Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

AVG threat detected (re-opening thread)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

AVG threat detected (re-opening thread)

Unread postby jumanji007 » October 21st, 2013, 12:43 pm

Hi,

I was away for 4 days and unfortunately my threat expired. My machine was running slow and I was worried about malware. It seems a little better now actually but I was hoping to get some confirmation that there was nothing else lurking.

Here is a new DDS log. Thanks in advance ...

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2
Run by bella at 17:38:45 on 2013-10-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3836.1501 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\notepad.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\TK8 StickyNotes\TK8StickyNotes.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie
BHO: {11111111-1111-1111-1111-110411151152} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [TK8 StickyNotes] "C:\Program Files (x86)\TK8 StickyNotes\TK8StickyNotes.exe"
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\bella\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/Juni ... Client.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865}\244584572633D283A573D4 : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865}\244584F6D656845726D223434423 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865}\4514C4B44514C4B4D2133303536343 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865}\4514C4B44514C4B4D2533324333483 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865}\C68602F66666963656 : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/?gws_rd=cr&ei= ... hAfJhoDAAQ
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\bella\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
FF - plugin: C:\Users\bella\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-8-5 203264]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-8-17 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-10-31 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-7 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-2-7 36408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-9-2 14448]
S3 GSService;GSService;C:\Windows\SysWOW64\GSService.exe [2012-8-10 252928]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-11 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-7 216576]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-9-2 155320]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-8-20 204568]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-11 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-21 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2013-10-17 17:42:46 -------- d-----w- C:\_OTL
2013-10-17 17:38:44 -------- d-----w- C:\RegBackup
2013-10-17 17:37:37 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2013-10-17 15:57:08 -------- d-----w- C:\Windows\ERUNT
2013-10-17 15:47:16 -------- d-----w- C:\AdwCleaner
2013-10-17 15:43:06 873384 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-10-17 15:43:06 796072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-10-16 21:31:35 871608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-10-16 21:16:20 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-10-16 21:15:51 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-10-16 21:13:46 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-16 21:09:02 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-16 21:09:02 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-16 21:09:02 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-16 21:09:02 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-16 21:09:02 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-16 21:09:02 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-16 21:09:02 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-16 19:59:42 -------- d-----w- C:\ProgramData\Oracle
2013-10-16 19:59:17 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-23 18:46:39 -------- d-----w- C:\Temp
.
==================== Find3M ====================
.
2013-10-16 20:00:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-16 20:00:16 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-05 00:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-20 06:02:12 204568 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2013-08-20 06:02:12 103576 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
.
============= FINISH: 17:40:18.80 ===============







.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/08/2010 21:25:18
System Uptime: 21/10/2013 17:34:24 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3635
Processor: AMD Turion(tm) II Dual-Core Mobile M520 | Socket S1G3 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 284 GiB total, 192.65 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 2.236 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.095 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet F4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Deskjet F4500 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Deskjet F4500 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP267: 21/09/2013 12:50:56 - Windows Update
RP269: 27/09/2013 13:31:43 - HPSF Restore Point
RP270: 27/09/2013 14:13:24 - HPSF Restore Point
RP271: 16/10/2013 20:57:34 - Installed Java 7 Update 45
RP272: 16/10/2013 22:17:00 - Windows Update
RP273: 17/10/2013 16:26:07 - Removed Adobe Reader X (10.1.8).
RP274: 17/10/2013 16:41:49 - Removed Java(TM) 6 Update 15 (64-bit)
RP275: 17/10/2013 16:42:36 - Removed Java(TM) 6 Update 37
RP276: 17/10/2013 16:43:30 - Removed Java(TM) SE Development Kit 6 Update 15 (64-bit)
RP277: 21/10/2013 17:32:48 - OTL Restore Point - 10/21/2013 5:32:46 PM
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20
7-Zip 9.20 (x64 edition)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player
Amazon Kindle
Amazon MP3 Downloader 1.0.18
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
AVG 2013
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
CyberLink DVD Suite
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DJ_AIO_06_F4500_SW_MIN
DVD Menu Pack for HP MediaSmart Video
ENE CIR Receiver Driver
Flash Player Pro V5.4
Free YouTube Download version 3.1.40.1031
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.1.0
HiJackThis
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Support Assistant
HP Update
HP User Guides 0154
HPDiagnosticAlert
iCloud
IDT Audio
iTunes
Java 7 Update 45
Java Auto Updater
JavaFX 2.1.0
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Juniper Terminal Services Client
Junk Mail filter update
K-Lite Mega Codec Pack 8.0.0
LabelPrint
LightScribe System Software
Magic Desktop
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyFreeCodec
Network64
OpenOffice.org 3.2
Power2Go
PowerDirector
QLBCASL
QuickShare
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek USB 2.0 Card Reader
Recovery Manager
RedMon - Redirection Port Monitor
RipTiger 3.3.8
RipTiger Extras 3.3.8
Samsung Kies
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Serif PagePlus Starter Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype™ 6.6
Sony Ericsson Update Service
Sony PC Companion 2.10.094
SoundTaxi Media Suite 4.3.8
Spybot - Search & Destroy
SUPERAntiSpyware
Synaptics Pointing Device Driver
TK8 StickyNotes 4.0
Toolbox
Tweaking.com - Registry Backup
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update Installer for WildTangent Games App
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinRAR 4.20 (32-bit)
Xvid MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
21/10/2013 17:37:09, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.
21/10/2013 17:34:47, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
21/10/2013 17:33:40, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
21/10/2013 17:32:35, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
18/10/2013 09:46:06, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
17/10/2013 18:43:46, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The pipe has been ended.
.
==== End Of File ===========================
jumanji007
Active Member
 
Posts: 12
Joined: October 16th, 2013, 4:09 pm
Advertisement
Register to Remove

Re: AVG threat detected (re-opening thread)

Unread postby Cypher » October 23rd, 2013, 10:52 am

Hi,
I was away for 4 days and unfortunately my threat expired.

As i mentioned in my first post to your last topic, if you fail to reply within 3 days your topic will be closed.
If for some reason you won't be able to reply within 3 days, simply inform me and i can arrange to keep the topic open.

Before we continue how far did you get with my last set of instructions, did you run this OTL Fix?
viewtopic.php?p=628963#p628963

If you did post the fix log, it can be found at this location.
C: > OTL > Moved Files

The corresponding log file will be named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: AVG threat detected (re-opening thread)

Unread postby jumanji007 » October 23rd, 2013, 2:01 pm

Sorry yes, my fault. I was away and couldnt get to the laptop to reply.

I did the fix and here are the logs ...

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5563BEFE-3B03-43B1-8041-64A9745DAA56}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99E71BF1-5F51-4AF9-830B-67015D59640D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99E71BF1-5F51-4AF9-830B-67015D59640D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5563BEFE-3B03-43B1-8041-64A9745DAA56}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5563BEFE-3B03-43B1-8041-64A9745DAA56}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D01B4BB24CCD043B69431CCABB1A34\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1\InstallProperties\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{208D4124-3895-4974-B293-A159BD306078}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{208D4124-3895-4974-B293-A159BD306078}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99E71BF1-5F51-4AF9-830B-67015D59640D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99E71BF1-5F51-4AF9-830B-67015D59640D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5563BEFE-3B03-43B1-8041-64A9745DAA56}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5563BEFE-3B03-43B1-8041-64A9745DAA56}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AAD684B-48BB-4360-AB6C-F8F0F43436B2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AAD684B-48BB-4360-AB6C-F8F0F43436B2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1122BA54-1064-4EB2-A527-FEAAAF990251} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1122BA54-1064-4EB2-A527-FEAAAF990251}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\Iminent\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AAD684B-48BB-4360-AB6C-F8F0F43436B2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AAD684B-48BB-4360-AB6C-F8F0F43436B2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1122BA54-1064-4EB2-A527-FEAAAF990251} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1122BA54-1064-4EB2-A527-FEAAAF990251}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\Iminent\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2AAD684B-48BB-4360-AB6C-F8F0F43436B2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AAD684B-48BB-4360-AB6C-F8F0F43436B2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1122BA54-1064-4EB2-A527-FEAAAF990251} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1122BA54-1064-4EB2-A527-FEAAAF990251}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
========== FILES ==========
C:\Temp\Iminent folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\bella\Desktop\cmd.bat deleted successfully.
C:\Users\bella\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bella
->Temp folder emptied: 3355738 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 16394 bytes
->FireFox cache emptied: 40649467 bytes
->Flash cache emptied: 602 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 819854 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 180731 bytes

Total Files Cleaned = 43.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10212013_173235

Files\Folders moved on Reboot...
C:\Users\bella\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
jumanji007
Active Member
 
Posts: 12
Joined: October 16th, 2013, 4:09 pm

Re: AVG threat detected (re-opening thread)

Unread postby Cypher » October 24th, 2013, 5:39 am

Hi,
My machine has started operating slowly and also AVG has detected some threats

Is AVG still detecting threats? let me know in your next reply.


  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, one Notepad file will open.
    • OTL.txt <-- Will be opened
    • Please post the contents of this Notepad file in your next reply.

    Next.

    ESET online scannner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

    Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • First please Disable any Antivirus you have active, as shown in This topic.
    • Note: Don't forget to re-enable it after the scan.
    • Next hold down Control then click on the following link to open a new window to ESET online scannner
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • When prompted allow the Add-On/Active X to install.
    • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on Start.
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on Finish.
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    Logs/Information to Post in your Next Reply

    • Is AVG still detecting threats?
    • OTL Scan log.
    • ESET log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: AVG threat detected (re-opening thread)

Unread postby jumanji007 » October 24th, 2013, 2:19 pm

No AVG threats detected.

Here is the OST log (I will post the other one next)

OTL logfile created on: 10/24/2013 6:43:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bella\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.75 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 39.55% Memory free
7.49 Gb Paging File | 5.47 Gb Available in Paging File | 73.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.28 Gb Total Space | 191.93 Gb Free Space | 67.52% Space Free | Partition Type: NTFS
Drive D: | 13.52 Gb Total Space | 2.24 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 96.77 Mb Free Space | 97.42% Space Free | Partition Type: FAT32

Computer Name: BELLA-PC | User Name: bella | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/23 11:01:41 | 002,403,144 | ---- | M] () -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
PRC - [2013/10/21 18:06:31 | 001,733,448 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
PRC - [2013/10/21 18:06:31 | 000,158,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
PRC - [2013/10/17 18:41:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bella\Desktop\OTL.exe
PRC - [2013/10/16 22:31:47 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/16 21:00:16 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/10/07 19:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2013/09/25 21:55:10 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
PRC - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2012/10/24 17:08:58 | 010,134,360 | ---- | M] () -- C:\Program Files (x86)\TK8 StickyNotes\TK8StickyNotes.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2009/10/06 08:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/23 11:01:41 | 002,403,144 | ---- | M] () -- C:\Program Files (x86)\AVG Nation toolbar\vprot.exe
MOD - [2013/10/21 18:06:31 | 000,518,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
MOD - [2013/10/21 18:06:31 | 000,141,128 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
MOD - [2013/10/16 22:31:45 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/10/16 21:00:16 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/10/24 17:08:58 | 010,134,360 | ---- | M] () -- C:\Program Files (x86)\TK8 StickyNotes\TK8StickyNotes.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/10/06 08:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/08/20 21:35:48 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/08/20 21:35:46 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/08/20 21:35:46 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/08/05 05:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2013/10/21 18:06:31 | 001,733,448 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe -- (vToolbarUpdater17.0.12)
SRV - [2013/10/16 22:31:46 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/16 21:00:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/09/25 21:55:10 | 001,358,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws)
SRV - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/06/21 09:53:36 | 000,162,408 | ---- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/31 15:38:32 | 000,252,928 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/21 18:06:31 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2013/09/25 21:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/02 09:38:23 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012/09/02 09:38:23 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/20 10:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/07/16 01:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/05/27 22:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/08/05 06:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 08:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/29 19:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/24 20:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 07:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 06:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/03/09 15:49:08 | 000,036,408 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{7BD7C66A-5501-4F9F-AD3D-3C8C68E606B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{7BD7C66A-5501-4F9F-AD3D-3C8C68E606B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{33537291-5D80-4DA6-8C8F-A15982BF08D7}: "URL" = http://uk.search.yahoo.com/search?fr=ch ... =714647&p={searchTerms}
IE - HKCU\..\SearchScopes\{7BD7C66A-5501-4F9F-AD3D-3C8C68E606B3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.co.uk/?gws_rd=cr&ei=QJRAUsqZLsyBhAfJhoDAAQ"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\bella\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Nation toolbar\FireFoxExt\17.0.1.12 [2013/10/23 11:02:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/16 22:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/17 16:28:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/16 22:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/17 16:28:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/16 22:31:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/17 16:28:37 | 000,000,000 | ---D | M]

[2010/08/17 22:22:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bella\AppData\Roaming\Mozilla\Extensions
[2013/10/18 12:07:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\extensions
[2013/08/22 17:37:46 | 000,128,676 | ---- | M] () (No name found) -- C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/12/11 21:42:19 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013/10/16 20:25:27 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/12/15 22:40:26 | 000,001,810 | ---- | M] () -- C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\searchplugins\google-uk---the-web.xml
[2013/10/21 18:07:30 | 000,001,702 | ---- | M] () -- C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\searchplugins\nation-secure-search.xml
[2013/10/17 16:32:51 | 000,000,921 | ---- | M] () -- C:\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\searchplugins\yahoo.xml
[2013/10/17 16:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/16 22:31:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/16 22:31:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/10/16 22:31:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/10/16 22:31:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/10/16 22:31:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/16 22:31:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/16 22:31:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========


O1 HOSTS File: ([2012/01/12 23:21:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {11111111-1111-1111-1111-110411151152} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Nation toolbar\vprot.exe ()
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TK8 StickyNotes] C:\Program Files (x86)\TK8 StickyNotes\TK8StickyNotes.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\bella\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\bella\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/Juni ... Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EB28F40-D145-4D61-9A38-935A57CCC865}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/21 18:09:56 | 000,000,000 | ---D | C] -- C:\Users\bella\AppData\Roaming\AVG2014
[2013/10/21 18:07:24 | 000,000,000 | ---D | C] -- C:\Users\bella\AppData\Local\AVG Nation toolbar
[2013/10/21 18:06:56 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/10/21 18:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/10/21 18:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Nation toolbar
[2013/10/21 18:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Nation toolbar
[2013/10/21 18:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2013/10/21 18:01:47 | 000,000,000 | ---D | C] -- C:\Users\bella\AppData\Local\Avg2014
[2013/10/17 18:42:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/17 18:41:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\bella\Desktop\OTL.exe
[2013/10/17 18:38:44 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/10/17 18:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/10/17 18:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/10/17 16:57:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/17 16:47:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/16 22:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/16 20:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/16 20:59:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/16 20:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
[2013/10/16 20:58:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/26 09:44:54 | 000,057,144 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2013/09/25 21:07:30 | 000,148,792 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys

========== Files - Modified Within 30 Days ==========

[2013/10/24 18:57:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/24 18:36:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/24 18:36:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/24 12:21:04 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/24 12:21:04 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/24 12:18:18 | 000,735,536 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/24 12:18:18 | 000,633,336 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/24 12:18:18 | 000,115,296 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/24 12:14:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/24 12:13:10 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/23 13:26:12 | 000,465,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/23 11:02:21 | 000,001,702 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxnation-secure-search.xml
[2013/10/21 18:07:12 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/21 18:06:31 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/10/17 18:41:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bella\Desktop\OTL.exe
[2013/10/17 18:39:50 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-BELLA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/09/27 22:08:48 | 000,064,021 | ---- | M] () -- C:\Users\bella\Desktop\print-ticket.pdf
[2013/09/27 22:00:19 | 000,073,067 | ---- | M] () -- C:\Users\bella\Desktop\Itinerary_ Harare.pdf
[2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2013/09/25 21:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys
[2013/09/24 20:36:09 | 030,994,344 | ---- | M] () -- C:\Users\bella\Desktop\Excel Magic Trick 939_ Use OR and AND Functions In IF Function For Logical Tests.mp4
[2013/09/24 20:24:21 | 095,492,676 | ---- | M] () -- C:\Users\bella\Desktop\Excel Magic Trick 778_ INDEX & MATCH Lookup Functions Beginning To Advanced (18 Examples).mp4

========== Files Created - No Company Name ==========

[2013/10/23 13:25:57 | 000,465,352 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/21 18:07:12 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/10/21 18:06:46 | 000,001,702 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxnation-secure-search.xml
[2013/10/17 18:39:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BELLA-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/09/27 22:08:53 | 000,064,021 | ---- | C] () -- C:\Users\bella\Desktop\print-ticket.pdf
[2013/09/27 22:00:24 | 000,073,067 | ---- | C] () -- C:\Users\bella\Desktop\Itinerary_ Harare.pdf
[2013/09/24 20:35:59 | 030,994,344 | ---- | C] () -- C:\Users\bella\Desktop\Excel Magic Trick 939_ Use OR and AND Functions In IF Function For Logical Tests.mp4
[2013/09/24 20:23:52 | 095,492,676 | ---- | C] () -- C:\Users\bella\Desktop\Excel Magic Trick 778_ INDEX & MATCH Lookup Functions Beginning To Advanced (18 Examples).mp4
[2013/04/18 19:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/10/15 21:15:32 | 000,172,715 | ---- | C] () -- C:\Windows\hpoins46.dat
[2012/10/15 21:15:32 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2012/08/10 21:21:02 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/08/10 21:19:47 | 000,252,928 | ---- | C] () -- C:\Windows\SysWow64\GSService.exe
[2012/04/09 21:27:12 | 000,173,200 | ---- | C] () -- C:\Windows\hpoins46.dat.temp
[2012/04/09 21:27:12 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2012/02/02 14:19:00 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/11/07 22:59:27 | 000,031,486 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpSDC11795_OPT.4
[2011/11/07 22:59:27 | 000,030,893 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpSDC11795_OPT.3
[2011/11/07 22:59:25 | 000,030,668 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpSDC11795_OPT.2
[2011/11/07 22:59:24 | 000,030,688 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpSDC11795_OPT.1
[2011/11/07 22:59:23 | 000,031,486 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpSDC11795_OPT.0
[2011/11/07 22:59:23 | 000,030,688 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpSDC11795_OPT.JPG
[2011/07/28 22:16:06 | 000,071,158 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpIMAG0189.6
[2011/07/28 22:16:04 | 000,071,144 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpIMAG0189.5
[2011/07/28 22:15:57 | 000,071,093 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpIMAG0189.4
[2011/07/28 22:15:55 | 000,071,043 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpIMAG0189.3
[2011/07/28 22:15:52 | 000,070,950 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpIMAG0189.2
[2011/07/28 22:15:50 | 000,070,998 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpIMAG0189.1
[2011/07/28 22:15:43 | 000,009,720 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpIMAG0189_navi.JPG
[2011/07/28 22:15:40 | 000,586,814 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpIMAG0189.JPG
[2011/06/14 21:24:26 | 000,001,854 | ---- | C] () -- C:\Users\bella\AppData\Roaming\GhostObjGAFix.xml
[2011/04/25 09:09:13 | 000,000,000 | ---- | C] () -- C:\Users\bella\AppData\Roaming\wklnhst.dat
[2010/11/27 23:52:43 | 000,007,597 | ---- | C] () -- C:\Users\bella\AppData\Local\Resmon.ResmonCfg
[2010/10/24 20:48:02 | 000,036,661 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpDSC_0024.4
[2010/10/24 20:48:00 | 000,036,345 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpDSC_0024.3
[2010/10/24 20:47:59 | 000,036,269 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpDSC_0024.2
[2010/10/24 20:47:57 | 000,035,772 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpDSC_0024.1
[2010/10/24 20:47:44 | 000,035,772 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpDSC_0024.JPG
[2010/10/03 21:41:11 | 000,037,254 | ---- | C] () -- C:\Users\bella\AppData\Local\tmpDSC_0024.0
[2010/08/20 11:35:02 | 000,000,000 | ---- | C] () -- C:\Users\bella\AppData\Local\prvlcl.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/08/23 19:42:51 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Amazon
[2013/10/21 18:09:56 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\AVG2014
[2013/08/31 20:53:54 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Dropbox
[2012/11/25 19:34:10 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\DVDVideoSoft
[2011/07/09 16:31:33 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Evaer
[2013/01/14 18:59:52 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\ICAClient
[2010/08/23 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Juniper Networks
[2010/08/27 21:33:51 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\OpenOffice.org
[2013/08/22 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Samsung
[2012/03/15 20:06:48 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Serif
[2011/12/30 15:24:48 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\SwordSearcher 5
[2011/04/25 09:09:15 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Template
[2012/12/02 21:33:43 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\TK8 Software
[2012/12/11 23:05:20 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\TuneUp Software
[2012/01/29 19:48:18 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\Windows Live Writer
[2011/01/22 23:34:57 | 000,000,000 | ---D | M] -- C:\Users\bella\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 480 bytes -> C:\Users\bella\Desktop\Tea party invitation A4 .ppp:SummaryInformation
@Alternate Data Stream - 448 bytes -> C:\Users\bella\Desktop\Kiddy Kit.ppp:SummaryInformation

< End of report >
jumanji007
Active Member
 
Posts: 12
Joined: October 16th, 2013, 4:09 pm

Re: AVG threat detected (re-opening thread)

Unread postby jumanji007 » October 24th, 2013, 5:13 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=48e92b0446b10b46b630ae04ca8049a8
# engine=15622
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-24 06:57:44
# local_time=2013-10-24 07:57:44 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 6388878 135106114 0 0
# scanned=87933
# found=67
# cleaned=0
# scan_time=1858
sh=DF13FE5BF2DDD956EB1B5B617D2F586F28442623 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\41552.crx.vir"
sh=F3679B8C67727BC89667E2C90F4AB47E6337BDF4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\41552.xpi.vir"
sh=1D86FC97AB49564A2024D59EC7816A4D3CC6C041 ft=1 fh=97d439143ab78456 vn="a variant of Win32/Toolbar.CrossRider.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-bg.exe.vir"
sh=44FFFD0521DF35BA6B52F58A443231C3AB7A3656 ft=1 fh=c71c00113f60402f vn="probably a variant of Win32/Toolbar.CrossRider.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.dll.vir"
sh=8E4A191CAEE38213CDFEEF9E54E934DD9D4AA789 ft=1 fh=9fa217e8c5ecb309 vn="a variant of Win32/Toolbar.CrossRider.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.exe.vir"
sh=F750415A76DDA9055AB6C3EABCAB5FDDF74E8139 ft=1 fh=f3fd0242b69965f6 vn="a variant of Win64/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.dll.vir"
sh=6CD37C305BCD649E98C8D2BEBFDB3257A1B8CDA3 ft=1 fh=9fa217e8cd6bcbc4 vn="a variant of Win64/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.exe.vir"
sh=A969603B61B43F5826544023C806193013DAB67A ft=1 fh=4d0e1cdc06a6b0cd vn="a variant of Win32/Toolbar.CrossRider.J application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe.vir"
sh=965F6B1393EBA0108DC731EEFD15B67A0F4B249F ft=1 fh=ea6acb4c90318296 vn="a variant of Win32/Toolbar.CrossRider.J application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe.vir"
sh=9E76B382C6B90BBB2BA7F06D7125A545B21FDB65 ft=1 fh=177e90c63dad86be vn="a variant of Win32/Toolbar.CrossRider.J application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe.vir"
sh=EC873C4F6F2C66752A40BFF8AA6AD6706C730BC2 ft=1 fh=2047a1b6a13dbe46 vn="a variant of Win32/Toolbar.CrossRider.J application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe.vir"
sh=447240DDF3020A843A8DEFCCBF6E96CFAEC85809 ft=1 fh=e982e12c695e76ed vn="a variant of Win32/Toolbar.CrossRider.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-helper.exe.vir"
sh=236A1BA626545B523154EF9C94F7C67ACB2277B3 ft=1 fh=178ab8455c6dcfdf vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\utils.exe.vir"
sh=394CED447F63ABA2C53FA1C70CB480975CECDD9A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Codecv\background.html.vir"
sh=8E842BF068B04F36475A3BF86C5EA6A9839BBB5E ft=1 fh=e5da1a6b62afb1d7 vn="Win32/Adware.MultiPlug application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Codecv\bhoclass.dll.vir"
sh=D36ADA230E31B3C2E90EF7D568F28AA4720B5B4A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Codecv\lodfkepbokhcioaagenlembeblkngbpl.crx.vir"
sh=13752D6DE430B3E80462F613662E1B41FB6E6E38 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekifjkgmbihflcfhimdncpembbelajb\1\5207a191683979.30837781.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=7E797140BE2D76B80EC180071B039E1DA561191D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=B722DAE133C86CAE8AA27B11DDBED514EFA8DB48 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\504238bdd7c2a@504238bdd7c63.info\content\bg.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=1BF9694366B985EC899BEE2A537851B0A89182EC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=DB51332A37F65FD4863EE1B8A5BA62A02DA885F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C5DD383664008DA61501CCBAF1279A498CC468F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\170_icm1_5_m.js.vir"
sh=EDAF8A2B6318DD482F0BBDC2A96C109697D86E5A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=2184DFBF93B03726607BF2C44682CF058FB2987B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=48e92b0446b10b46b630ae04ca8049a8
# engine=15622
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-24 09:12:21
# local_time=2013-10-24 10:12:21 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 6396955 135114191 0 0
# scanned=244542
# found=69
# cleaned=0
# scan_time=8013
sh=DF13FE5BF2DDD956EB1B5B617D2F586F28442623 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\41552.crx.vir"
sh=F3679B8C67727BC89667E2C90F4AB47E6337BDF4 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\41552.xpi.vir"
sh=1D86FC97AB49564A2024D59EC7816A4D3CC6C041 ft=1 fh=97d439143ab78456 vn="a variant of Win32/Toolbar.CrossRider.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-bg.exe.vir"
sh=44FFFD0521DF35BA6B52F58A443231C3AB7A3656 ft=1 fh=c71c00113f60402f vn="probably a variant of Win32/Toolbar.CrossRider.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.dll.vir"
sh=8E4A191CAEE38213CDFEEF9E54E934DD9D4AA789 ft=1 fh=9fa217e8c5ecb309 vn="a variant of Win32/Toolbar.CrossRider.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil.exe.vir"
sh=F750415A76DDA9055AB6C3EABCAB5FDDF74E8139 ft=1 fh=f3fd0242b69965f6 vn="a variant of Win64/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.dll.vir"
sh=6CD37C305BCD649E98C8D2BEBFDB3257A1B8CDA3 ft=1 fh=9fa217e8cd6bcbc4 vn="a variant of Win64/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-buttonutil64.exe.vir"
sh=A969603B61B43F5826544023C806193013DAB67A ft=1 fh=4d0e1cdc06a6b0cd vn="a variant of Win32/Toolbar.CrossRider.J application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-chromeinstaller.exe.vir"
sh=965F6B1393EBA0108DC731EEFD15B67A0F4B249F ft=1 fh=ea6acb4c90318296 vn="a variant of Win32/Toolbar.CrossRider.J application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-codedownloader.exe.vir"
sh=9E76B382C6B90BBB2BA7F06D7125A545B21FDB65 ft=1 fh=177e90c63dad86be vn="a variant of Win32/Toolbar.CrossRider.J application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-enabler.exe.vir"
sh=EC873C4F6F2C66752A40BFF8AA6AD6706C730BC2 ft=1 fh=2047a1b6a13dbe46 vn="a variant of Win32/Toolbar.CrossRider.J application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-firefoxinstaller.exe.vir"
sh=447240DDF3020A843A8DEFCCBF6E96CFAEC85809 ft=1 fh=e982e12c695e76ed vn="a variant of Win32/Toolbar.CrossRider.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\LyricsSay-1-helper.exe.vir"
sh=236A1BA626545B523154EF9C94F7C67ACB2277B3 ft=1 fh=178ab8455c6dcfdf vn="multiple threats" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricsSay-1\utils.exe.vir"
sh=394CED447F63ABA2C53FA1C70CB480975CECDD9A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Codecv\background.html.vir"
sh=8E842BF068B04F36475A3BF86C5EA6A9839BBB5E ft=1 fh=e5da1a6b62afb1d7 vn="Win32/Adware.MultiPlug application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Codecv\bhoclass.dll.vir"
sh=D36ADA230E31B3C2E90EF7D568F28AA4720B5B4A ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Codecv\lodfkepbokhcioaagenlembeblkngbpl.crx.vir"
sh=13752D6DE430B3E80462F613662E1B41FB6E6E38 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\hekifjkgmbihflcfhimdncpembbelajb\1\5207a191683979.30837781.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\125_arcadi2_m.js.vir"
sh=7E797140BE2D76B80EC180071B039E1DA561191D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjcbkbcncfkoljakenekllbfdonhjef\1.24.15_0\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=B722DAE133C86CAE8AA27B11DDBED514EFA8DB48 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\504238bdd7c2a@504238bdd7c63.info\content\bg.js.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\107_coupish_m.js.vir"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\108_icm_m.js.vir"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\116_ads_only_5_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\125_arcadi2_m.js.vir"
sh=1BF9694366B985EC899BEE2A537851B0A89182EC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=62892F2CBAFB6FD3DFDAD794F871133E0CF4FCA8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\127_revizer_p_m.js.vir"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\128_superfish_pricora_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\129_widdit_m.js.vir"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\135_arcadi3_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\138_getdeal_m.js.vir"
sh=DB51332A37F65FD4863EE1B8A5BA62A02DA885F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\155_ibario_pops_m.js.vir"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js.vir"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\159_cortica_rollover_m.js.vir"
sh=C5DD383664008DA61501CCBAF1279A498CC468F8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\170_icm1_5_m.js.vir"
sh=EDAF8A2B6318DD482F0BBDC2A96C109697D86E5A ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=2184DFBF93B03726607BF2C44682CF058FB2987B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\bella\AppData\Roaming\Mozilla\Firefox\Profiles\ocmbxw5g.default\Extensions\71139f7b-cef2-4ada-9c60-25f887d7e2e1@5b129621-59ed-453c-9453-d7593ee48c04.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js.vir"
sh=41511ADB8B48C27F07FB878BD15A47BA84CBB123 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip worm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\WinDownloadergen.zip"
sh=E11C8EFE0DBB2349C5E521D8F9686E3367B3DF53 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows\Installer\65eb8.msi"
jumanji007
Active Member
 
Posts: 12
Joined: October 16th, 2013, 4:09 pm

Re: AVG threat detected (re-opening thread)

Unread postby Cypher » October 25th, 2013, 5:31 am

Hi,
No AVG threats detected.

Excellent.
We need to run another fix, then if no further problems i can give you final instructions.

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following script into the Image textbox. Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).
    Code: Select all
    :commands
    [createrestorepoint]
    
    :processes
    killallprocesses
    
    :otl
    O2 - BHO: (no name) - {11111111-1111-1111-1111-110411151152} - No CLSID value found.
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    @Alternate Data Stream - 480 bytes -> C:\Users\bella\Desktop\Tea party invitation A4 .ppp:SummaryInformation
    @Alternate Data Stream - 448 bytes -> C:\Users\bella\Desktop\Kiddy Kit.ppp:SummaryInformation
    
    :files
    C:\Windows\Installer\65eb8.msi
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: AVG threat detected (re-opening thread)

Unread postby jumanji007 » October 25th, 2013, 2:15 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411151152}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411151152}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
ADS C:\Users\bella\Desktop\Tea party invitation A4 .ppp:SummaryInformation deleted successfully.
ADS C:\Users\bella\Desktop\Kiddy Kit.ppp:SummaryInformation deleted successfully.
========== FILES ==========
C:\Windows\Installer\65eb8.msi moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\bella\Desktop\cmd.bat deleted successfully.
C:\Users\bella\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bella
->Temp folder emptied: 948236 bytes
->Temporary Internet Files folder emptied: 3383333 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 385425696 bytes
->Flash cache emptied: 2942 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Public
->Temp folder emptied: 0 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30370345 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 787888 bytes

Total Files Cleaned = 401.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10252013_185714

Files\Folders moved on Reboot...
C:\Users\bella\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\bella\AppData\Local\Mozilla\Firefox\Profiles\ocmbxw5g.default\Cache\_CACHE_001_ moved successfully.
C:\Users\bella\AppData\Local\Mozilla\Firefox\Profiles\ocmbxw5g.default\Cache\_CACHE_002_ moved successfully.
C:\Users\bella\AppData\Local\Mozilla\Firefox\Profiles\ocmbxw5g.default\Cache\_CACHE_003_ moved successfully.
C:\Users\bella\AppData\Local\Mozilla\Firefox\Profiles\ocmbxw5g.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\bella\AppData\Local\Mozilla\Firefox\Profiles\ocmbxw5g.default\_CACHE_CLEAN_ moved successfully.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
jumanji007
Active Member
 
Posts: 12
Joined: October 16th, 2013, 4:09 pm

Re: AVG threat detected (re-opening thread)

Unread postby Cypher » October 26th, 2013, 5:21 am

Hi,
Looks like you're good to go, your computer appears to be clean of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up with OTL

  • Right click on OTL.exe And select Run as administrator to run it.
  • This will remove some of the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Next.

  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Uninstall.
  • Confirm with yes.

You can now delete any tools/logs we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Java

Download and install Java 7 Update 45 from Here

Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (11.0.04).
  • Note: Uncheck install McAfee Security Scan Plus

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: AVG threat detected (re-opening thread)

Unread postby jumanji007 » October 26th, 2013, 5:45 pm

Awesome. Thanks for your help.
jumanji007
Active Member
 
Posts: 12
Joined: October 16th, 2013, 4:09 pm

Re: AVG threat detected (re-opening thread)

Unread postby Cypher » October 27th, 2013, 6:47 am

Awesome. Thanks for your help.

My pleasure, good luck and stay safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware