Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby decepticon » June 7th, 2012, 12:35 pm

Hello sir,MY PC got some multiple problems..like multiple antivirus problems.Right now my pc is runing three antviruses.viz.avast,avg 2012 free edition and vipre.I want to keep avast and want to remove other two antiviruses..please help me...Even though i uninstalled them they still runs on my PC.. I also got some virus problems..which is causung my pc slowing down...HERE ARE MY DDS LOGS..



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_01
Run by v icky at 21:45:11 on 2012-06-07
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.91.1033.18.2038.952 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\PROGRA~1\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Program Files\Comodo\Dragon\dragon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=110396&ba ... 1644763332
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\v icky\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\v icky\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{245E6FCB-7E4C-4A66-BACF-BFC8178B4820} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{58841B97-BB84-436F-A8E8-15F1E8F1AF92} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{58841B97-BB84-436F-A8E8-15F1E8F1AF92} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\v icky\appdata\roaming\mozilla\firefox\profiles\8yw39bvl.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=110396&ba ... 1644763332
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110396&ba ... 4763332&q=
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll
FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110396
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 1aab165d000000000000001644763332
FF - user.js: extensions.BabylonToolbar_i.hardId - 1aab165d000000000000001644763332
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15493
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:47:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-25 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-25 337880]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2011-5-23 47968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 38616]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-25 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-25 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-25 44768]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-24 652872]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-4-11 175632]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-9-9 77816]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-6 935480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-24 20464]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-5-24 501248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-14 136176]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-14 136176]
S3 HPBtnSrv;HP Chasis Button Service;c:\hp\hpezbtn\HPBtnSrv.exe [2009-8-10 198240]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-3 129976]
S3 sbwtis;sbwtis;c:\windows\system32\drivers\sbwtis.sys [2011-11-1 72312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-04-18 23:20:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 08:19:50 405176 ----a-w- c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-04-11 17:25:08 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-04-11 17:25:08 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll
2012-03-22 08:13:58 2557952 ----a-w- c:\windows\system32\QtCore4.dll
2012-03-14 10:17:42 17464 ----a-w- c:\windows\system32\roboot.exe
.
============= FINISH: 21:46:47.54 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10-08-2009 16:33:36
System Uptime: 07-06-2012 20:02:16 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Benicia
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 181.324 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.292 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
A² Studios' ICC Cricket World Cup 2011 Patch
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Comodo Dragon
COMODO GeekBuddy
Copy
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
eSupportQFolder
Free Studio version 5.4.9
FVDIEPlugin
Google Chrome
Google Update Helper
GPBaseService
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 11.0
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Easy Setup - Frontend
HP Imaging Device Functions 11.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
LabelPrint
LightScribe System Software 1.10.16.1
Malwarebytes Anti-Malware version 1.60.0.1800
MarketResearch
MediaRing Talk
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
Nitro Reader 2
Orbit Downloader
Power2Go
PowerDirector
PSSWCORE
Python 2.5
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
TuneUp Utilities Language Pack (en-US)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
VIPRE Antivirus
VLC media player 1.0.5
WebReg
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
31-05-2012 09:42:29, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001644763332 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
31-05-2012 01:20:16, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The HP Health Check Service application cannot be run in Win32 mode.
31-05-2012 01:18:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
31-05-2012 01:18:15, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
06-06-2012 09:34:54, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
04-06-2012 13:52:44, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
.
==== End Of File ===========================
decepticon
Regular Member
 
Posts: 22
Joined: May 29th, 2012, 1:57 pm
Advertisement
Register to Remove

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby diver79 » June 7th, 2012, 4:21 pm

Hi and welcome to MalwareRemoval.com.
My name is Diver79, and I will be helping you with your malware problems.

Before we start please note the following important guidelines.
  • The instructions given are for THIS computer only! Using these instructions on a different computer, can make it inoperable!
  • Please DO NOT run any other software or scans whilst I am helping you.

Note: If you haven't done so already, please ensure you have read the following article. ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
diver79 wrote:Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
How to backup your data - Vista/Win7

Looking into your logs now. Will post instructions soon...

diver79.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby diver79 » June 7th, 2012, 4:44 pm

Hi decepticon,

Lets get rid of the two additional anti-virus applications first.

AVG Removal Tool
  • Download the removal tool from the link below
    http://download.avg.com/filedir/util/av ... 2_1796.exe
  • Save the file to your Desktop.
  • Right click on the file and select Run as Administrator to run the removal tool.
  • The product will be fully removed when the system is restarted.


Vipre Removal Tool
  • Download the removal tool from the link below
    http://sunbelt-software.com/support/vc/VClean.exe
  • Save the file to your Desktop.
  • Right click on the file and select Run as Administrator to run the removal tool.
  • The product will be fully removed when the system is restarted.

Note: Reboot the computer before continuing.
----------------------------------------------------

OTL - Custom Fix
Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename Fix.txt
SQW7-Vista_x32.TXT

Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered and reboot the PC when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also appear on your desktop as OTL.txt


Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Right click on SystemLook.exe and select Run as Administrator.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby decepticon » June 8th, 2012, 4:52 am

THANK YOU DRIVER 79..i have done all the procedures that you have requested me to do ...I have been able to remove the two antivirus .Thank you for your dedicted work..ALSo..i want you to help me to tune up pc ..because its very slow whenever i open my accounts....HERE are my logs..



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
File C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll not found.
========== REGISTRY ==========
Registry key hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\2b1e51d87b2d71a44bb42ddd5e894160\installproperties\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\ilivid\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\windows searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8d15e1b2-d2b7-4a17-b44b-d2dde5981406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\windows searchqu toolbar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\ilivid\ not found.
Registry key hkey_local_machine\software\classes\ilivid\ not found.
Registry key hkey_local_machine\software\classes\installer\products\2b1e51d87b2d71a44bb42ddd5e894160\ not found.
Registry key hkey_local_machine\software\ilivid\ not found.
Registry key hkey_local_machine\software\ilivid\player\hosts\ilivid.com\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{949d2c04-d3c1-490a-8a03-440b5c32b5f2}\ not found.
Registry key hkey_current_user\software\datamngr_toolbar\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader\ not found.
Registry key hkey_local_machine\software\classes\browserconnection.loader.1\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d717f81-9148-4f12-8568-69135f087db0}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69cf75c1-35ab-4de5-a51f-662c9020ad4a}\ not found.
Registry key hkey_current_user\software\appdatalow\software\searchqutoolbar\ not found.
Registry key hkey_current_user\software\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\bandoo\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_current_user\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key hkey_current_user\software\trolltech\ not found.
Registry key hkey_current_user\software\ilivid\ not found.
Registry key hkey_current_user\software\searchqutoolbar\ not found.
Registry key hkey_local_machine\software\datamngr\ deleted successfully.
Registry key hkey_local_machine\software\bandoo\ not found.
Registry key hkey_local_machine\software\classes\appid\bandoocore.exe\ not found.
Registry key hkey_local_machine\software\classes\appid\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301a8a5-3dfb-4731-a162-b357d00c9644}\ not found.
Registry key hkey_local_machine\software\classes\applications\ilividsetupv1.exe\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.bandoocore\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.resourcesmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.settingsmngr\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr.1\ not found.
Registry key hkey_local_machine\software\classes\bandoocore.statisticmngr\ not found.
Registry key hkey_local_machine\software\classes\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}\ not found.
Registry key hkey_local_machine\software\classes\clsid\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c3ab94a4-bfd0-4bba-a331-de504f07d2db}\ not found.
Registry key hkey_local_machine\software\classes\interface\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477f210a-2a86-4666-9c4b-1189634d2c84}\ not found.
Registry key hkey_local_machine\software\classes\interface\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff871e51-2655-4d06-aed5-745962a96b32}\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard.1\ not found.
Registry key hkey_local_machine\software\classes\searchquiehelper.dnsguard\ not found.
Registry key hkey_local_machine\software\classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu toolbar\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f9189560-573a-4fde-b055-ae7b0f4cf080}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a96af9e-4074-43b7-bea3-87217bda7406}\ not found.
Registry key hkey_local_machine\software\microsoft\radar\heapleakdetection\diagnosedapplications\ilivid.exe\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\searchqumediabar_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasapi32\ not found.
Registry key hkey_local_machine\software\microsoft\tracing\ilividsetupv1_rasmancs\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\uninstall\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\searchqumediabartb\ not found.
Registry key hkey_local_machine\software\classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key hkey_local_machine\software\classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key hkey_local_machine\software\classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\clsid\{9d717f81-9148-4f12-8568-69135f087db0}\inprocserver32\ not found.
Registry key hkey_local_machine\software\classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key hkey_local_machine\software\classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2102}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}\ not found.
Registry key hkey_current_user\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key hkey_local_machine\software\microsoft\internet explorer\searchscopes\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1e743b1-dff5-4dcf-8cd5-9aafd552b290}\ not found.
Registry value hkey_current_user\software\microsoft\internet explorer\main\\start page deleted successfully.
Registry value hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\ilivid.exe not found.
Registry value hkey_current_user\software\classes\local settings\software\microsoft\windows\shell\muicache\\c:\program files\ilivid\vlc\vlc.exe not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\installer\folders\\c:\programdata\microsoft\windows\start menu\programs\ilivid\ not found.
Registry value hkey_local_machine\software\microsoft\windows\currentversion\run\\datamngr not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\controlset002\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry key hkey_local_machine\system\controlset003\services\sharedaccess\parameters\firewallpolicy\firewallrules not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{ec25043d-aac6-416f-ba2d-c44e34fb533b} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec25043d-aac6-416f-ba2d-c44e34fb533b}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9c9d25e-1fba-484c-b5fe-0c6d07ae555d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{924eb14a-495b-49f3-b558-a7c81e88c85d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{924eb14a-495b-49f3-b558-a7c81e88c85d}\ not found.
Registry value hkey_local_machine\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallrules\\{6d11a718-4174-474f-a0a4-08d56b03bfeb} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d11a718-4174-474f-a0a4-08d56b03bfeb}\ not found.
========== FILES ==========
File/Folder C:\Users\v icky\AppData\Roaming\mozilla\firefox\profiles\searchquwebsearch.xml not found.
File/Folder C:\Users\v icky\AppData\Roaming\mozilla\firefox\profiles\searchqutoolbar not found.
File/Folder C:\Users\v icky\AppData\Roaming\mozilla\firefox\profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\v icky\AppData\Roaming\microsoft\windows\cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\v icky\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[1].txt not found.
File/Folder C:\Users\v icky\AppData\Roaming\microsoft\windows\cookies\low\*@ilivid[2].txt not found.
File/Folder C:\Users\v icky\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[1].txt not found.
File/Folder C:\Users\v icky\AppData\Roaming\microsoft\windows\cookies\low\*@searchqu[2].txt not found.
File/Folder C:\Users\v icky\AppData\Roaming\microsoft\windows\cookies\low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\v icky\AppData\Roaming\microsoft\windows\cookies\low\*@sweetim[1].txt not found.
File/Folder C:\Users\v icky\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\v icky\AppData\Roaming\microsoft\windows\cookies\low\*@www.sweetim[3].txt not found.
File/Folder C:\Users\v icky\AppData\Local\ilivid player not found.
File/Folder C:\Users\v icky\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilividsetupv1.exe not found.
File/Folder C:\Users\v icky\AppData\Local\microsoft\windows\temporary internet files\content.ie5\ilivid[1].7z not found.
File/Folder C:\Users\v icky\AppData\Local\microsoft\windows\temporary internet files\content.ie5\setupdatamngr_searchqu[1].exe not found.
File/Folder C:\Users\v icky\AppData\Local\microsoft\windows\temporary internet files\content.ie5\sweetimsetup.exe not found.
File/Folder C:\Users\v icky\AppData\Local\microsoft\windows\temporary internet files\content.ie5\bandoov6[1].exe not found.
File/Folder C:\Users\v icky\AppData\Local\microsoft\windows\temporary internet files\low\content.ie5\searchqu_net[1].htm not found.
File/Folder C:\Users\VICKY~1\AppData\Local\Temp\bandoofiles not found.
File/Folder C:\Users\VICKY~1\AppData\Local\Temp\bandoov6.exe not found.
File/Folder C:\Users\VICKY~1\AppData\Local\Temp\setupdatamngr_searchqu.exe not found.
File/Folder C:\Users\VICKY~1\AppData\Local\Temp\sweetimreinstall not found.
File/Folder C:\Users\VICKY~1\AppData\Local\Temp\sweetimreinstall\sweetimsetup.exe not found.
File/Folder C:\Users\VICKY~1\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\VICKY~1\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\VICKY~1\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File/Folder C:\Users\v icky\appdata\locallow\searchquband not found.
File/Folder C:\Users\v icky\appdata\locallow\searchqutoolbar not found.
File/Folder C:\Users\v icky\downloads\sweetimsetup.exe not found.
File/Folder C:\Users\v icky\downloads\ilividsetupv1.exe not found.
File\Folder c:\programdata\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\users\all users\microsoft\windows\start menu\programs\ilivid not found.
File\Folder c:\program files\windows searchqu toolbar not found.
File\Folder c:\program files\windows ilivid toolbar not found.
File\Folder c:\program files\ilivid not found.
File\Folder c:\windows\prefetch\ilivid* not found.
File\Folder c:\windows\prefetch\searchqumediabar* not found.
File\Folder c:\windows\prefetch\setupdatamngr* not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 51739 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 5095355 bytes
->Google Chrome cache emptied: 856432 bytes

User: Public

User: v icky
->Temp folder emptied: 80669469 bytes
->Temporary Internet Files folder emptied: 138440 bytes
->FireFox cache emptied: 27681880 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Varsha
->Temp folder emptied: 2271700 bytes
->Temporary Internet Files folder emptied: 115090 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46320178 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 614 bytes

User: varsha.VICKY-PC
->Temp folder emptied: 32730 bytes
->Temporary Internet Files folder emptied: 295046 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44309201 bytes
->Google Chrome cache emptied: 21708062 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1269888 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 220.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.47.0 log created on 06082012_134813

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
SystemLook 30.07.11 by jpshortstuff
Log created at 14:01 on 08/06/2012 by v icky
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (1).exe --a---- 516136 bytes [04:04 14/05/2012] [04:04 14/05/2012] F85AB0DF840437492A883F1BFEAC9E53
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (2).exe --a---- 516136 bytes [09:18 16/05/2012] [09:18 16/05/2012] 580DD7ECEBEDFAF0C32B327DB9E92CF0
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (3).exe --a---- 516136 bytes [09:19 16/05/2012] [09:20 16/05/2012] 580DD7ECEBEDFAF0C32B327DB9E92CF0
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (4).exe --a---- 516136 bytes [10:35 16/05/2012] [10:35 16/05/2012] 580DD7ECEBEDFAF0C32B327DB9E92CF0
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1.exe --a---- 516136 bytes [04:03 14/05/2012] [04:04 14/05/2012] F85AB0DF840437492A883F1BFEAC9E53

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\Users\Varsha\AppData\LocalLow\searchqutoolbar d------ [09:21 16/05/2012]
C:\Users\varsha.VICKY-PC\AppData\LocalLow\searchqutoolbar d------ [12:42 16/05/2012]

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Varsha\AppData\LocalLow\DataMngr d------ [04:51 17/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=1&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=1&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]

Searching for "iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (3).exe]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\iMeshMediabarTb]
"Folder"="C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
"AppPath"="C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEB3DAC5-A2F1-4D50-BB1B-4DD1B493AB90}]
"AppPath"="C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B76D3C4689583949AEBC713D4ABB15F]
"00000000000000000000000000000000"="C:\Users\varsha_2\AppData\Local\Temp\SetupDataMngr_iMesh.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1666C9CF-220C-4484-A3CC-1AF633EAD74A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E16CBC72-9618-40EB-85F7-8C133C470193}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\BillP Studios\WinPatrol\Run]
"C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll"="255"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\BillP Studios\WinPatrol\Run]
"C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll"="255"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr]
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr]
"DLLPath"="C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngr.dll"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr]
"Path"="C:\Program Files\iMesh Applications\MediaBar\Datamngr"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr]
"ShortDllPath"="C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr]
"UIPath"="C:\Program Files\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr_Toolbar]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\Trolltech]
[HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-
decepticon
Regular Member
 
Posts: 22
Joined: May 29th, 2012, 1:57 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby diver79 » June 8th, 2012, 7:28 am

Hi decepticon,

Good work, I've compiled a fix for you to follow below.

We will then run a scan with OTL to see what else can be removed.

Run OTL Script
We need to run an OTL Fix
  • Right click on OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
    "SuggestionsURL_JSON"=-
    [HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}]
    "SuggestionsURL_JSON"=-
    [-HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (3).exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\iMeshMediabarTb]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEB3DAC5-A2F1-4D50-BB1B-4DD1B493AB90}]
    "AppPath"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B76D3C4689583949AEBC713D4ABB15F]
    "00000000000000000000000000000000"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1666C9CF-220C-4484-A3CC-1AF633EAD74A}"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{E16CBC72-9618-40EB-85F7-8C133C470193}"=-
    [HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\BillP Studios\WinPatrol\Run]
    "C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll"=-
    [HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\BillP Studios\WinPatrol\Run]
    "C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll"=-
    [-HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr]
    [-HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr_Toolbar]
    [-HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\Trolltech]
    :files
    C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (1).exe
    C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (2).exe
    C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (3).exe 
    C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (4).exe
    C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1.exe
    C:\Users\Varsha\AppData\LocalLow\searchqutoolbar
    C:\Users\varsha.VICKY-PC\AppData\LocalLow\searchqutoolbar
    C:\Users\Varsha\AppData\LocalLow\DataMngr
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


OTL Scan
  • Right click on OTL.exe and select Run as Administrator to start the program.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby decepticon » June 8th, 2012, 11:02 am

DEAR SIR, thank you again for your helping hand.HERE ARE MY LOGS ..



All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\\SuggestionsURL_JSON deleted successfully.
Registry value HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\\SuggestionsURL_JSON deleted successfully.
Registry key HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1004\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (3).exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\iMeshMediabarTb\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\\AppPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEB3DAC5-A2F1-4D50-BB1B-4DD1B493AB90}\\AppPath deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B76D3C4689583949AEBC713D4ABB15F\\00000000000000000000000000000000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1666C9CF-220C-4484-A3CC-1AF633EAD74A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1666C9CF-220C-4484-A3CC-1AF633EAD74A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E16CBC72-9618-40EB-85F7-8C133C470193} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E16CBC72-9618-40EB-85F7-8C133C470193}\ not found.
Registry value HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\BillP Studios\WinPatrol\Run\\C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\BillP Studios\WinPatrol\Run\\C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\IEBHO.dll deleted successfully.
Registry key HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-683407207-1343029834-3925171578-1003\Software\Trolltech\ deleted successfully.
========== FILES ==========
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (1).exe moved successfully.
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (2).exe moved successfully.
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (3).exe moved successfully.
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (4).exe moved successfully.
C:\Users\varsha.VICKY-PC\Downloads\iLividSetupV1.exe moved successfully.
C:\Users\Varsha\AppData\LocalLow\searchqutoolbar folder moved successfully.
C:\Users\varsha.VICKY-PC\AppData\LocalLow\searchqutoolbar folder moved successfully.
C:\Users\Varsha\AppData\LocalLow\DataMngr folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

User: v icky
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Varsha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: varsha.VICKY-PC
->Temp folder emptied: 334672 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 91638648 bytes
->Flash cache emptied: 3299 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4391 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 88.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.47.0 log created on 06082012_200617

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


OTL logfile created on: 08-06-2012 20:18:02 - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\varsha.VICKY-PC\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.84% Memory free
4.21 Gb Paging File | 3.15 Gb Available in Paging File | 74.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.74 Gb Total Space | 222.82 Gb Free Space | 77.17% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.00 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
Drive E: | 294.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VICKY-PC | User Name: v icky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\varsha.VICKY-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO GeekBuddy\CLPS.exe (COMODO)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Comodo\Dragon\dragon.exe (Comodo)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Comodo\Dragon\avcodec-53.dll ()
MOD - C:\Program Files\Comodo\Dragon\avformat-53.dll ()
MOD - C:\Program Files\Comodo\Dragon\avutil-51.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\System32\igfxTMM.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NitroReaderDriverReadSpool2) -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe (Nitro PDF Software)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (CLPSLS) -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (HPBtnSrv) -- c:\hp\HPEZBTN\HPBtnSrv.exe ()


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MpKslcf484463) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA1D8727-CB34-47BC-8A93-15D4F388E33A}\MpKslcf484463.sys File not found
DRV - (MpKslc7a88b2a) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{802394EE-6FD5-4316-8E8C-7D48154A9AAF}\MpKslc7a88b2a.sys File not found
DRV - (MpKslc1ecceca) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6A6C552F-7BFC-492F-A36B-1B5F423C3302}\MpKslc1ecceca.sys File not found
DRV - (MpKsl8477fcea) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F36C60A2-C5AF-4108-929E-2395F247DEDD}\MpKsl8477fcea.sys File not found
DRV - (MpKsl7f875fed) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{802394EE-6FD5-4316-8E8C-7D48154A9AAF}\MpKsl7f875fed.sys File not found
DRV - (MpKsl5e44e26c) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA1D8727-CB34-47BC-8A93-15D4F388E33A}\MpKsl5e44e26c.sys File not found
DRV - (MpKsl45ab98d9) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F36C60A2-C5AF-4108-929E-2395F247DEDD}\MpKsl45ab98d9.sys File not found
DRV - (MpKsl383d5f34) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{802394EE-6FD5-4316-8E8C-7D48154A9AAF}\MpKsl383d5f34.sys File not found
DRV - (MpKsl355c8a55) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6D0DB9B-9266-4528-AF1D-712F6EEF85DA}\MpKsl355c8a55.sys File not found
DRV - (MpKsl140d154b) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA1D8727-CB34-47BC-8A93-15D4F388E33A}\MpKsl140d154b.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AVGIDSShim) -- system32\DRIVERS\avgidsshimx.sys File not found
DRV - (AVGIDSHX) -- system32\DRIVERS\avgidshx.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (inspect) -- C:\WINDOWS\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\System32\drivers\cmdGuard.sys (COMODO)
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sbwtis) -- C:\WINDOWS\System32\drivers\sbwtis.sys (GFI Software)
DRV - (netr73) -- C:\WINDOWS\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (bcm4sbxp) -- C:\WINDOWS\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (Ps2) -- C:\WINDOWS\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110396&babsrc=SP_ss&mntrId=1aab165d000000000000001644763332
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D74D0D2D-7823-4F32-90BA-B2B4EBA0DD51}&mid=c2dbabef06d847d19661d157cacf9e2b-59fd126b866ac7e733ac24d1a0e78694d46c2c93&lang=en&ds=AVG&pr=fr&d=2012-06-06 09:12:13&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=110396&babsrc=HP_ss&mntrId=1aab165d000000000000001644763332"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=110396&babsrc=adbartrp&mntrId=1aab165d000000000000001644763332&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011-11-27 13:34:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2011-12-18 12:17:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-05 20:58:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-06-03 16:11:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012-05-27 12:15:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v icky\AppData\Roaming\mozilla\Extensions
[2012-06-05 20:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v icky\AppData\Roaming\mozilla\Firefox\Profiles\8yw39bvl.default\extensions
[2012-06-01 23:41:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\v icky\AppData\Roaming\mozilla\Firefox\Profiles\8yw39bvl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011-12-11 22:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012-06-03 16:11:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-06-03 16:11:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012-06-03 16:11:17 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012-06-06 09:12:06 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012-06-02 22:47:03 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012-06-03 16:11:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012-06-03 16:11:17 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012-06-03 16:11:17 | 000,003,413 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012-03-13 17:24:54 | 000,002,511 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012-06-03 16:11:17 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012-06-03 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012-06-03 16:11:17 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\v icky\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\v icky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\v icky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\v icky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: avast! WebRep = C:\Users\v icky\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Gmail = C:\Users\v icky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011-12-22 23:12:37 | 000,000,755 | --S- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\RunOnce: [AvgRemover] C:\Users\varsha.VICKY-PC\Desktop\avg_remover_stf_x86_2012_1796.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\v icky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\v icky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{245E6FCB-7E4C-4A66-BACF-BFC8178B4820}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58841B97-BB84-436F-A8E8-15F1E8F1AF92}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58841B97-BB84-436F-A8E8-15F1E8F1AF92}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\v icky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\v icky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-08-10 17:05:27 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-05-12 09:19:02 | 000,588,069 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012-06-08 13:48:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2012-06-06 14:02:10 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012-06-06 09:17:55 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\AVG2012
[2012-06-06 09:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012-06-05 23:12:08 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\PackageAware
[2012-06-05 20:32:26 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\Comodo
[2012-06-05 17:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\F381
[2012-06-04 15:29:37 | 000,000,000 | ---D | C] -- C:\Users\v icky\Documents\GTA San Andreas User Files
[2012-06-03 16:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012-06-03 16:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012-06-02 22:46:53 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\Babylon
[2012-06-02 18:21:55 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\ProgSense
[2012-06-02 18:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012-06-01 23:48:36 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Nitro PDF
[2012-06-01 23:48:21 | 000,027,152 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalmon2.dll
[2012-06-01 23:48:21 | 000,018,448 | ---- | C] (Nitro PDF Software) -- C:\Windows\System32\nitrolocalui2.dll
[2012-06-01 23:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro PDF
[2012-06-01 23:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2012-06-01 23:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2012-06-01 23:44:04 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\OpenCandy
[2012-06-01 23:41:45 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\DVDVideoSoftIEHelpers
[2012-06-01 23:41:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012-06-01 23:41:22 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll
[2012-06-01 23:41:22 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll
[2012-06-01 23:39:19 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\GrabPro
[2012-06-01 23:39:19 | 000,000,000 | ---D | C] -- C:\downloads
[2012-06-01 23:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbit
[2012-06-01 23:39:06 | 000,000,000 | ---D | C] -- C:\Program Files\Orbitdownloader
[2012-06-01 23:38:42 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Orbit
[2012-06-01 23:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012-06-01 23:37:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012-06-01 23:36:51 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\DVDVideoSoft
[2012-05-28 11:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012-05-28 11:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012-05-27 12:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012-05-27 12:15:11 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Mozilla
[2012-05-27 12:15:11 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\Mozilla
[2012-05-27 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Babylon
[2012-05-25 16:34:30 | 000,000,000 | ---D | C] -- C:\Cricket 2008
[2012-05-25 16:22:29 | 000,000,000 | ---D | C] -- C:\Users\v icky\Documents\EA SPORTS(TM) Cricket 07
[2012-05-25 16:20:04 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\Adobe
[2012-05-25 16:19:41 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A² Studios' ICC Cricket World Cup 2011 Patch
[2012-05-25 16:12:50 | 000,000,000 | ---D | C] -- C:\Cricket 2011
[2012-05-18 12:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2012-05-17 09:40:30 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Macromedia
[2012-05-17 08:32:53 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Adobe
[2012-05-17 08:26:59 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\Google
[2012-05-17 08:06:09 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Malwarebytes
[2012-05-17 08:04:31 | 000,000,000 | ---D | C] -- C:\Users\v icky\Desktop\varsha_2
[2012-05-17 07:48:06 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\vlc
[2012-05-17 07:47:27 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Apple Computer
[2012-05-17 07:46:51 | 000,000,000 | R--D | C] -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012-05-17 07:46:51 | 000,000,000 | R--D | C] -- C:\Users\v icky\Searches
[2012-05-17 07:46:51 | 000,000,000 | R--D | C] -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012-05-17 07:46:42 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Identities
[2012-05-17 07:46:40 | 000,000,000 | R--D | C] -- C:\Users\v icky\Contacts
[2012-05-17 07:46:39 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\VirtualStore
[2012-05-17 07:46:18 | 000,000,000 | --SD | C] -- C:\Users\v icky\AppData\Roaming\Microsoft
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\Videos
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\Saved Games
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\Pictures
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\Music
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\Links
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\Favorites
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\Downloads
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\Documents
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\Desktop
[2012-05-17 07:46:18 | 000,000,000 | R--D | C] -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\AppData\Local\Temporary Internet Files
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\Templates
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\Start Menu
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\SendTo
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\Recent
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\PrintHood
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\NetHood
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\Documents\My Videos
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\Documents\My Pictures
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\Documents\My Music
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\My Documents
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\Local Settings
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\AppData\Local\History
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\Cookies
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\Application Data
[2012-05-17 07:46:18 | 000,000,000 | -HSD | C] -- C:\Users\v icky\AppData\Local\Application Data
[2012-05-17 07:46:18 | 000,000,000 | -H-D | C] -- C:\Users\v icky\AppData
[2012-05-17 07:46:18 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\Temp
[2012-05-17 07:46:18 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\Microsoft Help
[2012-05-17 07:46:18 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\Microsoft
[2012-05-17 07:46:18 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Media Center Programs
[2012-05-17 07:46:18 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\IObit
[2012-05-17 07:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\2FC8

========== Files - Modified Within 30 Days ==========

[2012-06-08 20:13:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012-06-08 20:12:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012-06-08 20:12:36 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012-06-08 20:12:29 | 000,398,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012-06-08 20:12:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-06-08 18:58:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-06-06 14:02:10 | 000,001,059 | ---- | M] () -- C:\Users\v icky\Desktop\Revo Uninstaller.lnk
[2012-06-05 20:58:07 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012-06-05 14:17:50 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012-06-05 14:17:50 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012-06-04 15:07:59 | 000,013,824 | ---- | M] () -- C:\Users\v icky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-06-02 22:47:20 | 000,001,493 | ---- | M] () -- C:\user.js
[2012-06-01 23:48:15 | 000,001,902 | ---- | M] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012-06-01 23:41:30 | 000,001,034 | ---- | M] () -- C:\Users\v icky\Desktop\DVDVideoSoft Free Studio.lnk
[2012-06-01 23:39:15 | 000,000,874 | ---- | M] () -- C:\Users\v icky\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012-06-01 23:39:15 | 000,000,850 | ---- | M] () -- C:\Users\v icky\Desktop\Orbit.lnk
[2012-05-28 11:34:26 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012-05-28 11:32:30 | 000,004,892 | ---- | M] () -- C:\Users\v icky\Documents\cc_20120528_113223.reg
[2012-05-28 11:26:06 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-05-27 12:21:00 | 000,000,230 | ---- | M] () -- C:\Windows\tasks\ARO 2011.job
[2012-05-25 16:48:44 | 000,000,593 | ---- | M] () -- C:\Users\v icky\Desktop\Cricket11.lnk
[2012-05-25 16:48:25 | 000,000,593 | ---- | M] () -- C:\Users\v icky\Desktop\Cricket08.lnk
[2012-05-17 08:21:33 | 000,009,724 | ---- | M] () -- C:\Users\v icky\Documents\cc_20120517_082129.reg
[2012-05-17 08:06:39 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-17 07:46:20 | 000,000,632 | RHS- | M] () -- C:\Users\v icky\ntuser.pol

========== Files Created - No Company Name ==========

[2012-06-08 13:35:58 | 000,002,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VClean2.vbs
[2012-06-01 23:48:15 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\Nitro Reader.lnk
[2012-06-01 23:48:14 | 000,001,872 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 2.lnk
[2012-06-01 23:41:30 | 000,001,034 | ---- | C] () -- C:\Users\v icky\Desktop\DVDVideoSoft Free Studio.lnk
[2012-06-01 23:39:15 | 000,000,874 | ---- | C] () -- C:\Users\v icky\Application Data\Microsoft\Internet Explorer\Quick Launch\Orbit.lnk
[2012-06-01 23:39:15 | 000,000,850 | ---- | C] () -- C:\Users\v icky\Desktop\Orbit.lnk
[2012-05-28 11:32:28 | 000,004,892 | ---- | C] () -- C:\Users\v icky\Documents\cc_20120528_113223.reg
[2012-05-28 11:26:06 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012-05-27 12:15:53 | 000,001,059 | ---- | C] () -- C:\Users\v icky\Desktop\Revo Uninstaller.lnk
[2012-05-25 16:48:25 | 000,000,593 | ---- | C] () -- C:\Users\v icky\Desktop\Cricket11.lnk
[2012-05-25 16:48:25 | 000,000,593 | ---- | C] () -- C:\Users\v icky\Desktop\Cricket08.lnk
[2012-05-17 08:21:31 | 000,009,724 | ---- | C] () -- C:\Users\v icky\Documents\cc_20120517_082129.reg
[2012-05-17 08:06:39 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-05-17 07:51:56 | 000,013,824 | ---- | C] () -- C:\Users\v icky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012-05-17 07:46:52 | 000,000,951 | ---- | C] () -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012-05-17 07:46:50 | 000,000,946 | ---- | C] () -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012-05-17 07:46:40 | 000,000,917 | ---- | C] () -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012-05-17 07:46:20 | 000,000,632 | RHS- | C] () -- C:\Users\v icky\ntuser.pol
[2012-05-17 07:46:18 | 000,001,917 | ---- | C] () -- C:\Users\v icky\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012-05-17 07:46:18 | 000,001,034 | ---- | C] () -- C:\Users\v icky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
[2012-05-17 07:46:18 | 000,000,258 | ---- | C] () -- C:\Users\v icky\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012-05-17 07:46:18 | 000,000,240 | ---- | C] () -- C:\Users\v icky\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011-12-28 23:04:53 | 000,398,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-12-18 17:35:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011-12-18 11:58:58 | 000,166,220 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011-12-03 19:55:55 | 000,020,312 | ---- | C] () -- C:\Windows\System32\RegistryDefragBootTime.exe
[2011-12-03 18:26:38 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011-12-03 18:26:38 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011-12-01 20:11:06 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011-11-19 16:41:50 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI

========== LOP Check ==========

[2012-06-06 09:23:54 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\AVG2012
[2012-05-27 12:14:12 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\Babylon
[2012-06-01 23:44:03 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\DVDVideoSoft
[2012-06-01 23:41:45 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\DVDVideoSoftIEHelpers
[2012-06-01 23:39:19 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\GrabPro
[2012-05-18 12:22:19 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\IObit
[2012-06-01 23:48:36 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\Nitro PDF
[2012-06-01 23:44:14 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\OpenCandy
[2012-06-02 18:25:29 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\Orbit
[2012-06-02 18:21:55 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\ProgSense
[2012-05-27 12:21:00 | 000,000,230 | ---- | M] () -- C:\Windows\Tasks\ARO 2011.job
[2012-06-08 20:10:41 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
OTL Extras logfile created on: 08-06-2012 20:18:02 - Run 1
OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\varsha.VICKY-PC\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.84% Memory free
4.21 Gb Paging File | 3.15 Gb Available in Paging File | 74.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.74 Gb Total Space | 222.82 Gb Free Space | 77.17% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.00 Gb Free Space | 10.68% Space Free | Partition Type: NTFS
Drive E: | 294.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VICKY-PC | User Name: v icky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\WinHlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\WinHlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-683407207-1343029834-3925171578-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05604F51-7172-4106-B35C-0180300CF216}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0A5D5D97-F694-4790-99EB-CF48BB26ED00}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{126219E1-33EB-4E8D-B2E4-DF9C9641DE6E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E2DFE5D-CE29-439E-808C-276C1DF22DD5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{3B737626-16A9-4172-8177-89A3A3108287}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{54D44B80-58DA-4392-BD1A-CCFE23E7163D}" = dir=in | app=c:\users\vicky~1\appdata\local\temp\ibtmp3f6c444\component_361.decrpt |
"{5523F439-0475-40A0-AC54-757BB033E242}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{623259B1-3B0F-4CA5-918B-0198955DC24B}" = dir=in | app=c:\users\vicky~1\appdata\local\temp\ibtmp3f6c444\component_442.decrpt |
"{687CB80C-7DC1-4822-A48E-54A5864C8597}" = dir=in | app=c:\users\vicky~1\appdata\local\temp\ibtmp3f6c444\component_455.decrpt |
"{69F863CD-AD58-463C-B513-3ED3666CC01A}" = dir=in | app=c:\users\vicky~1\appdata\local\temp\ibtmp3f6c444\component_455.decrpt |
"{762E0FD1-43C6-4C87-B737-43527ACB4396}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{83644D23-83F7-40D8-9182-4A5584C18D5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{8EF1447C-6261-47A1-9758-06E6E683D422}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{96841B5A-34C6-4A9E-BD09-B48EC1F29FCB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{9AF2513D-9215-4C0F-8DB8-F9952D0E85C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{A20FA8DE-A230-452F-BFF9-2ACA9E7EFB51}" = dir=in | app=c:\users\vicky~1\appdata\local\temp\ibtmp3f6c444\component_442.decrpt |
"{AB6BFECC-4BDE-4753-AF7A-2D095C51E6B6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{AD16C6DB-24BE-4B8A-B25F-94D45E6C81A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7E9668E-28FD-4DDE-A360-8B4CCCD35E06}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{C647822F-80DF-4B55-913E-8369C0A341E7}" = dir=in | app=c:\users\vicky~1\appdata\local\temp\ibtmp3f6c444\component_358.decrpt |
"{D52AB86B-9B59-4CEC-936B-B8556D75048C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F04D9C26-BA7F-4963-B1B9-772C8A25EDEB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{F39C4C54-FAC5-49DA-B580-F599D1E15F17}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{F632A763-7CE8-4BC5-AB59-46DC1A3E04DB}" = dir=in | app=c:\users\vicky~1\appdata\local\temp\ibtmp3f6c444\component_358.decrpt |
"{FC86ED9E-A434-4DDF-A037-0FCEDE663C6F}" = dir=in | app=c:\users\vicky~1\appdata\local\temp\ibtmp3f6c444\component_361.decrpt |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{34DAFDEC-A4B4-488A-A5CD-C91975A6F083}" = MediaRing Talk
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{556C5DF3-CA72-4550-8C68-D4EE330A8A44}" = Nitro Reader 2
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{60D4F9F1-B828-4048-A5AB-9AA2FD0C4751}" = DJ_AIO_03_F4200_Software
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C0B3A39-6602-4E52-9561-01C24E7BDFC0}" = muvee autoProducer 6.1
"{7E36A3A4-9652-4200-AF89-C839CE4F1F2A}" = VIPRE Antivirus
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E133E97F-5186-4503-BEC8-752EB9E8EBD7}" = Copy
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"ESET Online Scanner" = ESET Online Scanner v3
"Free Studio_is1" = Free Studio version 5.4.9
"FVDIEPlugin" = FVDIEPlugin
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Orbit_is1" = Orbit Downloader
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"Revo Uninstaller" = Revo Uninstaller 1.93
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"A² Studios' ICC Cricket World Cup 2011 Patch" = A² Studios' ICC Cricket World Cup 2011 Patch

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05-06-2012 13:35:51 | Computer Name = vicky-pc | Source = VSS | ID = 8194
Description =

Error - 05-06-2012 13:38:45 | Computer Name = vicky-pc | Source = VSS | ID = 8194
Description =

Error - 05-06-2012 13:40:42 | Computer Name = vicky-pc | Source = VSS | ID = 8194
Description =

Error - 05-06-2012 13:41:55 | Computer Name = vicky-pc | Source = VSS | ID = 8194
Description =

Error - 05-06-2012 13:45:15 | Computer Name = vicky-pc | Source = VSS | ID = 8194
Description =

Error - 05-06-2012 13:47:21 | Computer Name = vicky-pc | Source = VSS | ID = 8194
Description =

Error - 05-06-2012 13:55:14 | Computer Name = vicky-pc | Source = VSS | ID = 8194
Description =

Error - 05-06-2012 13:55:15 | Computer Name = vicky-pc | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 05-06-2012 23:43:16 | Computer Name = vicky-pc | Source = MsiInstaller | ID = 1013
Description =

Error - 05-06-2012 23:49:42 | Computer Name = vicky-pc | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 08-06-2012 10:31:01 | Computer Name = vicky-pc | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001644763332 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 08-06-2012 10:31:26 | Computer Name = vicky-pc | Source = Service Control Manager | ID = 7022
Description =

Error - 08-06-2012 10:31:27 | Computer Name = vicky-pc | Source = Service Control Manager | ID = 7026
Description =

Error - 08-06-2012 10:33:28 | Computer Name = vicky-pc | Source = Service Control Manager | ID = 7000
Description =

Error - 08-06-2012 10:36:18 | Computer Name = vicky-pc | Source = Service Control Manager | ID = 7034
Description =

Error - 08-06-2012 10:37:32 | Computer Name = vicky-pc | Source = volsnap | ID = 393236
Description = The shadow copies of volume D: were aborted because of a failed free
space computation.

Error - 08-06-2012 10:37:42 | Computer Name = vicky-pc | Source = volsnap | ID = 393236
Description = The shadow copies of volume C: were aborted because of a failed free
space computation.

Error - 08-06-2012 10:43:56 | Computer Name = vicky-pc | Source = Service Control Manager | ID = 7022
Description =

Error - 08-06-2012 10:43:57 | Computer Name = vicky-pc | Source = Service Control Manager | ID = 7026
Description =

Error - 08-06-2012 10:45:57 | Computer Name = vicky-pc | Source = Service Control Manager | ID = 7000
Description =


< End of report >
decepticon
Regular Member
 
Posts: 22
Joined: May 29th, 2012, 1:57 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby diver79 » June 8th, 2012, 1:06 pm

Hi decepticon,

Quite a bit still left to remove. See updated fix below.

Also, is there a reason you have not updated to Vista Service Pack 2?

Run OTL Script
We need to run an OTL Fix
  • Right click on OTL.exe and select Run as Administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ie ... =1&sr=0&q={searchTerms}
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110396&babsrc=SP_ss&mntrId=1aab165d000000000000001644763332
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={D74D0D2D-7823-4F32-90BA-B2B4EBA0DD51}&mid=c2dbabef06d847d19661d157cacf9e2b-59fd126b866ac7e733ac24d1a0e78694d46c2c93&lang=en&ds=AVG&pr=fr&d=2012-06-06 09:12:13&v=11.1.0.7&sap=dsp&q={searchTerms}
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=110396&babsrc=HP_ss&mntrId=1aab165d000000000000001644763332"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=110396&babsrc=adbartrp&mntrId=1aab165d000000000000001644763332&q="
    [2012-06-01 23:41:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\v icky\AppData\Roaming\mozilla\Firefox\Profiles\8yw39bvl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012-06-02 22:47:03 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Free YouTube Download - C:\Users\v icky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\v icky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    [2012-06-06 09:17:55 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\AVG2012
    [2012-06-06 09:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012-06-02 22:46:53 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Local\Babylon
    [2012-05-27 12:14:12 | 000,000,000 | ---D | C] -- C:\Users\v icky\AppData\Roaming\Babylon
    [2012-05-27 12:21:00 | 000,000,230 | ---- | M] () -- C:\Windows\tasks\ARO 2011.job
    [2012-06-06 09:23:54 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\AVG2012
    [2012-05-27 12:14:12 | 000,000,000 | ---D | M] -- C:\Users\v icky\AppData\Roaming\Babylon
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Orbitdownloader\orbitdm.exe" =-
    "C:\Program Files\Orbitdownloader\orbitnet.exe" =-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{54D44B80-58DA-4392-BD1A-CCFE23E7163D}" =-
    "{623259B1-3B0F-4CA5-918B-0198955DC24B}" =-
    "{687CB80C-7DC1-4822-A48E-54A5864C8597}" =-
    "{69F863CD-AD58-463C-B513-3ED3666CC01A}" =-
    "{A20FA8DE-A230-452F-BFF9-2ACA9E7EFB51}" =-
    "{C647822F-80DF-4B55-913E-8369C0A341E7}" =-
    "{F632A763-7CE8-4BC5-AB59-46DC1A3E04DB}" =-
    "{FC86ED9E-A434-4DDF-A037-0FCEDE663C6F}" =-
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Systemlook
  • Right click on SystemLook.exe and select Run as Administrator.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby decepticon » June 8th, 2012, 2:19 pm

YES SIR you are right .i did not update to vista service pack 2. SIR... also i want bring you to notice that is my comodo firewall still works on my pc..IF yes give me procedure to completely remove it and its components...and suggest me to re install comodo again..so that i can have firewall on my pc


All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?AF=110396&babsrc=HP_ss&mntrId=1aab165d000000000000001644763332" removed from browser.startup.homepage
Prefs.js: "http://search.babylon.com/?AF=110396&babsrc=adbartrp&mntrId=1aab165d000000000000001644763332&q=" removed from keyword.URL
C:\Users\v icky\AppData\Roaming\mozilla\Firefox\Profiles\8yw39bvl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\v icky\AppData\Roaming\mozilla\Firefox\Profiles\8yw39bvl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.
C:\Program Files\Orbitdownloader\orbitcth.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{28387537-e3f9-4ed7-860c-11e69af4a8a0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28387537-e3f9-4ed7-860c-11e69af4a8a0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ deleted successfully.
C:\Program Files\Orbitdownloader\GrabPro.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\COMODO deleted successfully.
C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CPA deleted successfully.
C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\LogonHoursAction deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DontDisplayLogonHoursWarnings deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit\ deleted successfully.
C:\Program Files\Orbitdownloader\orbitmxt.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit\ deleted successfully.
File C:\Program Files\Orbitdownloader\orbitmxt.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit\ deleted successfully.
File C:\Program Files\Orbitdownloader\orbitmxt.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit\ deleted successfully.
File C:\Program Files\Orbitdownloader\orbitmxt.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
C:\Users\v icky\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
C:\Users\v icky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Users\v icky\AppData\Roaming\AVG2012 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG folder moved successfully.
C:\Users\v icky\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\v icky\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\v icky\AppData\Local\Babylon folder moved successfully.
C:\Users\v icky\AppData\Roaming\Babylon folder moved successfully.
C:\WINDOWS\Tasks\ARO 2011.job moved successfully.
Folder C:\Users\v icky\AppData\Roaming\AVG2012\ not found.
Folder C:\Users\v icky\AppData\Roaming\Babylon\ not found.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitdm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitnet.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{54D44B80-58DA-4392-BD1A-CCFE23E7163D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54D44B80-58DA-4392-BD1A-CCFE23E7163D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{623259B1-3B0F-4CA5-918B-0198955DC24B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{623259B1-3B0F-4CA5-918B-0198955DC24B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{687CB80C-7DC1-4822-A48E-54A5864C8597} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687CB80C-7DC1-4822-A48E-54A5864C8597}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{69F863CD-AD58-463C-B513-3ED3666CC01A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69F863CD-AD58-463C-B513-3ED3666CC01A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A20FA8DE-A230-452F-BFF9-2ACA9E7EFB51} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A20FA8DE-A230-452F-BFF9-2ACA9E7EFB51}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C647822F-80DF-4B55-913E-8369C0A341E7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C647822F-80DF-4B55-913E-8369C0A341E7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F632A763-7CE8-4BC5-AB59-46DC1A3E04DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F632A763-7CE8-4BC5-AB59-46DC1A3E04DB}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FC86ED9E-A434-4DDF-A037-0FCEDE663C6F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC86ED9E-A434-4DDF-A037-0FCEDE663C6F}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: Public

User: v icky
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Varsha
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: varsha.VICKY-PC
->Temp folder emptied: 334003 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4274 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.47.0 log created on 06082012_231528

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
SystemLook 30.07.11 by jpshortstuff
Log created at 23:24 on 08/06/2012 by v icky
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\06082012_200617\C_Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (1).exe --a---- 516136 bytes [04:04 14/05/2012] [04:04 14/05/2012] F85AB0DF840437492A883F1BFEAC9E53
C:\_OTL\MovedFiles\06082012_200617\C_Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (2).exe --a---- 516136 bytes [09:18 16/05/2012] [09:18 16/05/2012] 580DD7ECEBEDFAF0C32B327DB9E92CF0
C:\_OTL\MovedFiles\06082012_200617\C_Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (3).exe --a---- 516136 bytes [09:19 16/05/2012] [09:20 16/05/2012] 580DD7ECEBEDFAF0C32B327DB9E92CF0
C:\_OTL\MovedFiles\06082012_200617\C_Users\varsha.VICKY-PC\Downloads\iLividSetupV1 (4).exe --a---- 516136 bytes [10:35 16/05/2012] [10:35 16/05/2012] 580DD7ECEBEDFAF0C32B327DB9E92CF0
C:\_OTL\MovedFiles\06082012_200617\C_Users\varsha.VICKY-PC\Downloads\iLividSetupV1.exe --a---- 516136 bytes [04:03 14/05/2012] [04:04 14/05/2012] F85AB0DF840437492A883F1BFEAC9E53

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\06082012_200617\C_Users\Varsha\AppData\LocalLow\searchqutoolbar d------ [09:21 16/05/2012]
C:\_OTL\MovedFiles\06082012_200617\C_Users\varsha.VICKY-PC\AppData\LocalLow\searchqutoolbar d------ [12:42 16/05/2012]

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\06082012_200617\C_Users\Varsha\AppData\LocalLow\DataMngr d------ [04:51 17/11/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
decepticon
Regular Member
 
Posts: 22
Joined: May 29th, 2012, 1:57 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby diver79 » June 8th, 2012, 2:33 pm

Hi decepticon,

i did not update to vista service pack 2
Is there a reason you did not install this? Vista SP1 is no longer supported by Microsoft and is also on our No longer supported list. I would advise you to install all available updates immediately to increase the security of your machine.

I do not see Comodo Firewall installed, are you saying you want to remove it and then re-install it?

Please download and run the following tool.

Security Check
  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby decepticon » June 8th, 2012, 3:20 pm

Results of screen317's Security Check version 0.99.41
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.0.1800
TuneUp Utilities Language Pack (en-US)
CCleaner
Adobe Flash Player 11.1.102.55
Mozilla Firefox (12.0)
Google Chrome 19.0.1084.46
Google Chrome 19.0.1084.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
decepticon
Regular Member
 
Posts: 22
Joined: May 29th, 2012, 1:57 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby diver79 » June 9th, 2012, 9:14 am

Hi deception,

Not having Windows Vista Service Pack 2 installed leaves your computer open to further infection. It would be pointless for me to continue fixing this PC if you are not going to update to the latest Service Pack.

Is there any reason you have not updated to the latest service pack?
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby decepticon » June 9th, 2012, 9:56 am

I HAVE NOW UPDATED TO VISTA SERVICE PACK 2..NOW i hav VISTA HOME PREMIUM..:D
decepticon
Regular Member
 
Posts: 22
Joined: May 29th, 2012, 1:57 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby diver79 » June 9th, 2012, 11:16 am

OK, good we can continue. Please run the scans below

MGA Diagnostic Tool Vista/Win7
  • Please download MGA Diagnostic Tool and save it to your Desktop.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.


Scan with WVCheck:
Please download WVCheck and save it to the desktop.
  • Right click on WVCheck.exe and select Run as Administrator and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby decepticon » June 9th, 2012, 11:44 am

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.003
ID: {0E63D0DB-132C-4148-B168-C4B3F0CF0962}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0E63D0DB-132C-4148-B168-C4B3F0CF0962}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-683407207-1343029834-3925171578</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>GX737AA-ACJ m9160IN</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>5.11 </Version><SMBIOSVersion major="2" minor="5"/><Date>20071205000000.000000+000</Date></BIOS><HWID>C9303507018400FA</HWID><UserLCID>4009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-16393-6000.0000-3052011
Installation ID: 004180077033704362497392953023048130176985147221232051
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: MAAAAAEAAAABAAEAAgABAAAAAwABAAEAJJTMGEb5dAM26OJs8vQIykB/rFbtZCqF

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-CPC
FACP HPQOEM SLIC-CPC
HPET HPQOEM SLIC-CPC
MCFG HPQOEM SLIC-CPC
OEMB HPQOEM SLIC-CPC
GSCI HPQOEM SLIC-CPC
SLIC HPQOEM SLIC-CPC
SSDT HPQOEM SLIC-CPC

Windows Validation Check
Version: 1.9.12.5
Log Created On: 2108_09-06-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows Vista Service Pack 2
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-06-09 14:18:52
Last Success Time for Update Download: 2012-06-09 14:36:10
Last Success Time for Update Installation: 2012-06-09 15:15:14


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\WINDOWS\System32\slwga.dll
Size: 12288 bytes
Creation; 25/5/2012 23:48:38
Modification; 11/4/2009 11:58:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------
C:\WINDOWS\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6000.16386_none_4c10a7ebfcbfa7c3\slwga.dll
Size: 12288 bytes
Creation; 2/11/2006 14:14:14
Modification; 2/11/2006 15:16:13
MD5; b39f1844ad6c656f64acd32caee72caa
Matched: slwga.dll
-----------------------
C:\WINDOWS\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6001.18000_none_4e4769e7f9aab897\slwga.dll
Size: 12288 bytes
Creation; 28/11/2011 23:8:7
Modification; 19/1/2008 13:6:30
MD5; 7269a928bc18dafbddcffb96b6e987f1
Matched: slwga.dll
-----------------------
C:\WINDOWS\winsxs\x86_microsoft-windows-security-licensing-wga_31bf3856ad364e35_6.0.6002.18005_none_5032e2f3f6cc83e3\slwga.dll
Size: 12288 bytes
Creation; 25/5/2012 23:48:38
Modification; 11/4/2009 11:58:24
MD5; da887f28054d78ee8637bebb924a2db5
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 75510147b94598407666f4802797c75a


-------- End of File, program close at 2112_09-06-2012 --------
decepticon
Regular Member
 
Posts: 22
Joined: May 29th, 2012, 1:57 pm

Re: GRRRRRRRRRR!!!!...antivirus problem..!!!!!!

Unread postby diver79 » June 9th, 2012, 2:48 pm

OK, looking good deception,

How is the computer performing now?

There shouldnt be too much left to do now.

Remove Programs
  • The following programs should be removed.
    MarketResearch
    Hardware Diagnostic Tools
  • Click on Start...then... Click the Search Programs and Files search box on the Start Menu.
  • Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  • Locate the out of date program(s) above.
  • Select the program and click on Uninstall to uninstall it.
  • Repeat these steps for each program in the list. When finished... Close the Control Panel window.


Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes
  • If you are asked to update the database please do so.
  • If not, please click the Update tab and click the Check for Updates button.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
User avatar
diver79
Retired Graduate
 
Posts: 1004
Joined: January 3rd, 2010, 7:03 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware