259-4F82-4816-834F-E253584353DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{4CECE909-0C8A-4121-A006-233811BDEF97}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{4F34FEF4-9787-4675-AEDD-A452EB861609}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{56FC6BD1-23A2-4A91-9B5E-509A10BBE470}" = lport=445 | protocol=6 | dir=in | app=system | "{58DD7608-A0AF-48CC-8C8C-3239814AD868}" = lport=2178 | protocol=6 | dir=in | app=system | "{638026E4-7D36-4F01-80B1-5AFF6D871370}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{639C2BDE-324A-4A33-A14F-1721ECCB0E33}" = lport=5985 | protocol=6 | dir=in | app=system | "{6466916F-9AAE-46C7-B30C-BE17375BAEE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{64A25623-348D-4AA8-BDB3-234EFBF5DD6C}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe | "{64DABCCF-0AB5-471E-B721-C3DEF6B06C67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{65ADF8BB-C282-4571-B94F-DB397492A0B4}" = lport=443 | protocol=6 | dir=in | app=system | "{66B1FE7E-4CD3-46FD-BD63-ADA4218D1D22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{67160146-8D9C-4202-8D82-CDC2B921D23E}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe | "{697972D1-1EE5-4CAC-BF66-2F71C6BAB09A}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe | "{6C7721B7-2B26-4744-B15C-E1CDDCCFD573}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | "{6C9F0ED7-403F-4823-80A8-901FB1B9D268}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe | "{6DCA92A4-083C-444F-8B55-1C5DD84D0A0D}" = lport=445 | protocol=6 | dir=in | app=system | "{7A5D1940-F2D1-4BBB-AB9A-79974B161A4C}" = rport=445 | protocol=6 | dir=out | app=system | "{7B61A224-7114-4FBA-9D50-5E15FBA2510D}" = lport=80 | protocol=6 | dir=in | name=windows remote management - compatibility mode (http-in) | "{83543D3D-FD4B-4D85-99AB-15C73FADC0A1}" = rport=10243 | protocol=6 | dir=out | app=system | "{844EFC98-C56B-4182-BDC1-DA707B7364D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{89F924B4-351B-406D-A60D-120B7CB166E6}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{8F33BAD7-B253-49BD-90FF-B02DE847CE59}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | "{9247F10E-A258-49F4-8FCB-7D07405CFB9E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{943B063A-A744-4C3C-AE01-031C04235EF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{95E10138-4522-430D-BD95-2850F15DF80C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{972067EE-7CA4-4B76-9776-6133F93D9104}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{99B9680B-3EA4-48A4-B376-5AC4FFF2FBE2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{9B27DDAD-D476-476A-831C-56E158CEE759}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{9DF1E949-4759-4CC1-912D-9173A48730DB}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe | "{9E0DE7DB-FB6C-425E-B8D2-BE74E029249E}" = lport=2869 | protocol=6 | dir=in | app=system | "{A1EC6AF3-65C4-4FDF-BFFD-062FBACCB2BA}" = lport=2869 | protocol=6 | dir=in | app=system | "{A237D85F-6B54-4A50-915F-0C919BCE53E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{A2BA8724-D255-44AA-AB92-307C126D02D4}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe | "{AAA12CED-E482-48D2-957F-63B3E16BD5F9}" = lport=1701 | protocol=17 | dir=in | app=system | "{AD0F5816-A95A-454E-908A-47A3BF720C2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{B0C90E8A-0074-4F13-9EB4-59EA7B525542}" = rport=138 | protocol=17 | dir=out | app=system | "{B31E745A-F7FE-4F15-8EBE-BB3D27517954}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe | "{B4FC8F65-9BF5-4BAB-9B2E-A86D07200AF9}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe | "{C0933505-4287-4724-B70A-81301D937D7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{C6ACCB76-ACAB-4E46-AFA5-57BF21C29B58}" = rport=2178 | protocol=6 | dir=out | app=system | "{C8873CC7-627F-492C-BF1B-2DA370DE1787}" = rport=1723 | protocol=6 | dir=out | app=system | "{C906585E-4DD1-436C-9616-20C8AEDDC5B5}" = lport=137 | protocol=17 | dir=in | app=system | "{C9F788E0-CBB4-47E9-A902-AE66FFE73E6C}" = lport=1723 | protocol=6 | dir=in | app=system | "{CF3DC892-ADC4-4397-A720-7175F9677567}" = lport=2869 | protocol=6 | dir=in | app=system | "{D28E37CE-D317-4DDD-B745-E095CFCD8F90}" = lport=138 | protocol=17 | dir=in | app=system | "{DC937F96-5ECF-4A9E-9D61-5E9744B490B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{EB71D66E-6BE6-41C2-8FD3-009D8EB3181C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe | "{EF8B7FCF-39E7-4D71-98C3-7E03B5648EEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{F126BF91-AFE3-4772-928E-4904E87F1D43}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe | "{F5ED1BF5-5778-4B5F-9629-899DF7784B9B}" = lport=10243 | protocol=6 | dir=in | app=system | "{F6C3666D-0720-4347-A06D-B9B74B9F628E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | "{F8C33ACE-8894-4A9B-95BD-5EFF0762111D}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe | "{FADEA44A-E080-43FC-A445-E3CACA913C9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{FB790FE0-035A-449A-BE68-729C5E7F285D}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe | "{FBFF1650-B7B4-40AD-BFE0-32505E5F7559}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F5D139-6E81-4F03-97DD-7DA150DE592B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{0F6599D7-B03F-4589-A520-1DB3068E484D}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | "{0F93EB82-8F59-44B6-9C83-F139B6D8833D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{0FF24AF4-40D9-4056-B486-08094C973DC3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{132B00A1-945B-423C-92EE-74B1B11CE18E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{172F9ECB-8E6C-40AB-B685-1498EEB88EDD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{17B898DD-5C65-41F9-B9A6-9E3770546C56}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{1F43E424-BDF6-4C74-BF9B-4D0E5E91CCF3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{2186F135-EFD3-423F-A146-A51B8843C1C1}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe | "{2265C24D-2A2D-4D70-ACCA-C9D16583B69C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{26C7F19D-FAA9-41FA-9A87-AF39472BDFAF}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | "{2C34E3D4-3A51-43D6-815F-5F8BD2312EF7}" = protocol=6 | dir=out | app=system | "{2EAE9CE6-1F30-4CF6-94A0-4286A8C51C87}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe | "{32944EC5-C19C-49BC-8224-A7D2CCB670C6}" = protocol=6 | dir=out | app=system | "{39A4C846-61BB-4CE2-902C-2EECCCEF57E9}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | "{3E66AAF2-63B1-4C0D-A57D-BBD0475608A3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{3E9E78F0-DEF1-48F5-BDE2-C95045961E48}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe | "{3F7EE3DD-184B-4188-AA9B-90733F7EABA6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{3FAE2D78-C45F-4006-843D-4E12AD0E9C5F}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) | "{471DBA10-25FC-4A4F-BC3F-6F0C75F81EFE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{4B0A9E7C-E53C-492E-9199-E14F8F958899}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe | "{516193E8-8ACA-4CB4-8EF0-532EA10D14AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{540D9A34-3555-430D-B44F-87237DAFF8AD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{572CB1CF-4BCC-4089-A87D-799D38BAD966}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5C88BB7A-B78E-4A06-951B-6D3725362717}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe | "{5E066AB0-0CD2-42FC-B5E1-358D8F1D144B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{5ED2AB85-4DBC-4A5E-A895-3D20988D09A9}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | "{60533F90-DB5C-4C2A-8B49-C1E6239E5C60}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{6377F93B-452C-4C36-AAE8-4AE7B654BB5B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe | "{6AB12C0F-7296-4904-82A8-F7DBB734FE06}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{6C1EA08A-2A8B-40E4-B495-90DBB4E63230}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{727FF443-35E6-47FA-8E6B-E32020F9026E}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) | "{7651C3E1-168B-4084-AB01-34EC7241A1EE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{76768A75-7456-47CC-B506-E6E58878EABF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{791D963B-7FC0-453D-8145-9B37EF36894C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{7B3D87C3-4182-4BDC-9BF2-FDD72DCEFB37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8080000B-4928-4D42-B8B4-043210056BFB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{810DC852-B8AB-4076-878A-BC79C04B87B9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{89326CC5-7C8E-40E3-8233-D5F4BBD35C4C}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe | "{9031F3B8-1D3B-4C92-83D7-6101E8BBFD5B}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | "{91B16C83-2488-43E7-BE54-7A21264A55F5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{94180BA9-CFA5-4BF3-B2DF-8DCDFDD3C6C1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{948EB7ED-60C2-4F4F-8FC7-E15E70386E34}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{98C312C0-275E-49F3-9047-B4F1CC3ECFC8}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe | "{9A6B29AB-4458-457F-890E-3E7EC55221C8}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{9E817773-886A-4EE9-983C-C19C00DEC499}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{A00275BE-ACB0-449B-97CD-B894B2E69E8A}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe | "{A3354185-03DF-4375-BE24-5FED2E2376F8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{A3A3407F-6FA7-4C36-B7C3-AD9C8071563D}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe | "{A6454EC7-8D4B-4B3F-AD08-2EBFEFBB7427}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe | "{AAB03878-E6A5-49A6-93FF-8535793CCCBD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{B3DBCAD0-C648-4A60-9B7D-5756D132E0E3}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{B41E871D-9483-4DEC-B2FF-259EE5890A52}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | "{B74012BF-EA3B-4B5C-AAEE-F67DFE3A6F33}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{B7BAA7A0-D68C-4EC6-A157-7D44B104F1F8}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe | "{C1DAA8F0-48F6-4107-9D38-27953ED7E840}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{C5E2C926-4C95-4E26-B5E4-B94F3FE4B46F}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | "{C7134712-71F9-4A36-959C-B6C31404E0FA}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{CA8B55E3-EE43-48AC-85CB-9BF7EA93F99B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{CDEEDCE3-3E07-4099-80A7-4E28CB247587}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) | "{D836F0FA-EC61-476E-B4C2-8CC1993E3F6D}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe | "{E3F78BDC-1E17-49CC-B9EC-386D22CB5E12}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe | "{E4884744-BAB9-4EB7-BF11-6A695007A7D0}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe | "{E4B2E4DC-2B3C-436D-8351-540C7D1EB6F8}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) | "{EA24A832-72B7-4FD3-8B82-B7609F513436}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{EA3A8818-9761-4D6F-9A84-24013BA80B6C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{EA8BA2D7-BCAA-44AD-93D4-338301B5DBBD}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe | "{F259C063-DB55-4436-B13D-88A409754C21}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{F319706B-E364-4C89-AF57-2B95DC205BC6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe | "{FB8E47A1-E532-40D3-A4AD-D3B0B8DA73C8}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08715547-A3E5-D54A-C7C3-84348C0624EE}" = Catalyst Control Center Localization Portuguese "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0B473FE5-A37A-FAEC-375A-DF7FACB974C2}" = Catalyst Control Center Localization Swedish "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{1985865F-013F-E7E0-64C1-D426A0AE2C8E}" = CCC Help Czech "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D25EB8B-61CD-2936-D6F6-596C9278F2F0}" = Catalyst Control Center InstallProxy "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7D7D0A-5696-F1AA-8967-C780DA8C3536}" = Catalyst Control Center Localization Chinese Traditional "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20385C16-2E18-7874-A4F6-68D0B14CFD2D}" = Catalyst Control Center Graphics Light "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs "{223CADD2-5E02-350D-C7D9-1092D38CF049}" = CCC Help Dutch "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9 "{27E957E9-D6DF-1C12-EA88-81DDA54508FB}" = Catalyst Control Center Localization Italian "{27FB1657-2F26-955B-34D3-381323E159B6}" = Catalyst Control Center Graphics Full Existing "{2893110C-5623-20C0-4D99-4F717F16FC81}" = Catalyst Control Center Graphics Full New "{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety "{29BC0BC3-CCC0-39C5-21F9-F17230F1F4F3}" = ccc-core-static "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2) "{2B9FEAEC-EB33-99FE-B582-33A45D272F03}" = Catalyst Control Center Localization Russian "{2D8E1E31-5B41-11C8-C88C-E69106AA5EC1}" = CCC Help Spanish "{2E9A0D49-B758-638C-3639-896041E683F8}" = Catalyst Control Center Localization Finnish "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{31BAC22A-0717-F8CE-FC67-F74B57C71460}" = CCC Help German "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3A2CC72F-DDE4-A81E-475D-DA286113652C}" = Catalyst Control Center Graphics Previews Vista "{3AC21843-7DB1-8BF6-88AC-330BC2B7DA8E}" = CCC Help Japanese "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013 "{44454932-7EE9-2903-549F-45CFF97D2B82}" = CCC Help Korean "{44D077C3-A31F-CD46-499B-7BF1D8B2C4ED}" = CCC Help Thai "{463E4C5C-77EE-EBD6-7798-5FB2DB3DA5CC}" = CCC Help Danish "{47A0A904-290D-315F-F90D-8CCDA69B18F9}" = Catalyst Control Center Localization Polish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{513BA0B0-248A-A705-89EF-866C4D3B86A7}" = Catalyst Control Center Localization Turkish "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English) "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{608E2E77-C78D-072A-28E2-71E62BF54592}" = Catalyst Control Center Localization Dutch "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant "{6251545D-5058-CB7F-D93A-F87A192A4378}" = CCC Help Portuguese "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6A0BE0CF-B901-4C81-B308-6C08B393C2AC}" = Catalyst Control Center Localization Hungarian "{6FC25653-65CC-0B75-1C14-676342A15259}" = Catalyst Control Center Localization Chinese Standard "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73706EE4-90E4-A65B-40BD-86672156A626}" = Skins "{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7766AA5D-3DB1-A633-92A2-0CA13E2568DD}" = CCC Help French "{78386976-46A3-F5C3-36B4-98280F3B81E7}" = CCC Help Turkish "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{796F53F9-A098-3ED2-A4FC-E1C24430A243}" = Catalyst Control Center Localization Japanese "{7ECB1FE2-408E-D314-D812-0FC3FA048C61}" = CCC Help Hungarian "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{7F9ADEE3-E5E0-34A5-345A-590BC90D4E33}" = CCC Help Italian "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012 "{81E55AB8-83FC-C7D7-F599-B8C9AA9BD207}" = CCC Help Russian "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CE5A7A2-BC80-EFD3-6489-E92A2BCB1BF2}" = ccc-utility "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2DB513F-A9AA-D30F-B00D-B6C3056F5608}" = Catalyst Control Center Localization Norwegian "{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter "{A68341CE-7AB6-3984-420A-D197E6BB72E7}" = CCC Help Greek "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{ADF34BD2-879C-63EA-1C7E-2F2CDA9E5950}" = CCC Help Chinese Standard "{AEEDFE42-D580-54D6-6947-E805FD5CECCB}" = CCC Help English "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF18FA75-1239-B316-AED9-08151CB34737}" = Catalyst Control Center Localization Korean "{AF7AA100-3160-480B-DB62-BABE42A6B618}" = CCC Help Norwegian "{B0C037F9-7BD7-6417-6ADF-A08EEC011AF0}" = CCC Help Swedish "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012 "{BD7D29B1-903C-45DB-2685-C154C17FDDA5}" = ATI Catalyst Install Manager "{BF7AB326-92C8-C250-5B99-0DB96A2634D9}" = Catalyst Control Center Localization Greek "{C17F7063-4BBC-EC05-4312-7F33DA5641E0}" = Catalyst Control Center Localization Spanish "{C95159F2-6A71-C74D-855A-22943F1016C3}" = Catalyst Control Center Localization French "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D513B90E-92C9-2A48-044C-6F6264E5AF6A}" = Catalyst Control Center Core Implementation "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5B4B94E-AFE8-3635-857A-8AE7F90E9DDD}" = Catalyst Control Center Localization Thai "{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer "{E863E701-B897-C5BC-5F9B-5F3E7484E81C}" = CCC Help Finnish "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4D0FC65-E6D0-0AC3-F87B-06BF11435DE0}" = Catalyst Control Center Localization Czech "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety "{F719C40B-FDE9-402B-8F9C-2D47517DC813}" = Catalyst Control Center Localization German "{F9015FF1-09EB-4A43-8E69-0136F890C656}" = CCC Help Chinese Traditional "{FC67D87A-ABDB-69BE-2988-3CDCCD84B211}" = Catalyst Control Center Localization Danish "{FDD357D8-A4EB-1DBB-1CB2-74E9F259817B}" = CCC Help Polish "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AVG" = AVG 2013 "Google Chrome" = Google Chrome "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Vittalia" = Vittalia Installer "WinLiveSuite" = Windows Live Essentials ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16/11/2012 14:46:27 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3588132 Error - 16/11/2012 14:46:28 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16/11/2012 14:46:28 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3589146 Error - 16/11/2012 14:46:28 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3589146 Error - 16/11/2012 14:46:30 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16/11/2012 14:46:31 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3591752 Error - 16/11/2012 14:46:31 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3591752 Error - 16/11/2012 14:46:32 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 16/11/2012 14:46:32 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3593171 Error - 16/11/2012 14:46:32 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3593171 [ System Events ] Error - 17/11/2012 15:36:23 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17/11/2012 15:36:23 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7003 Description = Error - 17/11/2012 15:36:23 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7024 Description = Error - 18/11/2012 16:35:16 | Computer Name = Toni_Babee-PC | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 18/11/2012 16:35:23 | Computer Name = Toni_Babee-PC | Source = volmgr | ID = 262190 Description = Crash dump initialization failed! Error - 18/11/2012 16:37:14 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7000 Description = Error - 18/11/2012 16:37:14 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7024 Description = Error - 18/11/2012 16:38:05 | Computer Name = Toni_Babee-PC | Source = Microsoft Antimalware | ID = 3002 Description = %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%886 Error Code: 0x80004005 Error description: Unspecified error Reason: %%892 Error - 18/11/2012 16:39:21 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7009 Description = Error - 18/11/2012 16:39:21 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7000 Description = [ TuneUp Events ] Error - 24/10/2009 14:46:36 | Computer Name = Toni_Babee-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 24/10/2009 14:46:42 | Computer Name = Toni_Babee-PC | Source = TuneUp Program Statistics | ID = 131840 Description = Error - 24/10/2009 15:15:24 | Computer Name = Toni_Babee-PC | Source = TuneUp Program Statistics | ID = 131840 Description = < End of report > Quote
scottlad Posted November 18, 2012 Author Posted November 18, 2012 yay youtube works fine on internet explorer.still the same on google though ,should i just delete that chrome? Quote
Starbuck Posted November 18, 2012 Posted November 18, 2012 Hi Another extras.txt .... you're getting the hang on this now. :) ,should i just delete that chrome? Entirely up to you. You could make IE your main browser and just keep Chrome as a back up. Most people will have more than one browser installed. Let's clean up this new report now: Step 1 Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.) [2012/11/17 19:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012/11/17 14:19:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013 [2012/11/05 14:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 [2012/11/05 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/10/25 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\IObit [2012/11/08 22:53:59 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys :Files C:\Program Files\McAfee C:\Program Files\AVG :commands [emptytemp] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles In your next reply, please submit: Otl fix report and let me know how the system is running now. Thanks Quote Member of:UNITE
scottlad Posted November 18, 2012 Author Posted November 18, 2012 All processes killed ========== OTL ========== Process ToolbarUpdater.exe killed successfully! Service vToolbarUpdater13.2.0 stopped successfully! Service vToolbarUpdater13.2.0 deleted successfully! C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe moved successfully. Service avgwd stopped successfully! Service avgwd deleted successfully! C:\Program Files\AVG\AVG2013\avgwdsvc.exe moved successfully. Service avgtp stopped successfully! Service avgtp deleted successfully! C:\Windows\System32\drivers\avgtpx86.sys moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/SAFFPlugin\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\ not found. File C:\Program Files\McAfee\SiteAdvisor not found. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found. File C:\Program Files\AVG\AVG2012\Firefox4 not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_UI deleted successfully. C:\Program Files\AVG\AVG2013\avgui.exe moved successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. C:\ProgramData\McAfee folder moved successfully. C:\Users\Administrator\AppData\Local\Avg2013\log folder moved successfully. C:\Users\Administrator\AppData\Local\Avg2013 folder moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012 folder moved successfully. C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0 folder moved successfully. C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully. C:\Program Files\Common Files\AVG Secure Search folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare V4\Log folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare V4\Backup folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit\Advanced SystemCare V4 folder moved successfully. C:\Users\Administrator\AppData\Roaming\IObit folder moved successfully. File C:\Windows\System32\drivers\avgtpx86.sys not found. ========== FILES ========== File\Folder C:\Program Files\McAfee not found. C:\Program Files\AVG\AVG2013\Tuneup folder moved successfully. C:\Program Files\AVG\AVG2013\sounds folder moved successfully. C:\Program Files\AVG\AVG2013\html\reportcard folder moved successfully. C:\Program Files\AVG\AVG2013\html folder moved successfully. C:\Program Files\AVG\AVG2013\Drivers folder moved successfully. C:\Program Files\AVG\AVG2013\3rd_party\licenses folder moved successfully. C:\Program Files\AVG\AVG2013\3rd_party folder moved successfully. C:\Program Files\AVG\AVG2013 folder moved successfully. C:\Program Files\AVG\AVG2012 folder moved successfully. C:\Program Files\AVG folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 10412048 bytes ->Temporary Internet Files folder emptied: 501429499 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 357713368 bytes ->Flash cache emptied: 506 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Demi ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes User: Public User: Toni_Babee %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 76050 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 146124 bytes Total Files Cleaned = 829.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11182012_215317 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Quote
scottlad Posted November 18, 2012 Author Posted November 18, 2012 ye its running miles better mate.i can just use explorer forcutube :D thank you very much for all your help matey;its greatly appreciated saved me loads of hassle and money. Quote
Starbuck Posted November 18, 2012 Posted November 18, 2012 its running miles better mate Glad to hear that. :) thank you very much for all your help matey;its greatly appreciated It's no problem at all. As this system was bought second hand we really should dig a bit deeper and check that there's nothing trying to hide from us. Then we can be sure that the system is clean: Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you will not see the recovery console screens as they are Win XP related Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Thanks Quote Member of:UNITE
scottlad Posted November 18, 2012 Author Posted November 18, 2012 ComboFix 12-11-16.02 - Administrator 18/11/2012 22:49:11.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1789.833 [GMT 0:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 ))))))))))))))))))))))))))))))) . . 2012-11-18 23:04 . 2012-11-18 23:04 -------- d-----w- c:\users\Demi\AppData\Local\temp 2012-11-18 23:04 . 2012-11-18 23:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-18 22:35 . 2012-11-18 22:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-11-18 20:28 . 2012-08-07 16:18 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-11-18 20:28 . 2012-08-07 16:18 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B493DB2-8CDC-46E6-A529-C904879DB2F6}\gapaengine.dll 2012-11-18 20:26 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CF716200-5CB3-4DB4-951E-E30C856E20DF}\mpengine.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-11-18 20:17 . 2012-11-18 20:20 -------- d-----w- c:\program files\QuickTime 2012-11-18 20:09 . 2012-11-18 20:09 -------- d-----w- c:\program files\Apple Software Update 2012-11-17 19:39 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-17 19:30 . 2012-11-17 19:31 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-17 19:29 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2012-11-17 14:49 . 2012-11-17 14:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-17 14:48 . 2012-11-17 14:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-17 14:29 . 2012-11-17 14:29 -------- d-----w- C:\_OTL 2012-11-16 14:53 . 2012-11-16 14:53 -------- d-----w- c:\programdata\Malwarebytes 2012-11-16 14:53 . 2012-11-16 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-16 14:53 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-16 08:25 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-15 22:36 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-15 22:36 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-11-12 01:44 . 2012-11-12 01:44 -------- d-----w- c:\programdata\BlueStacks 2012-11-09 17:01 . 2012-10-12 19:09 22912 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-11-08 17:49 . 2012-11-08 17:49 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2012-11-07 01:27 . 2012-11-07 01:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-07 01:27 . 2012-11-07 01:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-05 14:20 . 2012-11-05 14:20 -------- d--h--w- c:\programdata\Common Files 2012-11-05 14:17 . 2012-11-05 14:17 -------- d-----w- c:\programdata\Uniblue 2012-11-05 14:09 . 2012-11-17 14:17 -------- d-----w- c:\programdata\MFAData 2012-11-05 13:59 . 2012-11-05 13:59 -------- d-----w- c:\program files\Vittalia 2012-11-05 13:53 . 2012-10-17 01:32 6918632 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A0236FD-A1A9-4BBC-9D29-822F83DC4A7A}\mpengine.dll 2012-10-25 22:58 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2012-10-25 22:58 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-10-25 22:58 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-10-25 22:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-10-25 22:21 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-10-25 22:21 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2012-10-25 22:20 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-25 22:20 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-25 22:20 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-25 22:20 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-25 22:20 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-10-25 22:20 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll 2012-10-25 22:20 . 2012-03-30 12:39 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-25 22:20 . 2012-03-29 13:39 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-25 22:20 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-10-25 22:07 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-10-25 22:07 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-10-25 22:07 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-10-25 22:07 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-10-25 22:07 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-10-25 22:07 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-10-25 22:06 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-25 22:06 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-25 22:01 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2012-10-25 22:01 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-10-25 22:01 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-10-25 22:01 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-10-25 21:56 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-10-25 21:55 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2012-10-25 21:55 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2012-10-25 21:55 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2012-10-25 21:55 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2012-10-25 21:55 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-10-25 21:52 . 2012-10-25 21:52 -------- d-----w- c:\program files\Citrix 2012-10-25 20:49 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-10-25 20:49 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-10-25 20:49 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-10-25 20:49 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-10-25 20:49 . 2012-11-09 17:12 -------- d-----w- c:\users\Administrator 2012-10-25 20:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-10-25 20:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-10-25 20:48 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-10-25 20:48 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-10-25 20:48 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-17 14:48 . 2010-06-09 21:04 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-30 22:03 . 2012-08-30 22:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 22:03 . 2012-08-30 22:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-14 6253088] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "WarReg_PopUp"=c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe "Skytel"=Skytel.exe . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2012-11-13 10:02 1625192 ----a-w- c:\program files\Google\Chrome\Application\25.0.1323.1\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 01:27] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-25 21:56] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-25 21:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-AVG - c:\program files\AVG\AVG2013\avgmfapx.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-18 23:04 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,cb, 02,9d,bb,ea,06,bf,9f,b9,17,8e,65,f8,d7 "{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,3b,1b,95,6b,ab, 74,af,46,96,0f,bb,46,fa,a3,a8,8f,03,4f "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,24, 8a,32,1f,d6,0e,94,c5,12,24,74,43,26,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,dc, c1,75,f7,32,07,a6,7d,df,65,c3,8e,cd,bd . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:3c,74,cb,b8,ec,b2,cd,01 . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,fd,5a,e1,78,68,72,48,b4,6e,b2,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6e,fd,5a,e1,78,68,72,48,b4,6e,b2,\ . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.avi" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.CDA" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.M3U" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP3" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MPEG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.PARTIAL" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MIDI" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AU" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.SVG" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.URL" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAV" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WAX" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.WEBSITE" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASF" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMA" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMD" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMS" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMV" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.ASX" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WMZ" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WPL" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.WVX" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="IE.AssocFile.XHT" . Completion time: 2012-11-18 23:08:41 ComboFix-quarantined-files.txt 2012-11-18 23:08 . Pre-Run: 102,270,705,664 bytes free Post-Run: 102,210,777,088 bytes free . - - End Of File - - 2DBAB2436821D67B0CF98E40EDE47748 Quote
scottlad Posted November 18, 2012 Author Posted November 18, 2012 right there it is mate;but it did come up admistrator prompt tocontinue,but i dont know what that means,but it scanned anyway Quote
Starbuck Posted November 18, 2012 Posted November 18, 2012 Hi Scottlad, but it did come up admistrator prompt to continue, You will get this on Vista and Win7 .... it's just asking your permission to run, that's all. Well that's a hell of a lot of locked files. Seems the old owner was a bit too cautious with things. Let's sort those out and give you the choice back. Close any open browsers. Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix: Open Notepad - it must be Notepad, not Wordpad. Copy the text below in the code box by highlighting all the text and pressing Ctrl+C RegLock:: [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Internet Explorer\Approved Extensions] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Internet Explorer\User Preferences] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.wma\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.wmd\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.wms\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.wmv\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.wmx\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.wmz\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.wpl\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.wvx\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.xht\UserChoice] [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\FileExts\.xhtml\UserChoice] Go to the Notepad window and click Edit >> Paste Then click File >> Save Name the file "CFScript.txt" (including the quotes) Save the file to your Desktop The main ComboFix.exe program should be on your Desktop Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon as below. http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif Now please wait for ComboFix to finish running. Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash Please post the new combofix.txt in your next reply. Thanks Quote Member of:UNITE
scottlad Posted November 18, 2012 Author Posted November 18, 2012 could that have something to with when i first log on.the icon adminstrtor shows and underneath it says locked.but i click on it and it opens anyway.the guy who sold me it from gumtree says he couldnt get rid of that,but it works ok.and to be fir it does.ill do that now and post results Quote
scottlad Posted November 19, 2012 Author Posted November 19, 2012 oops that text thing you on about sorry mate but i deleted it :mad: i didnt realise i needed it.i checked recycle bin but its gone? Quote
Starbuck Posted November 19, 2012 Posted November 19, 2012 that text thing you on about sorry mate but i deleted it i didnt realise i needed it.i checked recycle bin but its gone? Sorry i don't understand what you mean. If you are referring to the previous combofix.txt .... don't worry about it. If you follow the new instructions i gave, a new one will be made showing the new alterations. One thing i will say is that you are using the old Admin account on that system, if i was you i'd create a new one in your own name and set it so that you have Admin status. This will explain how to do that: http://www.lockergnome.com/windows/2006/12/05/create-a-new-user-account-in-vista/ Don't call the new account 'Administrator' .... use a name for yourself. But make sure you set your new account as an Administrator account .... not as a standard user account. Do this after running the combofix script i gave you and after you have posted the new combofix.txt. Then log in to the new account and see how things run then. Quote Member of:UNITE
scottlad Posted November 19, 2012 Author Posted November 19, 2012 (edited) ok but i dont understand wht you mean;i cant find the note pad thing to paste that into.sorry for being dense lol i deleted the last two Edited November 19, 2012 by scottlad Quote
Starbuck Posted November 19, 2012 Posted November 19, 2012 Ar right, now i understand. http://img.photobucket.com/albums/v708/starbuck50/Facebook/notepadpic.png Quote Member of:UNITE
scottlad Posted November 19, 2012 Author Posted November 19, 2012 ok one last point.i did all you said but when i open the saved file on desktop.its blank thats after me saving it and renmaing it.shoiuld it be blank?i defo copied and pasted into notepad.or should i just drag it down to combo without opening it first.just want to be sure im doing the right thing mate p Quote
Starbuck Posted November 19, 2012 Posted November 19, 2012 No don't open the file. Once it's on the desktop just drag and drop the file onto the combofix icon (as per the pics ) Combofix will start automatically. Quote Member of:UNITE
scottlad Posted November 19, 2012 Author Posted November 19, 2012 ok did that but when it goes to scan i get this box with message were you trying to run cfscript the name cfscript appears to be incorrectly spelt. i copied it exactly as u wrote it mate Quote
Starbuck Posted November 19, 2012 Posted November 19, 2012 Had this happen last week with another member, it's to do with the quotation marks. I'll send you a script to use this evening after i get home from work. Quote Member of:UNITE
Starbuck Posted November 19, 2012 Posted November 19, 2012 Hi Scottlad, I've saved the script you need and have named it "CFScript" already. I've added it to this post at the bottom as an attachment. Just click on the attachment and save the file to your desktop. (no need to name it as it's already been done). Close any open browsers. Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix: The main ComboFix.exe program should be on your Desktop Drag the file you just saved... CFScript.txt and drop it on the main ComboFix.exe icon as below. http://i275.photobucket.com/albums/jj285/Bleeping/Combofix/cf.gif Combofix will automatically start. Now please wait for ComboFix to finish running. Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash [ATTACH]883.vB5-legacyid=1739[/ATTACH]CFScript.txt Quote Member of:UNITE
scottlad Posted November 19, 2012 Author Posted November 19, 2012 ComboFix 12-11-19.02 - Administrator 19/11/2012 19:17:37.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.44.1033.18.1789.843 [GMT 0:00] Running from: c:\users\Administrator\Desktop\ComboFix.exe Command switches used :: c:\users\Administrator\Desktop\CFScript (1).txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-19 to 2012-11-19 ))))))))))))))))))))))))))))))) . . 2012-11-19 19:33 . 2012-11-19 19:33 -------- d-----w- c:\users\Toni_Babee\AppData\Local\temp 2012-11-19 19:33 . 2012-11-19 19:33 -------- d-----w- c:\users\Demi\AppData\Local\temp 2012-11-19 19:33 . 2012-11-19 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-19 19:10 . 2012-11-19 19:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-11-19 17:03 . 2012-08-07 16:18 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A25177A-78F1-E2C9-6259-ADEF04B02947}\GapaEngine.dll 2012-11-19 10:21 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4022F371-25A7-4CE4-AC67-6A7DC0FC5602}\mpengine.dll 2012-11-18 20:28 . 2012-08-07 16:18 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-11-18 20:28 . 2012-08-07 16:18 740784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6B493DB2-8CDC-46E6-A529-C904879DB2F6}\gapaengine.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2012-11-18 20:20 . 2012-11-18 20:20 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2012-11-18 20:17 . 2012-11-18 20:20 -------- d-----w- c:\program files\QuickTime 2012-11-18 20:09 . 2012-11-18 20:09 -------- d-----w- c:\program files\Apple Software Update 2012-11-17 19:39 . 2012-10-17 01:32 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-17 19:30 . 2012-11-17 19:31 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-17 19:29 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2012-11-17 14:49 . 2012-11-17 14:48 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-17 14:48 . 2012-11-17 14:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-17 14:29 . 2012-11-17 14:29 -------- d-----w- C:\_OTL 2012-11-16 14:53 . 2012-11-16 14:53 -------- d-----w- c:\programdata\Malwarebytes 2012-11-16 14:53 . 2012-11-16 14:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-11-16 14:53 . 2012-09-29 19:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-16 08:25 . 2012-10-08 07:40 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-11-15 22:36 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-15 22:36 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-11-12 01:44 . 2012-11-12 01:44 -------- d-----w- c:\programdata\BlueStacks 2012-11-09 17:01 . 2012-10-12 19:09 22912 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-11-08 17:49 . 2012-11-08 17:49 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2012-11-07 01:27 . 2012-11-07 01:27 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-07 01:27 . 2012-11-07 01:27 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-05 14:20 . 2012-11-05 14:20 -------- d--h--w- c:\programdata\Common Files 2012-11-05 14:17 . 2012-11-05 14:17 -------- d-----w- c:\programdata\Uniblue 2012-11-05 14:09 . 2012-11-17 14:17 -------- d-----w- c:\programdata\MFAData 2012-11-05 13:59 . 2012-11-05 13:59 -------- d-----w- c:\program files\Vittalia 2012-11-05 13:53 . 2012-10-17 01:32 6918632 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A0236FD-A1A9-4BBC-9D29-822F83DC4A7A}\mpengine.dll 2012-10-25 22:58 . 2012-02-29 15:11 5120 ----a-w- c:\windows\system32\wmi.dll 2012-10-25 22:58 . 2012-02-29 15:09 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-10-25 22:58 . 2012-02-29 13:32 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-10-25 22:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2012-10-25 22:21 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-10-25 22:21 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2012-10-25 22:20 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-10-25 22:20 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-25 22:20 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-25 22:20 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-25 22:20 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll 2012-10-25 22:20 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll 2012-10-25 22:20 . 2012-03-30 12:39 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-25 22:20 . 2012-03-29 13:39 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-10-25 22:20 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-10-25 22:07 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-10-25 22:07 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll 2012-10-25 22:07 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-10-25 22:07 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-10-25 22:07 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll 2012-10-25 22:07 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe 2012-10-25 22:06 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-10-25 22:06 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-25 22:01 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll 2012-10-25 22:01 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-10-25 22:01 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-10-25 22:01 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-10-25 21:56 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-10-25 21:55 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2012-10-25 21:55 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll 2012-10-25 21:55 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll 2012-10-25 21:55 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2012-10-25 21:55 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-10-25 21:52 . 2012-10-25 21:52 -------- d-----w- c:\program files\Citrix 2012-10-25 20:49 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-10-25 20:49 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-10-25 20:49 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-10-25 20:49 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-10-25 20:49 . 2012-11-09 17:12 -------- d-----w- c:\users\Administrator 2012-10-25 20:49 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-10-25 20:49 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-10-25 20:48 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-10-25 20:48 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-10-25 20:48 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-10-25 03:12 . 2012-10-25 03:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 03:12 . 2012-10-25 03:12 69632 ----a-w- c:\windows\system32\QuickTime.qts . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-17 14:48 . 2010-06-09 21:04 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-30 22:03 . 2012-08-30 22:03 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2012-08-30 22:03 . 2012-08-30 22:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-07-14 6253088] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "WarReg_PopUp"=c:\program files\eMachines\WR_PopUp\WarReg_PopUp.exe "Skytel"=Skytel.exe . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MBAMSWISSARMY . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2012-11-13 10:02 1625192 ----a-w- c:\program files\Google\Chrome\Application\25.0.1323.1\Installer\setup.exe . Contents of the 'Scheduled Tasks' folder . 2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 01:27] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-25 21:56] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-25 21:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620 TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-11-19 19:33 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . [HKEY_USERS\S-1-5-21-1637069621-280892266-1607673933-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.AIFF" . Completion time: 2012-11-19 19:37:13 ComboFix-quarantined-files.txt 2012-11-19 19:37 ComboFix2.txt 2012-11-18 23:08 . Pre-Run: 101,247,930,368 bytes free Post-Run: 101,781,016,576 bytes free . - - End Of File - - 002539681FD4DCB19BCBFB4ABD59A59B Quote
Starbuck Posted November 19, 2012 Posted November 19, 2012 Hi Scottlad, Nice to see that worked fine. Take a look back at post #65 and think about setting up a new account for yourself. It should give you a fresh start. All of the programs installed will be available to the new account. Setting a new account will add to the start up screen.... meaning you will see another account when going to log in. Let me know how it goes and how the system is running in general. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.