hello need help please

[Starbuck]

I've just edited my post.

Some of the Otl instructions were missing.

[scottlad]

those links dont work matey

[scottlad]

yea it is working,scanning now.

[Starbuck]

Ok, let me have the reports when the scans have finished.

We can normally save you having to go the reinstall route.

A reinstall is our very last option.

[scottlad]

cool cheers mate,its tAking ages lol

[scottlad]

TL logfile created on: 17/11/2012 00:15:41 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.75 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 53.23% Memory free

3.75 Gb Paging File | 2.35 Gb Available in Paging File | 62.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.28 Gb Total Space | 94.85 Gb Free Space | 68.10% Space Free | Partition Type: NTFS

 

Computer Name: TONI_BABEE-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Users\Administrator\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()

PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\Mcafee\MSC\McUICnt.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\PepperFlash\pepflashplayer.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\pdf.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\libglesv2.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\libegl.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\ffmpegsumo.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

 

 

========== Services (SafeList) ==========

 

SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)

SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (yukonwlh) -- system32\DRIVERS\yk60x86.sys File not found

DRV - (WisINT15) -- c:\Windows\System32\OEM\factory\WisINT15.SYS File not found

DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found

DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found

DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (LGVMODEM) -- system32\DRIVERS\lgvmodem.sys File not found

DRV - (lgbusenum) -- system32\DRIVERS\lgbtbus.sys File not found

DRV - (LgBttPort) -- system32\DRIVERS\lgbtport.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)

DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )

DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)

DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )

DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)

DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()

DRV - (MOBKFilter) -- C:\Windows\System32\drivers\MOBK.sys (Mozy, Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)

DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)

DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{D0B32FED-7B88-4D29-A717-2F8442578FCE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/28 21:47:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/10/25 20:11:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

 

 

========== Chrome ==========

 

CHR - homepage: http://www.google.co.uk/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.co.uk/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.3_0\

CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: SiteAdvisor = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\

CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110728103618.dll File not found

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)

O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.bp.2020.net/Core/Player/2020PlayerAX_Win32.cab (Reg Error: Key error.)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D76F5822-7F1C-4008-8C03-00DB33481E3B}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\linkscanner - No CLSID value found

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

 

 

CREATERESTOREPOINT

System Restore Service not available.

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/11/16 18:59:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/11/16 14:53:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2012/11/16 14:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/16 14:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/16 14:53:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/11/16 14:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/16 14:49:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer

[2012/11/16 08:25:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/11/16 08:24:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/11/16 08:24:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/11/16 08:24:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/11/16 08:24:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/11/16 08:24:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/11/16 08:24:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/11/16 08:24:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/11/15 22:36:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2012/11/15 22:36:16 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/11/14 03:25:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverFinder

[2012/11/12 01:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup

[2012/11/12 01:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks

[2012/11/09 17:01:15 | 000,022,912 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe

[2012/11/08 22:54:11 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

[2012/11/07 21:39:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI

[2012/11/07 21:39:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI

[2012/11/07 01:27:53 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/11/07 01:27:53 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/11/07 01:22:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVG2013

[2012/11/07 01:02:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software

[2012/11/07 00:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013

[2012/11/07 00:29:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013

[2012/11/07 00:29:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\MFAData

[2012/11/05 14:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012/11/05 14:39:02 | 000,000,000 | -H-D | C] -- C:\$AVG

[2012/11/05 14:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012

[2012/11/05 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

[2012/11/05 14:20:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/11/05 14:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue

[2012/11/05 14:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2012/11/05 14:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/11/05 14:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

[2012/11/05 13:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Vittalia

[2012/10/25 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sony

[2012/10/25 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sony

[2012/10/25 22:21:26 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012/10/25 22:20:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2012/10/25 22:20:21 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012/10/25 22:20:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012/10/25 22:19:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012/10/25 22:19:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012/10/25 22:19:29 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012/10/25 22:19:29 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2012/10/25 22:19:28 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2012/10/25 22:19:28 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2012/10/25 22:19:28 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2012/10/25 22:19:27 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2012/10/25 22:19:21 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2012/10/25 22:07:07 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012/10/25 22:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012/10/25 22:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012/10/25 22:01:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2012/10/25 22:01:29 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2012/10/25 22:01:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2012/10/25 22:01:28 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2012/10/25 21:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/10/25 21:56:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google

[2012/10/25 21:56:26 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll

[2012/10/25 21:55:16 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2012/10/25 21:55:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2012/10/25 21:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix

[2012/10/25 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Citrix

[2012/10/25 21:15:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple

[2012/10/25 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia

[2012/10/25 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe

[2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches

[2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/10/25 20:49:37 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/10/25 20:49:36 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/10/25 20:49:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities

[2012/10/25 20:49:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data

[2012/10/25 20:49:12 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/10/25 20:49:12 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft

[2012/10/25 20:49:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/10/25 20:49:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/10/25 20:48:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/10/25 20:48:27 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/10/25 20:48:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/10/25 20:42:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps

[2012/10/25 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\IObit

[2012/10/22 13:02:46 | 000,179,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys

 

========== Files - Modified Within 30 Days ==========

 

[2012/11/17 00:19:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/17 00:01:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/16 23:56:30 | 000,003,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/16 23:56:30 | 000,003,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/16 23:56:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/16 23:31:16 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/16 18:56:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2012/11/16 14:53:18 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/16 10:43:18 | 000,293,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/11/16 10:12:44 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/11/16 10:12:44 | 000,121,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/11/14 03:38:30 | 000,003,584 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/14 03:36:59 | 000,000,940 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/11/09 17:12:07 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

[2012/11/08 22:53:59 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

[2012/11/08 17:49:53 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2012/11/07 01:27:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/11/07 01:27:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/11/05 14:46:52 | 000,001,997 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/11/05 14:46:52 | 000,001,973 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2012/10/25 20:10:04 | 000,000,945 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/10/25 11:01:29 | 000,000,086 | ---- | M] () -- C:\Windows\System32\_system.ini

[2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys

 

========== Files Created - No Company Name ==========

 

[2012/11/16 14:53:18 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/14 03:36:59 | 000,000,940 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/11/09 17:12:07 | 000,000,000 | ---- | C] () -- C:\asc_rdflag

[2012/11/09 04:05:37 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/07 01:27:59 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/07 01:02:05 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2012/10/25 21:59:48 | 000,001,997 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/10/25 21:59:48 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2012/10/25 21:56:49 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/10/25 21:56:46 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/10/25 20:49:48 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/10/25 20:49:45 | 000,000,946 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012/10/25 20:49:31 | 000,000,917 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

[2012/10/25 20:49:13 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/10/25 20:49:13 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/10/25 20:10:04 | 000,000,945 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/10/25 11:01:29 | 000,000,086 | ---- | C] () -- C:\Windows\System32\_system.ini

[2011/02/15 20:59:51 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe

[2011/02/15 20:59:51 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

 

========== ZeroAccess Check ==========

 

[2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2012/11/07 01:22:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2013

[2012/11/14 03:36:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DriverFinder

[2012/11/09 17:01:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit

[2012/10/25 23:44:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Sony

[2012/11/07 01:02:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software

 

========== Purity Check ==========

[scottlad]

========== Drive Information ==========

 

Physical Drives

---------------

 

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media

Interface type: IDE

Media Type: Fixed hard disk media

Model: Hitachi HTS543216L9A300 ATA Device

Partitions: 2

Status: OK

Status Info: 0

 

Partitions

---------------

 

DeviceID: Disk #0, Partition #0

PartitionType: Unknown

Bootable: False

BootPartition: False

PrimaryPartition: True

Size: 10.00GB

Starting Offset: 1048576

Hidden sectors: 0

 

 

DeviceID: Disk #0, Partition #1

PartitionType: Installable File System

Bootable: True

BootPartition: True

PrimaryPartition: True

Size: 139.00GB

Starting Offset: 10486808576

Hidden sectors: 0

 

 

< %SYSTEMDRIVE%\*.* >

[2012/11/16 18:53:11 | 000,005,222 | ---- | M] () -- C:\AdwCleaner[s1].txt

[2012/11/09 17:12:07 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2009/04/11 06:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2010/10/10 15:23:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/10/10 15:23:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2012/11/16 18:55:24 | 2190,864,384 | -HS- | M] () -- C:\pagefile.sys

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2006/10/27 02:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\system32\drivers\*.sys /lockedfiles >

 

< %systemroot%\system32\*.exe /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2008/01/21 03:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/21 03:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/21 03:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 

< %PROGRAMFILES%\* >

[2008/01/21 02:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

 

< %USERPROFILE%\..|smtmp;true;true;true /FP >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

 

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/11/12 15:31:16 | 001,275,496 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/11/12 15:31:16 | 001,275,496 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/11/12 15:31:16 | 001,275,496 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/11/12 15:31:16 | 001,275,496 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/06/07 19:43:39 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/06/07 19:43:39 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/06/07 19:43:39 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/10/08 08:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/10/08 08:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

 

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/11/12 15:31:16 | 001,275,496 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/11/12 15:31:16 | 001,275,496 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/11/12 15:31:16 | 001,275,496 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/11/12 15:31:16 | 001,275,496 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/06/07 19:43:39 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/06/07 19:43:39 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/06/07 19:43:39 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/10/08 08:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/10/08 08:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C46995DA

@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:03D08225

@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:D576A536

@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:B722BCE5

@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:5E22637F

@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:82591FF7

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3B07E6F4

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4B244549

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AE2EA3C2

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:80E965A3

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CBEB737E

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0D52F295

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0E22C5DB

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3790BACD

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:AF66D8C5

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4D066AD2

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:56C17A93

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A26AFC00

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:CB0FEE2B

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C420DC2E

 

 

< End of report >

[Starbuck]

Hi scottlad

 

The report is showing the sort of things that i expected.

No actual infections, but some conflicts.

Also to get the full picture i really need the 'Extras.txt' from Otl ( which will be in the Download folder)

 

Let's deal with what we have and take it from there.

 

Step 1

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or McAfee.

 

To be really honest... i wouldn't have either on my system.

Full recommendation is to remove both programs and install MSSE.

 

MS Security Essentials

 

 

Step 2

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

Please make sure you copy the whole fix, including the commands at the bottom.

 

:Otl
DRV - (yukonwlh) -- system32\DRIVERS\yk60x86.sys File not found
DRV - (WisINT15) -- c:\Windows\System32\OEM\factory\WisINT15.SYS File not found
DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (LGVMODEM) -- system32\DRIVERS\lgvmodem.sys File not found
DRV - (lgbusenum) -- system32\DRIVERS\lgbtbus.sys File not found
DRV - (LgBttPort) -- system32\DRIVERS\lgbtport.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110728103618.dl l File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.bp.2020.net/Core/Player/20...erAX_Win32.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:C46995DA
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:03D08225
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:D576A536
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:B722BCE5
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:5E22637F
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:82591FF7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:3B07E6F4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4B244549
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:AE2EA3C2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:80E965A3
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EA701346
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:0D52F295
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0E22C5DB
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3790BACD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:AF66D8C5
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:56C17A93
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A26AFC00
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C420DC2E

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

 

Step 3

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) 7 Update 9 and save it to your desktop.
  
• Scroll down to where it says "Java SE 7 Update 9".
  
• Click the "Download JRE" button to the right.
  
• Accept the license agreement.
  
• select 'Windows x86'offline from the Platform down arrow.
  
• Save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u9-windows-i586-p.exe to install the newest version.

 

 

In your next reply, please submit:

Otl fix report

The extras.txt from the 1st run of OTL.

Also let me know which AV you now have installed and whether Java updated ok.

 

Thanks

Edited November 17, 2012 by Starbuck

[scottlad]

hey thanks for the advice,ive tried to uninstall mcafee but it just says wait till its unistalled or made changes.and a blnk white box aappears and just stays like that,tried restarting laptop and doing it again,still the same.mcafee security centre is the only mcafee i have on laptop.tbh i dont think the actual programme is there,is that avg you recommended free mate?will i still go aheaad with repairs?

[Armageddon]

Hi Scottlad , Starbuck recommended removing both AVG and Mcafee and yes run the repairs he has requested please

[scottlad]

ok ill run them,what i was saying,it wont allow me to uninstall that mcafee. but ill go uninstall avg and then run thet test

[scottlad]

All processes killed

========== OTL ==========

Service yukonwlh stopped successfully!

Service yukonwlh deleted successfully!

File system32\DRIVERS\yk60x86.sys File not found not found.

Service WisINT15 stopped successfully!

Service WisINT15 deleted successfully!

File c:\Windows\System32\OEM\factory\WisINT15.SYS File not found not found.

Service USBModem stopped successfully!

Service USBModem deleted successfully!

File system32\DRIVERS\lgusbmodem.sys File not found not found.

Service UsbDiag stopped successfully!

Service UsbDiag deleted successfully!

File system32\DRIVERS\lgusbdiag.sys File not found not found.

Service usbbus stopped successfully!

Service usbbus deleted successfully!

File system32\DRIVERS\lgusbbus.sys File not found not found.

Service NwlnkFwd stopped successfully!

Service NwlnkFwd deleted successfully!

File system32\DRIVERS\nwlnkfwd.sys File not found not found.

Service NwlnkFlt stopped successfully!

Service NwlnkFlt deleted successfully!

File system32\DRIVERS\nwlnkflt.sys File not found not found.

Service LGVMODEM stopped successfully!

Service LGVMODEM deleted successfully!

File system32\DRIVERS\lgvmodem.sys File not found not found.

Service lgbusenum stopped successfully!

Service lgbusenum deleted successfully!

File system32\DRIVERS\lgbtbus.sys File not found not found.

Service LgBttPort stopped successfully!

Service LgBttPort deleted successfully!

File system32\DRIVERS\lgbtport.sys File not found not found.

Service IpInIp stopped successfully!

Service IpInIp deleted successfully!

File system32\DRIVERS\ipinip.sys File not found not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.

Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}

C:\Windows\Downloaded Program Files\swdir.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Starting removal of ActiveX control {1C11B948-582A-433F-A98D-A8C4D5CC64F2}

C:\Windows\Downloaded Program Files\2020Player.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

ADS C:\ProgramData\TEMP:C46995DA deleted successfully.

ADS C:\ProgramData\TEMP:03D08225 deleted successfully.

ADS C:\ProgramData\TEMP:D576A536 deleted successfully.

ADS C:\ProgramData\TEMP:B722BCE5 deleted successfully.

ADS C:\ProgramData\TEMP:5E22637F deleted successfully.

ADS C:\ProgramData\TEMP:82591FF7 deleted successfully.

ADS C:\ProgramData\TEMP:3B07E6F4 deleted successfully.

ADS C:\ProgramData\TEMP:4B244549 deleted successfully.

ADS C:\ProgramData\TEMP:AE2EA3C2 deleted successfully.

ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.

ADS C:\ProgramData\TEMP:80E965A3 deleted successfully.

ADS C:\ProgramData\TEMP:EA701346 deleted successfully.

ADS C:\ProgramData\TEMP:CBEB737E deleted successfully.

ADS C:\ProgramData\TEMP:0D52F295 deleted successfully.

ADS C:\ProgramData\TEMP:0E22C5DB deleted successfully.

ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.

ADS C:\ProgramData\TEMP:3790BACD deleted successfully.

ADS C:\ProgramData\TEMP:AF66D8C5 deleted successfully.

ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.

ADS C:\ProgramData\TEMP:56C17A93 deleted successfully.

ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.

ADS C:\ProgramData\TEMP:A26AFC00 deleted successfully.

ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.

ADS C:\ProgramData\TEMP:CB0FEE2B deleted successfully.

ADS C:\ProgramData\TEMP:C420DC2E deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Administrator\Downloads\cmd.bat deleted successfully.

C:\Users\Administrator\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 60618666 bytes

->Temporary Internet Files folder emptied: 3035787 bytes

->Java cache emptied: 2120 bytes

->Google Chrome cache emptied: 393503833 bytes

->Flash cache emptied: 826 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Demi

->Temp folder emptied: 287214 bytes

->Temporary Internet Files folder emptied: 2256425 bytes

->Java cache emptied: 1147833 bytes

 

User: Public

 

User: Toni_Babee

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 63436289 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 844 bytes

 

Total Files Cleaned = 500.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 11172012_142956

 

 

Files\Folders moved on Reboot...

 

 

PendingFileRenameOperations files...

 

 

Registry entries deleted on Reboot...

[scottlad]

right did all you said,cant find missing text you are talking about though.thought i had pasted it all.its still a bit jumpy,but im just gonna to have to live with that sadly lol anyway i cant thank you all enough for helping me out.its greatly appreciated.ill stick around on the site.need to learn about computers anyway,and you seem real decent people.:o

is there a free alternative to the avg i removed?free being the uppermost word hahatried to remove that macafee,buit i think its just name,cause it does nothing when you click on it.must ne removed.

[scottlad]

btw its not nearly as bad as it was.

[Starbuck]

Hi

 

btw its not nearly as bad as it was.

i cant thank you all enough for helping me out.its greatly appreciated.

By the time we have finished it should be even better still.

Myself and the other staff will continue to help you until you are satisfied with the system.

 

it wont allow me to uninstall that mcafee.

No problem, let's run the McAfee Removal tool, this will remove it for us.

 

Download the McAfee Removal Tool

Save it to your desktop.

Close all running programs and then Right click on the downloaded icon and select 'Run as Administrator'.

You may need to reboot the system once it's finished.

 

is there a free alternative to the avg i removed?

Don't worry, all of the programs we recommend are free programs.

After removing McAfee, go to the download link for MS Security Essentials ( it's in post #33)

Download to your system and then Right click on the downloaded icon and select 'Run as Administrator' to install the program.

There's an installation guide Here if you need it.

 

This is widely regarded as one of the best free Anti Virus programs at the moment.

This is what myself and most of the staff here use.

 

When you have completed this:

 

Double click on OTL.exe to run it.

• Under Extra Registry section, select Use SafeList.
  
• Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

 

The main Otl report should open after the scan.... the Extras.txt is usually minimised to the taskbar.

Copys of both will be saved in the same folder that OTL is stored in.

 

 

Please post both reports in your next reply.

Edited November 17, 2012 by Starbuck

[scottlad]

right got rid of mcafee;) downloaded that avg thing.its doing a scan at minute,ill do that other otc thing omce its finished.btw will i keep that malawre thing on,runs out in 13 days,and will that not interfere with this new avg?

[scottlad]

OTL logfile created on: 17/11/2012 20:34:09 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 49.62% Memory free

3.74 Gb Paging File | 2.36 Gb Available in Paging File | 63.19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.28 Gb Total Space | 96.25 Gb Free Space | 69.11% Space Free | Partition Type: NTFS

 

Computer Name: TONI_BABEE-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Administrator\Downloads\OTL (3).exe (OldTimer Tools)

PRC - C:\Users\Administrator\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\PepperFlash\pepflashplayer.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\pdf.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\libglesv2.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\libegl.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\ffmpegsumo.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

 

 

========== Services (SafeList) ==========

 

SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MpKsl5ebfd329) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C5400E0-777C-48B8-A270-BD2153054F2D}\MpKsl5ebfd329.sys (Microsoft Corporation)

DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)

DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)

DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{D0B32FED-7B88-4D29-A717-2F8442578FCE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/28 21:47:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

 

 

========== Chrome ==========

 

CHR - homepage: http://www.google.co.uk/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.co.uk/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.3_0\

CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/11/17 14:31:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)

O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D76F5822-7F1C-4008-8C03-00DB33481E3B}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest - No CLSID value found

O18 - Protocol\Handler\linkscanner - No CLSID value found

O18 - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/11/17 19:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/11/17 19:29:56 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2012/11/17 19:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/11/17 14:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/11/17 14:49:20 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012/11/17 14:49:20 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012/11/17 14:48:56 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/11/17 14:48:56 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/11/17 14:48:56 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012/11/17 14:29:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/11/17 14:19:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013

[2012/11/16 14:53:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2012/11/16 14:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/16 14:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/16 14:53:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/11/16 14:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/16 14:49:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer

[2012/11/16 08:25:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/11/16 08:24:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/11/16 08:24:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/11/16 08:24:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/11/16 08:24:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/11/16 08:24:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/11/16 08:24:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/11/16 08:24:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/11/15 22:36:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2012/11/15 22:36:16 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/11/14 03:25:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverFinder

[2012/11/12 01:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup

[2012/11/12 01:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks

[2012/11/09 17:01:15 | 000,022,912 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe

[2012/11/08 22:54:11 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

[2012/11/07 21:39:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI

[2012/11/07 21:39:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI

[2012/11/07 01:27:53 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/11/07 01:27:53 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/11/07 01:02:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software

[2012/11/07 00:29:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\MFAData

[2012/11/05 14:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012

[2012/11/05 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

[2012/11/05 14:20:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/11/05 14:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue

[2012/11/05 14:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2012/11/05 14:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/11/05 14:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

[2012/11/05 13:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Vittalia

[2012/10/25 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sony

[2012/10/25 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sony

[2012/10/25 22:21:26 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012/10/25 22:20:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2012/10/25 22:20:21 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012/10/25 22:20:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012/10/25 22:19:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012/10/25 22:19:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012/10/25 22:19:29 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012/10/25 22:19:29 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2012/10/25 22:19:28 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2012/10/25 22:19:28 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2012/10/25 22:19:28 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2012/10/25 22:19:27 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2012/10/25 22:19:21 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2012/10/25 22:07:07 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012/10/25 22:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012/10/25 22:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012/10/25 22:01:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2012/10/25 22:01:29 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2012/10/25 22:01:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2012/10/25 22:01:28 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2012/10/25 21:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/10/25 21:56:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google

[2012/10/25 21:56:26 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll

[2012/10/25 21:55:16 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2012/10/25 21:55:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2012/10/25 21:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix

[2012/10/25 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Citrix

[2012/10/25 21:15:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple

[2012/10/25 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia

[2012/10/25 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe

[2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches

[2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/10/25 20:49:37 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/10/25 20:49:36 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/10/25 20:49:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities

[2012/10/25 20:49:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data

[2012/10/25 20:49:12 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/10/25 20:49:12 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft

[2012/10/25 20:49:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/10/25 20:49:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/10/25 20:48:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/10/25 20:48:27 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/10/25 20:48:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/10/25 20:42:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps

[2012/10/25 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\IObit

 

========== Files - Modified Within 30 Days ==========

 

[2012/11/17 20:19:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/17 20:01:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/17 19:37:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/17 19:35:17 | 000,003,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/17 19:35:17 | 000,003,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/17 19:35:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2012/11/17 19:34:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/17 19:32:20 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/11/17 14:48:31 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012/11/17 14:48:28 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012/11/17 14:48:28 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2012/11/17 14:48:28 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012/11/17 14:48:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/11/17 14:48:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/11/17 14:31:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2012/11/16 14:53:18 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/16 10:43:18 | 000,293,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/11/16 10:12:44 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/11/16 10:12:44 | 000,121,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/11/14 03:38:30 | 000,003,584 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/14 03:36:59 | 000,000,940 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/11/09 17:12:07 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

[2012/11/08 22:53:59 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

[2012/11/07 01:27:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/11/07 01:27:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/11/05 14:46:52 | 000,001,997 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/11/05 14:46:52 | 000,001,973 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2012/10/25 20:10:04 | 000,000,945 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/10/25 11:01:29 | 000,000,086 | ---- | M] () -- C:\Windows\System32\_system.ini

 

========== Files Created - No Company Name ==========

 

[2012/11/17 19:32:20 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/11/17 19:31:52 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/11/16 14:53:18 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/14 03:36:59 | 000,000,940 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/11/09 17:12:07 | 000,000,000 | ---- | C] () -- C:\asc_rdflag

[2012/11/09 04:05:37 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/07 01:27:59 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/10/25 21:59:48 | 000,001,997 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/10/25 21:59:48 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2012/10/25 21:56:49 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/10/25 21:56:46 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/10/25 20:49:48 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/10/25 20:49:45 | 000,000,946 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012/10/25 20:49:31 | 000,000,917 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

[2012/10/25 20:49:13 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/10/25 20:49:13 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/10/25 20:10:04 | 000,000,945 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/10/25 11:01:29 | 000,000,086 | ---- | C] () -- C:\Windows\System32\_system.ini

[2011/02/15 20:59:51 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe

[2011/02/15 20:59:51 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

 

========== ZeroAccess Check ==========

 

[2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

 

< End of report >

[scottlad]

hey this might sound a bit daft but when the youtube vid is stuttering,well if you scroll down to the comments,and therefore taking the vid out the screen,it plays bit better lol weird eh

[Starbuck]

Hi scottlad,

 

AVG anti virus is still showing in the reports, this should have been removed already.

 

Let's use the removal tool to remove AVG ... go to:

http://www.avg.com/filedir/util/avg_arm_sup_____.dir/avgremover.exe

 

download to your desktop.

then double click to start the uninstaller.

 

I still haven't seen any extras.txt report posted.

It will always be saved in the same location as OTL.

in your case...(because Otl wasn't downloaded to the desktop as asked)

 

C:\Users\Administrator\Downloads

 

These are the 2 files that Otl will create.

 

http://img.photobucket.com/albums/v708/starbuck50/Xmas/otlpic.png

[scottlad]

tbh i dont know how to save to desk top.it just came up run,ill go look for missing text

[scottlad]

All processes killed

========== OTL ==========

Service yukonwlh stopped successfully!

Service yukonwlh deleted successfully!

File system32\DRIVERS\yk60x86.sys File not found not found.

Service WisINT15 stopped successfully!

Service WisINT15 deleted successfully!

File c:\Windows\System32\OEM\factory\WisINT15.SYS File not found not found.

Service USBModem stopped successfully!

Service USBModem deleted successfully!

File system32\DRIVERS\lgusbmodem.sys File not found not found.

Service UsbDiag stopped successfully!

Service UsbDiag deleted successfully!

File system32\DRIVERS\lgusbdiag.sys File not found not found.

Service usbbus stopped successfully!

Service usbbus deleted successfully!

File system32\DRIVERS\lgusbbus.sys File not found not found.

Service NwlnkFwd stopped successfully!

Service NwlnkFwd deleted successfully!

File system32\DRIVERS\nwlnkfwd.sys File not found not found.

Service NwlnkFlt stopped successfully!

Service NwlnkFlt deleted successfully!

File system32\DRIVERS\nwlnkflt.sys File not found not found.

Service LGVMODEM stopped successfully!

Service LGVMODEM deleted successfully!

File system32\DRIVERS\lgvmodem.sys File not found not found.

Service lgbusenum stopped successfully!

Service lgbusenum deleted successfully!

File system32\DRIVERS\lgbtbus.sys File not found not found.

Service LgBttPort stopped successfully!

Service LgBttPort deleted successfully!

File system32\DRIVERS\lgbtport.sys File not found not found.

Service IpInIp stopped successfully!

Service IpInIp deleted successfully!

File system32\DRIVERS\ipinip.sys File not found not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.

Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}

C:\Windows\Downloaded Program Files\swdir.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.

Starting removal of ActiveX control {1C11B948-582A-433F-A98D-A8C4D5CC64F2}

C:\Windows\Downloaded Program Files\2020Player.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C11B948-582A-433F-A98D-A8C4D5CC64F2}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

ADS C:\ProgramData\TEMP:C46995DA deleted successfully.

ADS C:\ProgramData\TEMP:03D08225 deleted successfully.

ADS C:\ProgramData\TEMP:D576A536 deleted successfully.

ADS C:\ProgramData\TEMP:B722BCE5 deleted successfully.

ADS C:\ProgramData\TEMP:5E22637F deleted successfully.

ADS C:\ProgramData\TEMP:82591FF7 deleted successfully.

ADS C:\ProgramData\TEMP:3B07E6F4 deleted successfully.

ADS C:\ProgramData\TEMP:4B244549 deleted successfully.

ADS C:\ProgramData\TEMP:AE2EA3C2 deleted successfully.

ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.

ADS C:\ProgramData\TEMP:80E965A3 deleted successfully.

ADS C:\ProgramData\TEMP:EA701346 deleted successfully.

ADS C:\ProgramData\TEMP:CBEB737E deleted successfully.

ADS C:\ProgramData\TEMP:0D52F295 deleted successfully.

ADS C:\ProgramData\TEMP:0E22C5DB deleted successfully.

ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.

ADS C:\ProgramData\TEMP:3790BACD deleted successfully.

ADS C:\ProgramData\TEMP:AF66D8C5 deleted successfully.

ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.

ADS C:\ProgramData\TEMP:56C17A93 deleted successfully.

ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.

ADS C:\ProgramData\TEMP:A26AFC00 deleted successfully.

ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.

ADS C:\ProgramData\TEMP:CB0FEE2B deleted successfully.

ADS C:\ProgramData\TEMP:C420DC2E deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Administrator\Downloads\cmd.bat deleted successfully.

C:\Users\Administrator\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 60618666 bytes

->Temporary Internet Files folder emptied: 3035787 bytes

->Java cache emptied: 2120 bytes

->Google Chrome cache emptied: 393503833 bytes

->Flash cache emptied: 826 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Demi

->Temp folder emptied: 287214 bytes

->Temporary Internet Files folder emptied: 2256425 bytes

->Java cache emptied: 1147833 bytes

 

User: Public

 

User: Toni_Babee

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 63436289 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 844 bytes

 

Total Files Cleaned = 500.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 11172012_142956

 

 

Files\Folders moved on Reboot...

 

 

PendingFileRenameOperations files...

 

 

Registry entries deleted on Reboot...

[scottlad]

thats all i could find in c drive with otc

[scottlad]

OTL logfile created on: 17/11/2012 20:34:09 - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.75 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 49.62% Memory free

3.74 Gb Paging File | 2.36 Gb Available in Paging File | 63.19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.28 Gb Total Space | 96.25 Gb Free Space | 69.11% Space Free | Partition Type: NTFS

 

Computer Name: TONI_BABEE-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Administrator\Downloads\OTL (3).exe (OldTimer Tools)

PRC - C:\Users\Administrator\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)

PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

PRC - c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\ppgooglenaclpluginchrome.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\PepperFlash\pepflashplayer.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\pdf.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\libglesv2.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\libegl.dll ()

MOD - C:\Program Files\Google\Chrome\Application\25.0.1323.1\ffmpegsumo.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

 

 

========== Services (SafeList) ==========

 

SRV - (vToolbarUpdater13.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)

SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)

SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)

SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SRV - (ETService) -- C:\Program Files\EMACHINES\eMachines Recovery Management\Service\ETService.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MpKsl5ebfd329) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0C5400E0-777C-48B8-A270-BD2153054F2D}\MpKsl5ebfd329.sys (Microsoft Corporation)

DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV - (SmartDefragDriver) -- C:\Windows\System32\drivers\SmartDefragDriver.sys ()

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)

DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.)

DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0809&s=2&o=vb32&d=1208&m=d620

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{D0B32FED-7B88-4D29-A717-2F8442578FCE}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/28 21:47:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\

 

 

========== Chrome ==========

 

CHR - homepage: http://www.google.co.uk/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.co.uk/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\25.0.1323.1\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.150.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll

CHR - Extension: Google Docs = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.3_0\

CHR - Extension: Google Drive = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\

CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012/11/17 14:31:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)

O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} http://www.shockwave.com/content/cookingdash/sis/CookingDashWeb.1.0.0.9.cab (CPlayFirstCookingDasControl Object)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 10.9.2)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D76F5822-7F1C-4008-8C03-00DB33481E3B}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest - No CLSID value found

O18 - Protocol\Handler\linkscanner - No CLSID value found

O18 - Protocol\Handler\sacore - No CLSID value found

O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/11/17 19:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/11/17 19:29:56 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys

[2012/11/17 19:21:09 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/11/17 14:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/11/17 14:49:20 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012/11/17 14:49:20 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012/11/17 14:48:56 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/11/17 14:48:56 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/11/17 14:48:56 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012/11/17 14:29:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/11/17 14:19:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013

[2012/11/16 14:53:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes

[2012/11/16 14:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/11/16 14:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/11/16 14:53:11 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/11/16 14:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/11/16 14:49:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Apple Computer

[2012/11/16 08:25:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012/11/16 08:24:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012/11/16 08:24:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012/11/16 08:24:51 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012/11/16 08:24:49 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012/11/16 08:24:41 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2012/11/16 08:24:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012/11/16 08:24:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012/11/15 22:36:53 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll

[2012/11/15 22:36:16 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2012/11/14 03:25:49 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DriverFinder

[2012/11/12 01:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup

[2012/11/12 01:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks

[2012/11/09 17:01:15 | 000,022,912 | ---- | C] (IObit) -- C:\Windows\System32\RegistryDefragBootTime.exe

[2012/11/08 22:54:11 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

[2012/11/07 21:39:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI

[2012/11/07 21:39:41 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI

[2012/11/07 01:27:53 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/11/07 01:27:53 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/11/07 01:02:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software

[2012/11/07 00:29:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\MFAData

[2012/11/05 14:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012

[2012/11/05 14:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

[2012/11/05 14:20:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/11/05 14:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue

[2012/11/05 14:11:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVG

[2012/11/05 14:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/11/05 14:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue

[2012/11/05 13:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Vittalia

[2012/10/25 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Sony

[2012/10/25 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Sony

[2012/10/25 22:21:26 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012/10/25 22:20:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2012/10/25 22:20:21 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012/10/25 22:20:21 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012/10/25 22:19:56 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012/10/25 22:19:32 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012/10/25 22:19:29 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2012/10/25 22:19:29 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll

[2012/10/25 22:19:28 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll

[2012/10/25 22:19:28 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll

[2012/10/25 22:19:28 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll

[2012/10/25 22:19:27 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll

[2012/10/25 22:19:21 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll

[2012/10/25 22:07:07 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2012/10/25 22:06:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2012/10/25 22:06:58 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2012/10/25 22:01:30 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2012/10/25 22:01:29 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2012/10/25 22:01:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2012/10/25 22:01:28 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2012/10/25 21:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/10/25 21:56:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google

[2012/10/25 21:56:26 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll

[2012/10/25 21:55:16 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2012/10/25 21:55:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

[2012/10/25 21:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix

[2012/10/25 21:52:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Citrix

[2012/10/25 21:15:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple

[2012/10/25 20:52:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia

[2012/10/25 20:52:24 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe

[2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches

[2012/10/25 20:49:46 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/10/25 20:49:37 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll

[2012/10/25 20:49:36 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll

[2012/10/25 20:49:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities

[2012/10/25 20:49:31 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data

[2012/10/25 20:49:13 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data

[2012/10/25 20:49:12 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop

[2012/10/25 20:49:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/10/25 20:49:12 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft Help

[2012/10/25 20:49:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft

[2012/10/25 20:49:00 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll

[2012/10/25 20:49:00 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll

[2012/10/25 20:48:59 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll

[2012/10/25 20:48:27 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll

[2012/10/25 20:48:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe

[2012/10/25 20:42:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashDumps

[2012/10/25 20:11:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\IObit

 

========== Files - Modified Within 30 Days ==========

 

[2012/11/17 20:19:23 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/11/17 20:01:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/11/17 19:37:51 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/11/17 19:35:17 | 000,003,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/11/17 19:35:17 | 000,003,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/11/17 19:35:03 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2012/11/17 19:34:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/11/17 19:32:20 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/11/17 14:48:31 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2012/11/17 14:48:28 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2012/11/17 14:48:28 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2012/11/17 14:48:28 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2012/11/17 14:48:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2012/11/17 14:48:28 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2012/11/17 14:31:46 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2012/11/16 14:53:18 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/16 10:43:18 | 000,293,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/11/16 10:12:44 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/11/16 10:12:44 | 000,121,952 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/11/14 03:38:30 | 000,003,584 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/14 03:36:59 | 000,000,940 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/11/09 17:12:07 | 000,000,000 | ---- | M] () -- C:\asc_rdflag

[2012/11/08 22:53:59 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

[2012/11/07 01:27:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2012/11/07 01:27:53 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2012/11/05 14:46:52 | 000,001,997 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/11/05 14:46:52 | 000,001,973 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2012/10/25 20:10:04 | 000,000,945 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/10/25 11:01:29 | 000,000,086 | ---- | M] () -- C:\Windows\System32\_system.ini

 

========== Files Created - No Company Name ==========

 

[2012/11/17 19:32:20 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif

[2012/11/17 19:31:52 | 000,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2012/11/16 14:53:18 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/11/14 03:36:59 | 000,000,940 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

[2012/11/09 17:12:07 | 000,000,000 | ---- | C] () -- C:\asc_rdflag

[2012/11/09 04:05:37 | 000,003,584 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/11/07 01:27:59 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/10/25 21:59:48 | 000,001,997 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/10/25 21:59:48 | 000,001,973 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk

[2012/10/25 21:56:49 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/10/25 21:56:46 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/10/25 20:49:48 | 000,000,951 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/10/25 20:49:45 | 000,000,946 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012/10/25 20:49:31 | 000,000,917 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

[2012/10/25 20:49:13 | 000,000,258 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/10/25 20:49:13 | 000,000,240 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/10/25 20:10:04 | 000,000,945 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/10/25 11:01:29 | 000,000,086 | ---- | C] () -- C:\Windows\System32\_system.ini

[2011/02/15 20:59:51 | 000,029,008 | ---- | C] () -- C:\Windows\System32\SmartDefragBootTime.exe

[2011/02/15 20:59:51 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

 

========== ZeroAccess Check ==========

 

[2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

 

< End of report >

[scottlad]

OTL Extras logfile created on: 17/11/2012 00:15:41 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

1.75 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 53.23% Memory free

3.75 Gb Paging File | 2.35 Gb Available in Paging File | 62.82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 139.28 Gb Total Space | 94.85 Gb Free Space | 68.10% Space Free | Partition Type: NTFS

 

Computer Name: TONI_BABEE-PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- Reg Error: Key error. File not found

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{001ABF0F-C70E-4D2D-8B40-23DD108507CA}" = lport=445 | protocol=6 | dir=in | app=system |

"{01060D68-1F5A-4024-8EE5-5289D85D00F9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |

"{0178A097-CC23-4998-AF7D-58E0B32A9090}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{0586EC97-CF19-47FD-8968-BE72D4E0252E}" = lport=445 | protocol=6 | dir=in | app=system |

"{07061314-1B91-433F-966B-709A7617C548}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |

"{08C3FDCE-3C4C-4A30-B56D-47935C2E325C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{1317736D-F315-451D-963B-1C85266F8E16}" = rport=1701 | protocol=17 | dir=out | app=system |

"{141A06EE-9EB8-44DE-AF13-2DFE59E1A1BE}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |

"{19F5A4D7-CA7F-4B51-9D17-4135F9D1C00C}" = rport=137 | protocol=17 | dir=out | app=system |

"{1A057CE5-4338-42B3-9BC3-7C45F4D595E9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{1B7E37B8-010B-4DB1-ACD8-3C3A470FA9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{1C9DC42C-B4A5-443B-A488-151B6C893128}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |

"{23AA4105-991A-463E-B8DB-DF2E15CA4794}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{243D1901-3DFD-4389-8B37-484D8ADC4BD2}" = lport=139 | protocol=6 | dir=in | app=system |

"{250486F8-D99D-4E77-9BB1-E32B19F79ED6}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |

"{2E07FF1B-2723-4DCE-B4E3-9CD4200A9490}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |

"{32992451-BA2A-471D-8056-84B3EC5B566E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

"{32AEA606-63AB-485E-BD51-17AED3D27E33}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{32E60633-0CCC-4BE7-8240-6D25AF9FDB23}" = rport=139 | protocol=6 | dir=out | app=system |

"{355DC2AC-0E68-467A-A39F-3D1BAD4F57CE}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{375E6F55-5971-4690-B884-39C849BB7DFE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{40294166-DB8F-4838-B283-82596E5BBD9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |

"{413F8CF8-5435-4A71-A798-686516D0528A}" = lport=445 | protocol=6 | dir=in | app=system |

"{42C606CE-9EA0-4CC2-B0EA-C789C36203A3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |

"{4425B760-7102-428D-AB94-5E4F9D7DF890}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |

"{4664E99C-D3BA-4541-A8D0-EED86250E044}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{4698080B-9F9C-4C2B-8C6E-30EEB7D03974}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |

"{4CE3F259-4F82-4816-834F-E253584353DA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{4CECE909-0C8A-4121-A006-233811BDEF97}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |

"{4F34FEF4-9787-4675-AEDD-A452EB861609}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{56FC6BD1-23A2-4A91-9B5E-509A10BBE470}" = lport=445 | protocol=6 | dir=in | app=system |

"{58DD7608-A0AF-48CC-8C8C-3239814AD868}" = lport=2178 | protocol=6 | dir=in | app=system |

"{638026E4-7D36-4F01-80B1-5AFF6D871370}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{639C2BDE-324A-4A33-A14F-1721ECCB0E33}" = lport=5985 | protocol=6 | dir=in | app=system |

"{6466916F-9AAE-46C7-B30C-BE17375BAEE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{64A25623-348D-4AA8-BDB3-234EFBF5DD6C}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |

"{64DABCCF-0AB5-471E-B721-C3DEF6B06C67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{65ADF8BB-C282-4571-B94F-DB397492A0B4}" = lport=443 | protocol=6 | dir=in | app=system |

"{66B1FE7E-4CD3-46FD-BD63-ADA4218D1D22}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{67160146-8D9C-4202-8D82-CDC2B921D23E}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |

"{697972D1-1EE5-4CAC-BF66-2F71C6BAB09A}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |

"{6C7721B7-2B26-4744-B15C-E1CDDCCFD573}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |

"{6C9F0ED7-403F-4823-80A8-901FB1B9D268}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |

"{6DCA92A4-083C-444F-8B55-1C5DD84D0A0D}" = lport=445 | protocol=6 | dir=in | app=system |

"{7A5D1940-F2D1-4BBB-AB9A-79974B161A4C}" = rport=445 | protocol=6 | dir=out | app=system |

"{7B61A224-7114-4FBA-9D50-5E15FBA2510D}" = lport=80 | protocol=6 | dir=in | name=windows remote management - compatibility mode (http-in) |

"{83543D3D-FD4B-4D85-99AB-15C73FADC0A1}" = rport=10243 | protocol=6 | dir=out | app=system |

"{844EFC98-C56B-4182-BDC1-DA707B7364D4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{89F924B4-351B-406D-A60D-120B7CB166E6}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{8F33BAD7-B253-49BD-90FF-B02DE847CE59}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |

"{9247F10E-A258-49F4-8FCB-7D07405CFB9E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{943B063A-A744-4C3C-AE01-031C04235EF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{95E10138-4522-430D-BD95-2850F15DF80C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{972067EE-7CA4-4B76-9776-6133F93D9104}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{99B9680B-3EA4-48A4-B376-5AC4FFF2FBE2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{9B27DDAD-D476-476A-831C-56E158CEE759}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |

"{9DF1E949-4759-4CC1-912D-9173A48730DB}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |

"{9E0DE7DB-FB6C-425E-B8D2-BE74E029249E}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A1EC6AF3-65C4-4FDF-BFFD-062FBACCB2BA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{A237D85F-6B54-4A50-915F-0C919BCE53E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{A2BA8724-D255-44AA-AB92-307C126D02D4}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |

"{AAA12CED-E482-48D2-957F-63B3E16BD5F9}" = lport=1701 | protocol=17 | dir=in | app=system |

"{AD0F5816-A95A-454E-908A-47A3BF720C2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{B0C90E8A-0074-4F13-9EB4-59EA7B525542}" = rport=138 | protocol=17 | dir=out | app=system |

"{B31E745A-F7FE-4F15-8EBE-BB3D27517954}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |

"{B4FC8F65-9BF5-4BAB-9B2E-A86D07200AF9}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |

"{C0933505-4287-4724-B70A-81301D937D7C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

"{C6ACCB76-ACAB-4E46-AFA5-57BF21C29B58}" = rport=2178 | protocol=6 | dir=out | app=system |

"{C8873CC7-627F-492C-BF1B-2DA370DE1787}" = rport=1723 | protocol=6 | dir=out | app=system |

"{C906585E-4DD1-436C-9616-20C8AEDDC5B5}" = lport=137 | protocol=17 | dir=in | app=system |

"{C9F788E0-CBB4-47E9-A902-AE66FFE73E6C}" = lport=1723 | protocol=6 | dir=in | app=system |

"{CF3DC892-ADC4-4397-A720-7175F9677567}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D28E37CE-D317-4DDD-B745-E095CFCD8F90}" = lport=138 | protocol=17 | dir=in | app=system |

"{DC937F96-5ECF-4A9E-9D61-5E9744B490B4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{EB71D66E-6BE6-41C2-8FD3-009D8EB3181C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |

"{EF8B7FCF-39E7-4D71-98C3-7E03B5648EEB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

"{F126BF91-AFE3-4772-928E-4904E87F1D43}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |

"{F5ED1BF5-5778-4B5F-9629-899DF7784B9B}" = lport=10243 | protocol=6 | dir=in | app=system |

"{F6C3666D-0720-4347-A06D-B9B74B9F628E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |

"{F8C33ACE-8894-4A9B-95BD-5EFF0762111D}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |

"{FADEA44A-E080-43FC-A445-E3CACA913C9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

"{FB790FE0-035A-449A-BE68-729C5E7F285D}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |

"{FBFF1650-B7B4-40AD-BFE0-32505E5F7559}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02F5D139-6E81-4F03-97DD-7DA150DE592B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |

"{0F6599D7-B03F-4589-A520-1DB3068E484D}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |

"{0F93EB82-8F59-44B6-9C83-F139B6D8833D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{0FF24AF4-40D9-4056-B486-08094C973DC3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{132B00A1-945B-423C-92EE-74B1B11CE18E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |

"{172F9ECB-8E6C-40AB-B685-1498EEB88EDD}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{17B898DD-5C65-41F9-B9A6-9E3770546C56}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{1F43E424-BDF6-4C74-BF9B-4D0E5E91CCF3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{2186F135-EFD3-423F-A146-A51B8843C1C1}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |

"{2265C24D-2A2D-4D70-ACCA-C9D16583B69C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{26C7F19D-FAA9-41FA-9A87-AF39472BDFAF}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |

"{2C34E3D4-3A51-43D6-815F-5F8BD2312EF7}" = protocol=6 | dir=out | app=system |

"{2EAE9CE6-1F30-4CF6-94A0-4286A8C51C87}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |

"{32944EC5-C19C-49BC-8224-A7D2CCB670C6}" = protocol=6 | dir=out | app=system |

"{39A4C846-61BB-4CE2-902C-2EECCCEF57E9}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |

"{3E66AAF2-63B1-4C0D-A57D-BBD0475608A3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{3E9E78F0-DEF1-48F5-BDE2-C95045961E48}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |

"{3F7EE3DD-184B-4188-AA9B-90733F7EABA6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |

"{3FAE2D78-C45F-4006-843D-4E12AD0E9C5F}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |

"{471DBA10-25FC-4A4F-BC3F-6F0C75F81EFE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |

"{4B0A9E7C-E53C-492E-9199-E14F8F958899}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |

"{516193E8-8ACA-4CB4-8EF0-532EA10D14AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{540D9A34-3555-430D-B44F-87237DAFF8AD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{572CB1CF-4BCC-4089-A87D-799D38BAD966}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{5C88BB7A-B78E-4A06-951B-6D3725362717}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |

"{5E066AB0-0CD2-42FC-B5E1-358D8F1D144B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{5ED2AB85-4DBC-4A5E-A895-3D20988D09A9}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |

"{60533F90-DB5C-4C2A-8B49-C1E6239E5C60}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{6377F93B-452C-4C36-AAE8-4AE7B654BB5B}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{6AB12C0F-7296-4904-82A8-F7DBB734FE06}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{6C1EA08A-2A8B-40E4-B495-90DBB4E63230}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{727FF443-35E6-47FA-8E6B-E32020F9026E}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |

"{7651C3E1-168B-4084-AB01-34EC7241A1EE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{76768A75-7456-47CC-B506-E6E58878EABF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{791D963B-7FC0-453D-8145-9B37EF36894C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |

"{7B3D87C3-4182-4BDC-9BF2-FDD72DCEFB37}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8080000B-4928-4D42-B8B4-043210056BFB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |

"{810DC852-B8AB-4076-878A-BC79C04B87B9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{89326CC5-7C8E-40E3-8233-D5F4BBD35C4C}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |

"{9031F3B8-1D3B-4C92-83D7-6101E8BBFD5B}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |

"{94180BA9-CFA5-4BF3-B2DF-8DCDFDD3C6C1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |

"{948EB7ED-60C2-4F4F-8FC7-E15E70386E34}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{983DDB62-4CFD-482E-83AC-DA046C715647}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{98C312C0-275E-49F3-9047-B4F1CC3ECFC8}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |

"{9A6B29AB-4458-457F-890E-3E7EC55221C8}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{9E817773-886A-4EE9-983C-C19C00DEC499}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{A00275BE-ACB0-449B-97CD-B894B2E69E8A}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |

"{A3354185-03DF-4375-BE24-5FED2E2376F8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{A3A3407F-6FA7-4C36-B7C3-AD9C8071563D}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |

"{A6454EC7-8D4B-4B3F-AD08-2EBFEFBB7427}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{AAB03878-E6A5-49A6-93FF-8535793CCCBD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |

"{B3DBCAD0-C648-4A60-9B7D-5756D132E0E3}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{B41E871D-9483-4DEC-B2FF-259EE5890A52}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |

"{B74012BF-EA3B-4B5C-AAEE-F67DFE3A6F33}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{B7BAA7A0-D68C-4EC6-A157-7D44B104F1F8}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |

"{C1DAA8F0-48F6-4107-9D38-27953ED7E840}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{C5E2C926-4C95-4E26-B5E4-B94F3FE4B46F}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |

"{C7134712-71F9-4A36-959C-B6C31404E0FA}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |

"{CA8B55E3-EE43-48AC-85CB-9BF7EA93F99B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{CDEEDCE3-3E07-4099-80A7-4E28CB247587}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |

"{D836F0FA-EC61-476E-B4C2-8CC1993E3F6D}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |

"{E3F78BDC-1E17-49CC-B9EC-386D22CB5E12}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{E4884744-BAB9-4EB7-BF11-6A695007A7D0}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe |

"{E4B2E4DC-2B3C-436D-8351-540C7D1EB6F8}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |

"{EA24A832-72B7-4FD3-8B82-B7609F513436}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{EA3A8818-9761-4D6F-9A84-24013BA80B6C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{EA8BA2D7-BCAA-44AD-93D4-338301B5DBBD}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |

"{F259C063-DB55-4436-B13D-88A409754C21}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |

"{F319706B-E364-4C89-AF57-2B95DC205BC6}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |

"{FB8E47A1-E532-40D3-A4AD-D3B0B8DA73C8}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08715547-A3E5-D54A-C7C3-84348C0624EE}" = Catalyst Control Center Localization Portuguese

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B473FE5-A37A-FAEC-375A-DF7FACB974C2}" = Catalyst Control Center Localization Swedish

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{1985865F-013F-E7E0-64C1-D426A0AE2C8E}" = CCC Help Czech

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1D25EB8B-61CD-2936-D6F6-596C9278F2F0}" = Catalyst Control Center InstallProxy

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F7D7D0A-5696-F1AA-8967-C780DA8C3536}" = Catalyst Control Center Localization Chinese Traditional

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20385C16-2E18-7874-A4F6-68D0B14CFD2D}" = Catalyst Control Center Graphics Light

"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs

"{223CADD2-5E02-350D-C7D9-1092D38CF049}" = CCC Help Dutch

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 20

"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup

"{27E957E9-D6DF-1C12-EA88-81DDA54508FB}" = Catalyst Control Center Localization Italian

"{27FB1657-2F26-955B-34D3-381323E159B6}" = Catalyst Control Center Graphics Full Existing

"{2893110C-5623-20C0-4D99-4F717F16FC81}" = Catalyst Control Center Graphics Full New

"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety

"{29BC0BC3-CCC0-39C5-21F9-F17230F1F4F3}" = ccc-core-static

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)

"{2B9FEAEC-EB33-99FE-B582-33A45D272F03}" = Catalyst Control Center Localization Russian

"{2D8E1E31-5B41-11C8-C88C-E69106AA5EC1}" = CCC Help Spanish

"{2E9A0D49-B758-638C-3639-896041E683F8}" = Catalyst Control Center Localization Finnish

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{31BAC22A-0717-F8CE-FC67-F74B57C71460}" = CCC Help German

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3A2CC72F-DDE4-A81E-475D-DA286113652C}" = Catalyst Control Center Graphics Previews Vista

"{3AC21843-7DB1-8BF6-88AC-330BC2B7DA8E}" = CCC Help Japanese

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{40255140-E947-46E1-A841-C1F27AB309CB}" = AVG 2013

"{44454932-7EE9-2903-549F-45CFF97D2B82}" = CCC Help Korean

"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013

"{44D077C3-A31F-CD46-499B-7BF1D8B2C4ED}" = CCC Help Thai

"{463E4C5C-77EE-EBD6-7798-5FB2DB3DA5CC}" = CCC Help Danish

"{47A0A904-290D-315F-F90D-8CCDA69B18F9}" = Catalyst Control Center Localization Polish

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{513BA0B0-248A-A705-89EF-866C4D3B86A7}" = Catalyst Control Center Localization Turkish

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{608E2E77-C78D-072A-28E2-71E62BF54592}" = Catalyst Control Center Localization Dutch

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{6251545D-5058-CB7F-D93A-F87A192A4378}" = CCC Help Portuguese

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6A0BE0CF-B901-4C81-B308-6C08B393C2AC}" = Catalyst Control Center Localization Hungarian

"{6FC25653-65CC-0B75-1C14-676342A15259}" = Catalyst Control Center Localization Chinese Standard

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73706EE4-90E4-A65B-40BD-86672156A626}" = Skins

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7766AA5D-3DB1-A633-92A2-0CA13E2568DD}" = CCC Help French

"{78386976-46A3-F5C3-36B4-98280F3B81E7}" = CCC Help Turkish

"{796F53F9-A098-3ED2-A4FC-E1C24430A243}" = Catalyst Control Center Localization Japanese

"{7ECB1FE2-408E-D314-D812-0FC3FA048C61}" = CCC Help Hungarian

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management

"{7F9ADEE3-E5E0-34A5-345A-590BC90D4E33}" = CCC Help Italian

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012

"{81E55AB8-83FC-C7D7-F599-B8C9AA9BD207}" = CCC Help Russian

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8CE5A7A2-BC80-EFD3-6489-E92A2BCB1BF2}" = ccc-utility

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A2DB513F-A9AA-D30F-B00D-B6C3056F5608}" = Catalyst Control Center Localization Norwegian

"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter

"{A68341CE-7AB6-3984-420A-D197E6BB72E7}" = CCC Help Greek

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{ADF34BD2-879C-63EA-1C7E-2F2CDA9E5950}" = CCC Help Chinese Standard

"{AEEDFE42-D580-54D6-6947-E805FD5CECCB}" = CCC Help English

"{AF18FA75-1239-B316-AED9-08151CB34737}" = Catalyst Control Center Localization Korean

"{AF7AA100-3160-480B-DB62-BABE42A6B618}" = CCC Help Norwegian

"{B0C037F9-7BD7-6417-6ADF-A08EEC011AF0}" = CCC Help Swedish

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012

"{BD7D29B1-903C-45DB-2685-C154C17FDDA5}" = ATI Catalyst Install Manager

"{BF7AB326-92C8-C250-5B99-0DB96A2634D9}" = Catalyst Control Center Localization Greek

"{C17F7063-4BBC-EC05-4312-7F33DA5641E0}" = Catalyst Control Center Localization Spanish

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C95159F2-6A71-C74D-855A-22943F1016C3}" = Catalyst Control Center Localization French

"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D513B90E-92C9-2A48-044C-6F6264E5AF6A}" = Catalyst Control Center Core Implementation

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE5EB975-946C-4ADF-ABCC-3609BCEBF978}" = AVG 2013

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B4B94E-AFE8-3635-857A-8AE7F90E9DDD}" = Catalyst Control Center Localization Thai

"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer

"{E863E701-B897-C5BC-5F9B-5F3E7484E81C}" = CCC Help Finnish

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F4D0FC65-E6D0-0AC3-F87B-06BF11435DE0}" = Catalyst Control Center Localization Czech

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{F719C40B-FDE9-402B-8F9C-2D47517DC813}" = Catalyst Control Center Localization German

"{F9015FF1-09EB-4A43-8E69-0136F890C656}" = CCC Help Chinese Traditional

"{FC67D87A-ABDB-69BE-2988-3CDCCD84B211}" = Catalyst Control Center Localization Danish

"{FDD357D8-A4EB-1DBB-1CB2-74E9F259817B}" = CCC Help Polish

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG" = AVG 2013

"Google Chrome" = Google Chrome

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"MSC" = McAfee Internet Security

"Vittalia" = Vittalia Installer

"WinLiveSuite" = Windows Live Essentials

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 13/11/2012 17:36:51 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 4762991

 

Error - 13/11/2012 17:36:51 | Computer Name = Toni_Babee-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4762991

 

Error - 13/11/2012 19:15:15 | Computer Name = Toni_Babee-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 13/11/2012 19:18:49 | Computer Name = Toni_Babee-PC | Source = VSS | ID = 8194

Description =

 

Error - 13/11/2012 19:19:54 | Computer Name = Toni_Babee-PC | Source = Windows Search Service | ID = 3013

Description =

 

Error - 13/11/2012 19:19:54 | Computer Name = Toni_Babee-PC | Source = Windows Search Service | ID = 3013

Description =

 

Error - 13/11/2012 19:19:56 | Computer Name = Toni_Babee-PC | Source = Windows Search Service | ID = 3013

Description =

 

Error - 13/11/2012 19:19:56 | Computer Name = Toni_Babee-PC | Source = Windows Search Service | ID = 3013

Description =

 

Error - 13/11/2012 19:20:01 | Computer Name = Toni_Babee-PC | Source = Windows Search Service | ID = 3013

Description =

 

Error - 13/11/2012 19:20:01 | Computer Name = Toni_Babee-PC | Source = Windows Search Service | ID = 3013

Description =

 

[ System Events ]

Error - 16/11/2012 14:57:04 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 16/11/2012 14:57:04 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7006

Description =

 

Error - 16/11/2012 14:57:04 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7006

Description =

 

Error - 16/11/2012 14:57:04 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7003

Description =

 

Error - 16/11/2012 14:57:04 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7003

Description =

 

Error - 16/11/2012 14:57:04 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7003

Description =

 

Error - 16/11/2012 14:59:27 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7009

Description =

 

Error - 16/11/2012 14:59:27 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 16/11/2012 15:00:13 | Computer Name = Toni_Babee-PC | Source = Service Control Manager | ID = 7003

Description =

 

Error - 16/11/2012 15:02:12 | Computer Name = Toni_Babee-PC | Source = DCOM | ID = 10010

Description =

 

[ TuneUp Events ]

Error - 24/10/2009 14:46:36 | Computer Name = Toni_Babee-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

 

Error - 24/10/2009 14:46:42 | Computer Name = Toni_Babee-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

 

Error - 24/10/2009 15:15:24 | Computer Name = Toni_Babee-PC | Source = TuneUp Program Statistics | ID = 131840

Description =

 

 

< End of report >

[Starbuck]

Hi scottlad

 

Yes! that's the extras.txt :) nice one.

 

i dont know how to save to desk top.

Are you using Firefox or Chrome for the downloads?

To make Firefox download to the desktop instead of the download folder....

 

Open Firefox.

Click the Tools tab.

Click Options ... it should open on the General tab.

You will see .... Save Files to: (yours will probably say Downloads in the box)

Click the Browse button and select Desktop .... then click on Select Folder.... on the next screen click Ok.

Now all the downloads will be downloaded to the desktop.

It's a lot easier to see and access them from the desktop.

 

To make Chrome download to the desktop instead of the download folder..

Open Chrome.

Click the 3-bar icon in the upper right hand corner of the Chrome window,

Select "Settings," type Downloads in the search bar on the Settings page,

Click the "Change..." button on the "Download location" row,

Browse to the Desktop, and select it.

 

This new setting will only apply to any new downloads you make.

 

Although you stated earlier that you had removed AVG .... i see now why it was still showing in the next report.

You had 2 versions on your system.

Have you now run the AVG removal tool?

If so, this should have removed any AVG leftovers ( or so they say)

But we never trust these removal tools completely. :D

 

What i need you to do now, is run another Otl scan and post the reports so that i can check to see if there's any AVG leftovers.

As otl is already on your system, the reports will be saved in the same place as before.

 

Double click on OTL to run it.

• Under Extra Registry section, select Use SafeList.
  
• Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

 

Btw:

will i keep that malawre thing on,runs out in 13 days,and will that not interfere with this new avg?

After the trial period, MBAM will automatically change to the free version.

At the moment you will get automatic updates and 'Realtime scanning'...... after the trial period you will have to manually update the program and run a scan manually.

You can leave MBAM on your system as it doesn't conflict with any of the AV programs.