[SOLVED] Closing down problem again with vista laptop. Part 1

Slumdog · August 3, 2013

Ok. lets go for it.

etavares · August 4, 2013

OK, we'll take this in bites.

First download vLite 1.2

Install that.

Please let me know when you are done with that.

-etavares

Slumdog · August 4, 2013

The link takes me to an error page and when I click on downloads, there are multiple options. Which one?

etavares · August 4, 2013

Interesting, they block the direct link to the download. On the download page, under v1.2Final section, click download direclty under "Installer | 1.55MB "

-etavares

Slumdog · August 4, 2013

Done.

etavares · August 6, 2013

First, write down the exactly Windows Version on the installation DVD (e.g. Vista Home Service Pack 1 32-bit), insert your Vista installation CD into the CD drive. If it pops up to install/repair/launch, just cancel out.

Now that vLite is installed, launch it.
Click Browse
Select the Vista DVD in your cd drive then click Apply.
Once it's done copying, select the version of Windows you have exactly as listed on your installation DVD.
From the Tasks tab, select Service Pack Slipstream and Bootable ISO.
Click Apply and wait about an hour.
Once it's done with that, eject the Windows installation DVD.
Insert a blank DVD into the drive.
Click the ISO tab and click Burn
When done, eject the new Vista SP2 DVD and close down vLite.

Let me know how that goes.

-etavares

Slumdog · August 6, 2013

Hi etavares, as i said before the DVD is not an "installation DVD", what it says is a "Reinstallation DVD".

If I write exactly down what it says, all that is on the disc is "Windows Vista Home Premium 32BIT SP1" (It also says "Use this DVD only to reinstall the operating systemon a Dell PC").

Is this seriously what you are advising?

It seems a lot of hassle just to get round MSE!!

I respect your advise totally and if this is what I should do, I'll do it tomorrow. Sorry, been a bit busy today!

etavares · August 8, 2013

Hi Slumdog,

Ok, that's good to know. Some people say 'reinstallation DVD' and mean the Microsoft one. In your case, the Dell makes it clear that is is just a factory image...it doesn't reinstall Windows per se, it wipes your hard drive and restores it to the way it looked the day you bought it...complete with the crapware and removal of all your files/folders. Unfortunately, we can't use that to make the installation DVD that running sfc would be able to read.

I recommended all this hassle as sfc is the only way I've found in my research (you are far from the only one with this issue) that resolves this issue. That concerns me a bit as sfc is system file checker...it looks for corrupted system files and restores them from a copy on your hard drive or usually an Windows installation DVD. That always concerns me, because if one file is corrupted, there's a decent chance others are.

At this point, since you don't have an installation DVD, let's try uninstalling MSE and installing the antivirus of your choice. AVG and Avast are two ones that are free for home use. I use Avast personally, but I didn't like the changes to their interface they made a year or two ago.

Try that and let me know. We're resolving the annoying symptom, but not fixing the root cause. Better than nothing!

-etavares

Slumdog · August 8, 2013

Thanks etavares, have successfully switched to avast and full boot scan ran with no problems.

One question re avast.....with the many shields available (mail, web, P2P, IM etc), should I have them all running? At the moment, none are running.

etavares · August 9, 2013

Hi Slumdog,

Yes, all the shields should be running, that makes it protect you in real time vs. only on demand when you run a scan.

-etavares

Slumdog · August 9, 2013

All of them say "unable to start the ! Shield unreachable".

Slumdog · August 9, 2013

Forget that, It's all working now. Thank you for all your help etavares, I presume that's it now? Or any clearing up to do?

etavares · August 10, 2013

Hi,

Great! Please run an OTL Quick Scan so I can take one final look at the log before I say it looks clean. Please post the log in your reply.

-etavares

Slumdog · August 10, 2013

OTL logfile created on: 10/08/2013 13:14:22 - Run 6

OTL by OldTimer - Version 3.2.69.0 Folder = c:\users\garysmithafc\downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.19% Memory free

6.19 Gb Paging File | 3.90 Gb Available in Paging File | 62.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.26 Gb Total Space | 127.37 Gb Free Space | 57.83% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.70 Gb Free Space | 47.03% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: garysmithafc | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/17 12:08:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- c:\Users\garysmithafc\Downloads\OTL.exe

PRC - [2013/06/25 09:55:11 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

PRC - [2010/11/16 14:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DataCardService\HWDeviceService.exe

PRC - [2010/11/16 14:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DataCardService\DCSHelper.exe

PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2007/12/03 05:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/12/03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2013/07/11 12:46:33 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll

MOD - [2012/11/09 05:02:18 | 001,752,576 | ---- | M] () -- C:\Program Files\File Shredder\fsshell.dll

MOD - [2011/11/02 17:21:40 | 000,411,024 | ---- | M] () -- C:\Program Files\Perfect Uninstaller\Contextmenu.dll

========== Services (SafeList) ==========

SRV - [2013/07/30 23:47:46 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/07/28 12:37:04 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013/04/18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2013/03/06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2011/11/16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)

SRV - [2010/11/16 14:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DataCardService\HWDeviceService.exe -- (HWDeviceService.exe)

SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)

SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/03 05:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/12/03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)

DRV - [2013/08/09 23:54:29 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/08/09 23:54:29 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2013/08/09 23:54:29 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/05/09 09:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/05/09 09:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013/05/09 09:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/05/09 09:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2013/05/09 09:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2013/01/23 10:31:50 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2013/01/23 10:31:50 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2013/01/23 10:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2013/01/23 10:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2012/10/17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2011/01/30 18:19:00 | 000,090,112 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)

DRV - [2011/01/30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2009/12/15 10:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)

DRV - [2009/12/15 10:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)

DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2008/01/25 06:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2008/01/21 03:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2007/12/03 05:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/07 10:27:32 | 000,209,408 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)

DRV - [2007/09/07 07:35:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/07 07:35:44 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/07 07:35:42 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/06/01 13:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)

DRV - [2007/05/24 16:44:00 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)

DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com/?fr=fp-yie9

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=HH&apn_dtid=YYYYYYGAGB&apn_uid=F0D5B4F9-D54E-470E-B071-EE74952B1678&apn_sauid=908C6D78-5285-449A-8AD4-D369965D2873

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK_en-GB

IE - HKCU\..\SearchScopes\{96A9E1EC-B58E-4562-BAE7-F79E71ACEF34}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKCU\..\SearchScopes\{9BCE324A-85C7-4461-A177-5C43111827FD}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9

IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://inboxtoolbar.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80150&lng=en

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.defaulturl: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: ""

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012/05/26 17:50:06 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/02 17:50:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/02 17:50:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/08/09 23:53:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/10 09:51:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/25 13:29:34 | 000,000,000 | ---D | M]

[2010/04/01 12:57:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Extensions

[2013/07/18 09:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\extensions

[2010/09/20 19:05:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\garysmithafc\AppData\Roaming\Mozilla\Firefox\Profiles\w8lqr85o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2013/08/10 09:51:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/07/06 13:22:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/09/05 00:11:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/08/10 09:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions

[2013/08/10 09:52:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/08/09 23:53:51 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/10/19 01:33:11 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2012/10/19 01:33:18 | 000,092,544 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2013/04/02 17:49:17 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\garysmithafc\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\garysmithafc\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: avast! Online Security = C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\

CHR - Extension: InstaTwit = C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhalcamddihdpdgdjkjbgikgobnbbpif\1.4_0\

CHR - Extension: RealDownloader = C:\Users\garysmithafc\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0\

O1 HOSTS File: ([2013/08/09 20:35:08 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)

O4 - HKCU..\Run: [] File not found

O4 - HKCU..\Run: [Free Download Manager793683.exe] "C:\Users\GARYSM~1\AppData\Local\Temp\Free Download Manager793683.exe" /XML="C:\Users\GARYSM~1\AppData\Local\Temp\89C7.tmp" /ROS /STP=0:2 File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll File not found

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: blank ([]about in Trusted sites)

O15 - HKCU\..Trusted Domains: eset.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: eset.eu ([www] https in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE50384C-B309-483F-BD71-F3BFC7743A08}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Users\garysmithafc\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/10 11:06:09 | 000,000,000 | ---D | C] -- C:\Users\garysmithafc\AppData\Local\{C738F8CD-7281-45DD-AF10-F546940AF035}

[2013/08/09 23:54:21 | 000,369,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2013/08/09 23:54:21 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2013/08/09 23:54:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2013/08/09 23:54:20 | 000,770,344 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2013/08/09 23:54:20 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2013/08/09 23:54:20 | 000,049,760 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2013/08/09 23:54:19 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013/08/09 23:54:19 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2013/08/09 23:53:30 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/08/03 01:13:30 | 000,000,000 | ---D | C] -- C:\Users\garysmithafc\AppData\Local\{F8F3EBC8-BBEF-4A4F-B4F5-ED92A4FA4A48}

[2013/07/31 20:30:22 | 000,000,000 | ---D | C] -- C:\Users\garysmithafc\AppData\Local\{AED51D99-2AE6-402D-8E60-3E83B30E0B51}

[2013/07/28 11:02:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed

[2013/07/26 20:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/07/23 10:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2013/07/20 20:04:19 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/07/13 01:43:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT

[2013/07/12 09:13:46 | 000,000,000 | ---D | C] -- C:\Windows\Temp36166A73-3FC9-2B9B-FD84-F3920972C80F-Signatures

========== Files - Modified Within 30 Days ==========

[2013/08/10 13:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/08/10 12:43:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/08/10 11:30:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/08/10 11:30:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/08/10 11:02:14 | 016,840,224 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/08/10 11:02:09 | 008,586,344 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/08/10 09:52:14 | 000,000,832 | ---- | M] () -- C:\Users\garysmithafc\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/08/10 09:52:07 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2013/08/10 09:28:53 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2013/08/10 09:28:53 | 000,049,176 | ---- | M] () -- C:\ProgramData\nvModes.001

[2013/08/10 09:28:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/08/09 23:54:29 | 000,770,344 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2013/08/09 23:54:29 | 000,369,584 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2013/08/09 23:54:29 | 000,175,176 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/08/09 23:54:29 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys.sum

[2013/08/09 23:54:29 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSP.sys.sum

[2013/08/09 23:54:29 | 000,000,175 | ---- | M] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

[2013/08/09 23:54:21 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/08/09 23:54:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013/08/09 23:43:11 | 3219,193,856 | -HS- | M] () -- C:\hiberfil.sys

[2013/08/09 23:32:03 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2013/08/09 23:10:58 | 000,000,563 | ---- | M] () -- C:\Users\garysmithafc\Desktop\aswclear - Shortcut.lnk

[2013/08/09 20:35:08 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

[2013/08/09 17:15:20 | 000,001,558 | ---- | M] () -- C:\FixitRegBackup.reg

[2013/08/08 12:51:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/08/01 10:08:31 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/07/26 21:05:46 | 000,282,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/07/26 20:10:21 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/07/12 19:09:19 | 000,007,808 | ---- | M] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat

[2013/07/12 19:08:52 | 000,000,199 | ---- | M] () -- C:\Users\garysmithafc\Desktop\bet365 - Online Sports Betting.url

[2013/07/12 14:03:50 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0041000920.job

========== Files Created - No Company Name ==========

[2013/08/09 23:54:21 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/08/09 23:54:20 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/08/09 23:54:19 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/08/09 23:43:11 | 3219,193,856 | -HS- | C] () -- C:\hiberfil.sys

[2013/08/09 23:10:58 | 000,000,563 | ---- | C] () -- C:\Users\garysmithafc\Desktop\aswclear - Shortcut.lnk

[2013/08/09 17:15:14 | 000,001,558 | ---- | C] () -- C:\FixitRegBackup.reg

[2013/08/08 12:57:21 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum

[2013/08/08 12:57:21 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum

[2013/08/08 12:57:21 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

[2013/07/26 21:04:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/07/26 20:10:21 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/07/12 14:03:50 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f0041000920.job

[2013/06/25 13:29:32 | 000,000,031 | -H-- | C] () -- C:\Windows\UKCpInfo.sys

[2013/05/20 16:22:51 | 000,290,919 | ---- | C] () -- C:\Windows\System32\pythoncom21.dll

[2013/05/20 16:22:51 | 000,057,344 | ---- | C] () -- C:\Windows\System32\PyWinTypes21.dll

[2013/05/20 16:09:59 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll

[2013/05/20 16:09:59 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin

[2013/05/20 16:09:59 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini

[2012/05/24 13:23:28 | 000,000,033 | ---- | C] () -- C:\Windows\System32\machine.ini

[2010/07/22 20:39:28 | 000,000,642 | ---- | C] () -- C:\Users\garysmithafc\AppData\Roaming\wklnhst.dat

[2009/11/19 13:36:07 | 000,007,808 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\d3d9caps.dat

[2009/11/18 21:02:09 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/11/18 21:02:08 | 000,049,176 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/11/18 20:22:47 | 000,029,184 | ---- | C] () -- C:\Users\garysmithafc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/27 22:04:47 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\AnvSoft

[2009/11/19 20:27:39 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/04/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\DriverCure

[2013/05/20 16:26:43 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\EPSON

[2011/05/14 13:16:54 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\GetRightToGo

[2010/04/06 17:16:52 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\iCopyExpert

[2013/04/26 01:02:36 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\IObit

[2011/09/23 15:09:11 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Keynote Systems

[2012/08/27 20:57:43 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Leawo

[2010/04/16 10:54:35 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Livestation

[2010/04/16 10:54:35 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Mchid

[2012/05/16 19:55:51 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Nokia

[2010/04/12 17:02:08 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Nokia Ovi Suite

[2011/04/30 12:26:24 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\ParetoLogic

[2009/11/20 23:07:19 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\PC Suite

[2011/06/16 00:55:12 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Publish Providers

[2011/05/17 23:15:44 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\RegistryKeys

[2011/06/16 01:02:38 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Sony

[2012/05/26 17:53:29 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\T-Mobile

[2013/04/24 15:17:10 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\T-Mobile Internet Manager

[2010/07/22 20:39:29 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Template

[2010/07/09 19:16:33 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Tific

[2013/05/14 15:55:48 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\uTorrent

[2010/10/21 00:19:13 | 000,000,000 | ---D | M] -- C:\Users\garysmithafc\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A2947BEA

< End of report >

etavares · August 11, 2013

Looks good. If it's running OK, you can uninstall the ESET Online Scanner from Add/Remove Programs.

Also, please launch OTL and press the Clean Up button!

That's it!

Also, I did notice uTorrent installed. P2P tools are extremely useful, but come with dangers. If you know who you are connecting to on the other end, it's a great tool. If you're downloading cracked software, keygens, etc.; that is an extremely common vector of infection. Use at your own risk. There are malware out there that encrypt the hard drive...if that happens, good luck. :(

-etavares

Slumdog · August 11, 2013

Thanks for all your help etavares!

I only use utorrent once or twice a year for music downloads. I'll get rid of it now you have said that!

Not very happy with the Avast security either so will probably change that.

Many thanks again!

etavares · August 12, 2013

You're welcome...glad we got everything straightened out.

-etavares

Sign In

[SOLVED] Closing down problem again with vista laptop. Part 1

Recommended Posts

Slumdog

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

etavares

Slumdog

etavares

Slumdog

etavares

Slumdog

etavares

Slumdog

etavares

Slumdog

Slumdog

etavares

Slumdog

etavares

Slumdog

etavares

Join the conversation

Browse

Activity

Site Info