Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Trojan found - please help

  • 31-12-2013 1:48am
    #1
    Registered Users Posts: 246 ✭✭


    Hi Jsa112,

    I would appreciate VERY MUCH if you could help me to remove viruses from my laptop.
    It is old and I should buy a new one, but it will take a while...
    It is slow and Firefox keeps crashing (Flash plug in problem) + last week it shows odd date time on start up.
    Yesterday, AVG detected Trojan and I run Malwarebytes which removed it.
    I did it twice as first time I only removed Trojan, next time I removed all.
    Today I run it again and another Trojan was found, which I removed.
    I am posting you all 3 logs in the next 3 posts.
    I see that someone with the same problem run OTL so I run it as well. I just downloaded it and click "Run Scan" - logs are in the 4th and 5th post.



    Thank you so much in advance.


«13

Comments

  • Registered Users Posts: 246 ✭✭sandra_b


    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org/
    Database version: v2013.12.29.06
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Laptop :: LAPTOP-PC [administrator]
    30/12/2013 23:34:49
    mbam-log-2013-12-30 (23-34-49).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 210112
    Time elapsed: 43 minute(s), 40 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hemxccapeaj.exe (Trojan.VBInject) -> Delete on reboot.
    (end)


  • Registered Users Posts: 246 ✭✭sandra_b


    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org/
    Database version: v2013.12.29.06
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Laptop :: LAPTOP-PC [administrator]
    30/12/2013 02:08:01
    mbam-log-2013-12-30 (02-08-01).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 208333
    Time elapsed: 16 minute(s), 52 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 12
    HKCR\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\PriceFactorIE.PriceGongBHO.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\PriceFactorIE.PriceGongBHO (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\PriceGongIE.PriceGongCtrl.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\PriceGongIE.PriceGongCtrl (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    HKCR\AppID\PriceGongIE.DLL (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 1
    C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
    (end)


  • Registered Users Posts: 246 ✭✭sandra_b


    Malwarebytes Anti-Malware 1.75.0.1300
    http://www.malwarebytes.org/
    Database version: v2013.12.29.06
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Laptop :: LAPTOP-PC [administrator]
    30/12/2013 00:17:50
    mbam-log-2013-12-30 (00-17-50).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206092
    Time elapsed: 31 minute(s), 54 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 1
    C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PUP.Optional.PriceGong.A) -> No action taken.
    Registry Keys Detected: 12
    HKCR\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\PriceFactorIE.PriceGongBHO.1 (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\PriceFactorIE.PriceGongBHO (PUP.Optional.PriceGong.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\PriceGongIE.PriceGongCtrl.1 (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\PriceGongIE.PriceGongCtrl (PUP.Optional.PriceGong.A) -> No action taken.
    HKCR\AppID\PriceGongIE.DLL (PUP.Optional.PriceGong.A) -> No action taken.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)


  • Registered Users Posts: 246 ✭✭sandra_b


    OTL logfile created on: 31/12/2013 00:56:49 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    984.18 Mb Total Physical Memory | 287.48 Mb Available Physical Memory | 29.21% Memory free
    2.18 Gb Paging File | 0.83 Gb Available in Paging File | 37.96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.31 Gb Total Space | 80.28 Gb Free Space | 58.04% Space Free | Partition Type: NTFS
    Drive D: | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS

    Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/30 23:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Downloads\OTL.exe
    PRC - [2013/12/15 21:20:57 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2013/12/15 21:20:56 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
    PRC - [2013/12/15 21:20:56 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
    PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
    PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
    PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
    PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
    PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
    PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
    PRC - [2013/06/06 21:06:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
    PRC - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
    PRC - [2010/11/16 13:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
    PRC - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
    PRC - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
    PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/06/13 12:06:44 | 000,414,720 | ---- | M] (ODM) -- C:\Program Files\OEM\OSD_1.2\osd.exe
    PRC - [2008/05/07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.2\OsdService.exe
    PRC - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/15 21:20:57 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2013/12/15 21:20:57 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
    MOD - [2013/10/19 02:26:18 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
    MOD - [2013/08/15 20:02:40 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
    MOD - [2013/08/15 19:58:55 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
    MOD - [2013/07/11 19:42:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
    MOD - [2013/06/06 21:06:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
    MOD - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
    MOD - [2009/04/15 09:32:22 | 000,135,168 | ---- | M] () -- C:\Program Files\Broadband to go\LocaleMgrPlugin.dll
    MOD - [2009/04/15 09:31:30 | 000,159,744 | ---- | M] () -- C:\Program Files\Broadband to go\SMSPlugin.dll
    MOD - [2009/04/15 09:30:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Broadband to go\NotifyServicePlugin.dll
    MOD - [2009/04/15 09:26:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Broadband to go\ConfigFilePlugin.dll
    MOD - [2009/04/15 09:24:16 | 000,098,304 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrPlugin.dll
    MOD - [2009/04/15 09:20:46 | 000,118,784 | ---- | M] () -- C:\Program Files\Broadband to go\NetInfoPlugin.dll
    MOD - [2009/04/15 09:17:36 | 000,086,016 | ---- | M] () -- C:\Program Files\Broadband to go\DialUpPlugin.dll
    MOD - [2009/04/15 09:16:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrUIPlugin.dll
    MOD - [2009/04/15 09:06:26 | 000,856,064 | ---- | M] () -- C:\Program Files\Broadband to go\NDISAPI.dll
    MOD - [2008/11/08 14:15:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\XCodec.dll
    MOD - [2008/11/08 14:15:40 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceOperate.dll
    MOD - [2008/11/08 14:15:34 | 000,151,552 | ---- | M] () -- C:\Program Files\Broadband to go\DetectDev.dll
    MOD - [2008/11/08 14:15:28 | 000,552,960 | ---- | M] () -- C:\Program Files\Broadband to go\atcomm.dll
    MOD - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
    MOD - [2007/08/23 15:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Broadband to go\isaputrace.dll
    MOD - [2007/07/31 14:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Broadband to go\FileManager.dll


    ========== Services (SafeList) ==========

    SRV - [2013/12/21 01:26:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/15 21:20:56 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
    SRV - [2013/12/10 22:11:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
    SRV - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
    SRV - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.2\OsdService.exe -- (OsdService)
    SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
    DRV - [2013/11/10 14:41:57 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
    DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
    DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
    DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/01/13 10:54:18 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
    DRV - [2011/01/13 10:54:16 | 000,089,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
    DRV - [2011/01/13 10:54:16 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2011/01/13 10:54:16 | 000,064,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
    DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2010/06/17 16:09:00 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
    DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3)
    DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
    DRV - [2009/02/17 19:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2008/12/30 10:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
    DRV - [2008/12/13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/07/15 08:20:24 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2008/07/10 10:36:06 | 000,331,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
    DRV - [2008/05/21 16:46:48 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
    DRV - [2008/05/02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2008/04/22 18:06:56 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
    DRV - [2008/01/21 02:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
    DRV - [2007/08/23 10:22:08 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI;
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.askaboutmoney.com/forum [Binary data over 200 bytes]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{4186E915-6684-410A-A99C-66AF1C7C2FBF}: "URL" = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={67DB2C4F-1BD0-4C23-B6F8-F82FB2E5F196}&mid=358a021a42c7445281ced87b11c35f73-3be0ba691d70878c46ba264f8cdaedd3a1cfb76e&lang=en&ds=AVG&pr=fr&d=2013-09-25 22:48:34&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..extensions.enabledAddons: %7Bda8bd68d-8e90-41cd-8345-a71b294e72e6%7D:2.0.16.3
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/21 00:13:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/12/18 23:40:06 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]

    [2010/12/27 20:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions
    [2013/11/05 01:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions
    [2011/04/06 19:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/08/15 20:57:51 | 000,380,223 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\izer@camelcamelcamel.com.xpi
    [2013/11/05 01:45:22 | 000,454,725 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
    [2013/12/21 01:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/12/21 01:25:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/12/21 01:25:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/12/21 01:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2013/12/21 01:25:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/12/21 01:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    [2013/12/21 01:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/12/21 01:25:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/12/21 01:26:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2013/06/24 20:44:11 | 000,003,715 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
    CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
    CHR - Extension: AVG Secure Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
    CHR - Extension: AVG Secure Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
    CHR - Extension: Google Wallet = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: Gmail = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ModemListener] C:\Program Files\Mobilni Internet\ModemListener.exe ()
    O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SpareMessaging] C:\Program Files\Spare Messaging\MessagingApp.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: raiffeisenbank.rs ([rol] https in Trusted sites)
    O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll (FileInterface Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll (SecAPI Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D476B39-5E72-4B60-B1B3-51942DB45C12}: DhcpNameServer = 62.40.32.33 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB56C1F-01D1-4F60-907E-B6CEEEAD28B3}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B69C798C-C9E4-4294-9585-642735622220}: NameServer = 212.129.64.220 212.129.64.221
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C401496D-850D-4C25-ABE5-409F1360FD22}: DhcpNameServer = 62.40.32.33 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8B8E3FA-BA28-41C2-B622-4E1C8AD58993}: DhcpNameServer = 192.168.1.1 0.0.0.0
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2008/03/05 00:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell - "" = AutoRun
    O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell - "" = AutoRun
    O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell - "" = AutoRun
    O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell - "" = AutoRun
    O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\Shell\AutoRun\command - "" = D:\Installer.exe
    O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell\AutoRun\command - "" = D:\WIN\setup.exe
    O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell - "" = AutoRun
    O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell - "" = AutoRun
    O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/30 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\dumps
    [2013/12/29 13:03:54 | 000,255,070 | ---- | C] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
    [2013/12/21 01:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/12/12 02:37:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2013/12/12 02:37:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2013/12/12 02:37:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2013/12/12 02:37:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2013/12/12 02:37:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2013/12/12 02:37:39 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2013/12/12 02:37:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2013/12/12 02:37:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2013/12/12 00:33:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
    [2013/12/12 00:33:02 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
    [2013/12/12 00:33:01 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
    [2013/12/12 00:32:46 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
    [2013/12/12 00:32:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
    [2013/12/12 00:31:47 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2013/12/10 10:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2010/11/21 01:03:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laptop\mbam-setup-1.46.exe
    [2010/10/04 00:38:21 | 141,707,952 | ---- | C] (AVG Technologies) -- C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
    [2010/10/04 00:29:57 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\avgremover.exe
    [2010/09/30 00:17:30 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\Laptop\ccsetup236.exe
    [2010/09/28 23:31:05 | 014,951,776 | ---- | C] (Microsoft Corporation) -- C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
    [2010/09/28 23:04:57 | 019,075,976 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Laptop\SkypeSetupFull.exe

    ========== Files - Modified Within 30 Days ==========

    [2013/12/31 01:05:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/12/31 00:35:20 | 000,634,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2013/12/31 00:35:20 | 000,120,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2013/12/31 00:27:42 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/31 00:27:40 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/31 00:27:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/31 00:26:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    [2013/12/31 00:26:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/12/31 00:25:42 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/31 00:17:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/30 00:13:30 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/12/29 13:03:56 | 000,255,070 | ---- | M] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
    [2013/12/29 03:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
    [2013/12/10 22:10:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/12/10 22:10:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/12/05 21:37:36 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

    ========== Files Created - No Company Name ==========

    [2013/12/30 00:13:30 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/05/21 00:08:19 | 000,003,714 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
    [2011/07/18 19:53:39 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{BB5C1344-8CEB-4AEB-97D3-4FB026A34D40}
    [2011/06/23 22:41:55 | 001,529,005 | ---- | C] () -- C:\Users\Laptop\AVGInstLog.cab
    [2011/06/09 23:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{DBE900B0-FC28-482C-AE85-F8BD909E858D}
    [2010/10/24 22:34:24 | 104,347,466 | ---- | C] () -- C:\Users\Laptop\eclipse-java-helios-SR1-win32.zip
    [2010/10/05 00:02:40 | 014,501,192 | ---- | C] () -- C:\Users\Laptop\winzip145.exe
    [2010/09/29 00:16:50 | 000,000,132 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat
    [2010/09/29 00:14:19 | 155,184,736 | ---- | C] () -- C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
    [2010/09/25 16:26:23 | 000,007,680 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >


  • Registered Users Posts: 246 ✭✭sandra_b


    OTL Extras logfile created on: 31/12/2013 00:56:49 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    984.18 Mb Total Physical Memory | 287.48 Mb Available Physical Memory | 29.21% Memory free
    2.18 Gb Paging File | 0.83 Gb Available in Paging File | 37.96% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.31 Gb Total Space | 80.28 Gb Free Space | 58.04% Space Free | Partition Type: NTFS
    Drive D: | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS

    Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0F686817-827A-4DFA-AF19-81C36FC27388}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
    "{21CBE05C-0319-4E98-BF8D-7AA257B69ABF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{3B4DED64-C94F-4A27-AE93-E6B38A406686}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{3F1CD20C-6E81-4B72-9349-EF848C811427}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
    "{407DB6C9-4DE5-4804-8DA2-D5C46E7DD576}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
    "{487AE651-B21A-48B5-B01B-E321F97B45FF}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
    "{6CD4EEB8-1348-495A-BBB6-907A055D71D0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{766A76AB-DA30-4BAA-B1D7-1CF7AB55B77F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{767BD960-8B8B-427D-A120-43718ECE6987}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
    "{869723A7-0311-48F2-922E-BDC165A0C557}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
    "{8B0787E1-AEAB-4563-9194-2B344D4DF950}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
    "{D9571F73-7711-4AAA-92A2-1904534F687F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{DE041E30-4306-4CBE-B4E4-08A233006137}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{E1519E84-7C12-49D0-9196-314860169A50}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
    "{E2E90169-84D1-4678-A513-34DA0D40D0C9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{E406489E-3D9B-4953-AE88-1EADABEF257E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
    "{F27DD36F-E1C4-4322-BDCA-33F0AD586FF8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
    "{F28DF785-9674-49DC-BF6A-0AC26936F103}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "TCP Query User{89D4C546-14D8-42E0-9737-98B4F26665EF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{9574B267-CB2F-47DB-913D-CB4B5BC49860}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
    "UDP Query User{6466B0F2-A3ED-40AB-A688-24B2EA618D90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{815EC70A-B98E-4FDE-B45F-38DEFC6D0668}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
    "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
    "{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}" = AVG 2014
    "{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
    "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.2
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "7-Zip" = 7-Zip 4.65
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "alotToolbar" = ALOT Toolbar
    "AVG" = AVG 2014
    "AVG Secure Search" = AVG Security Toolbar
    "Broadband to go" = Broadband to go
    "CCleaner" = CCleaner
    "eircom mobile broadband" = eircom mobile broadband
    "Google Chrome" = Google Chrome
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Huawei Modems" = Huawei modem
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mobilni Internet ALCATEL_is1" = Mobilni Internet
    "Mozilla Firefox 26.0 (x86 en-GB)" = Mozilla Firefox 26.0 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "O2 Broadband" = O2 Broadband
    "PriceGong" = PriceGong 2.1.0

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 29/12/2013 21:04:06 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/12/2013 21:04:06 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/12/2013 21:04:07 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/12/2013 21:04:07 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/12/2013 21:16:10 | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 9.0.8112.16526, time stamp
    0x52855173, faulting module PriceGongIE.dll, version 2.1.0.6, time stamp 0x4baf202a,
    exception code 0xc0000005, fault offset 0x000129b7, process id 0x15b0, application
    start time 0x01cf04fb3b642b62.

    Error - 29/12/2013 22:29:30 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 23/04/2008 20:02:52 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 30/12/2013 14:59:24 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 30/12/2013 17:44:33 | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
    Description = Faulting application FlashPlayerPlugin_11_9_900_170.exe, version 11.9.900.170,
    time stamp 0x529b79bf, faulting module ntdll.dll, version 6.0.6002.18881, time
    stamp 0x51da3e27, exception code 0xc000070a, fault offset 0x0008adc5, process id
    0x3f38, application start time 0x01cf05a7337ffb5e.

    Error - 30/12/2013 20:09:49 | Computer Name = Laptop-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 26.0.0.5087 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Problem Reports and Solutions control panel. Process
    ID: 5a64 Start Time: 01cf05bac482419e Termination Time: 1922

    Error - 30/12/2013 20:27:35 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 02/09/2013 15:42:54 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (828.1128)

    Error - 02/09/2013 15:42:54 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (828.1129)

    Error - 17/09/2013 15:00:15 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (1620.1128)

    Error - 17/09/2013 15:00:15 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (1620.1129)

    Error - 26/09/2013 22:11:29 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (16768.1128)

    Error - 26/09/2013 22:11:29 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (16768.1129)

    Error - 02/10/2013 15:37:58 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (2192.1128)

    Error - 02/10/2013 15:37:58 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (2192.1129)

    Error - 01/11/2013 06:17:23 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (3016.1128)

    Error - 01/11/2013 06:17:23 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (3016.1129)

    [ System Events ]
    Error - 29/12/2013 21:02:45 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 29/12/2013 21:04:16 | Computer Name = Laptop-PC | Source = DCOM | ID = 10010
    Description =

    Error - 29/12/2013 22:29:30 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 23/04/2008 20:02:53 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 30/12/2013 14:59:24 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 30/12/2013 15:17:10 | Computer Name = Laptop-PC | Source = DCOM | ID = 10005
    Description =

    Error - 30/12/2013 15:17:38 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 30/12/2013 15:17:38 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 30/12/2013 20:23:26 | Computer Name = Laptop-PC | Source = DCOM | ID = 10010
    Description =

    Error - 30/12/2013 20:27:37 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >


  • Advertisement
  • Registered Users Posts: 840 ✭✭✭jsa112


    download and run adwcleaner

    www.bleepingcomputer.com/download/adwcleaner/


    post its log


    open OTL copy this into the box


    :OTL
    O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
    O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
    O32 - AutoRun File - [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
    O32 - AutoRun File - [2008/03/05 00:34:52 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell - "" = AutoRun
    O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell - "" = AutoRun
    O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell - "" = AutoRun
    O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell - "" = AutoRun
    O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell - "" = AutoRun
    O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell - "" = AutoRun
    O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell - "" = AutoRun
    O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\Shell\AutoRun\command - "" = D:\Installer.exe
    O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell\AutoRun\command - "" = D:\WIN\setup.exe
    O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell - "" = AutoRun
    O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell - "" = AutoRun
    O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell - "" = AutoRun
    O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell - "" = AutoRun
    O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell - "" = AutoRun
    O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell - "" = AutoRun
    O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
    [2013/12/29 13:03:54 | 000,255,070 | ---- | C] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
    [2013/12/29 13:03:56 | 000,255,070 | ---- | M] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/12/18 23:40:06 | 000,000,000 | ---D | M]

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c
    C:\hemxccapeaj.exe /s
    C:\Program Files\PriceGong
    C:\bjrwzmzisvc.exe /s


    click run fix post the log it gives you


  • Registered Users Posts: 246 ✭✭sandra_b


    Shell I first run adwcleaner and then OTL "Run Fix"? Do you need log from OTL or adwcleaner? Sorry if this is stupid question, but I am not sure if the order matters :(
    Thank you soooo much!!!!


  • Registered Users Posts: 840 ✭✭✭jsa112


    yes do adwcleaner first then otl, then post both their logs that they give you


  • Registered Users Posts: 246 ✭✭sandra_b


    Adw log is below (I clicked Scan, should I do Clean as well)?
    I am going to run OTL now and post the log when it completes.

    # AdwCleaner v3.016 - Report created 31/12/2013 at 17:23:08
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Laptop - LAPTOP-PC
    # Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526


    -\\ Mozilla Firefox v26.0 (en-GB)

    [ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]

    Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]


  • Registered Users Posts: 246 ✭✭sandra_b


    This is OTL log after restart:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
    C:\Program Files\alot\bin\BHO\alotBHO.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
    C:\Program Files\alot\bin\alot.dll moved successfully.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    File move failed. D:\AUTORUN.INF scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00d35687-ca62-11df-b236-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00d35687-ca62-11df-b236-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96057f-c733-11df-b684-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96057f-c733-11df-b684-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96059c-c733-11df-b684-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96059c-c733-11df-b684-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0f44d0c-c6fb-11df-9e95-00030db35011}\ not found.
    File D:\Installer.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68188af-898b-11e0-a223-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68188af-898b-11e0-a223-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced015f1-c815-11df-9386-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced015f1-c815-11df-9386-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced01605-c815-11df-9386-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced01605-c815-11df-9386-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced01605-c815-11df-9386-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced01605-c815-11df-9386-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d981389f-a741-11e0-a149-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d981389f-a741-11e0-a149-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
    File D:\WIN\setup.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
    File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
    C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe moved successfully.
    File C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe not found.
    Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\ not found.
    C:\Program Files\PriceGong\2.1.0\FF\content folder moved successfully.
    C:\Program Files\PriceGong\2.1.0\FF\components folder moved successfully.
    C:\Program Files\PriceGong\2.1.0\FF folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User

    User: Laptop
    ->Temp folder emptied: 448227 bytes
    ->Temporary Internet Files folder emptied: 232584155 bytes
    ->Java cache emptied: 1237443 bytes
    ->FireFox cache emptied: 130934024 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 9362 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10170274 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 358.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Laptop
    ->Flash cache emptied: 492 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Laptop
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    Error: Unable to interpret < :Files> in the current context!
    Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
    Error: Unable to interpret < C:\hemxccapeaj.exe /s> in the current context!
    Error: Unable to interpret < C:\Program Files\PriceGong> in the current context!
    Error: Unable to interpret < C:\bjrwzmzisvc.exe /s> in the current context!

    OTL by OldTimer - Version 3.2.69.0 log created on 12312013_173650

    Files\Folders moved on Reboot...
    File\Folder D:\AutoRun.exe not found!
    File\Folder D:\AUTORUN.INF not found!
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC0PGFTE\envelope1[1].eot moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KU09T2\pool_distilled_ie[11].htm moved successfully.
    File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KU09T2\showthread[2].htm not found!
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQQ379GX\xframe-proxy_20130927[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\12[3].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\pool_distilled_ie[6].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\showthread[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE6BPX6T\ai[3].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EU2ENB4T\mail-ltr6[1].eot moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXL1YJTD\st[1] moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\ai[4].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\ai[5].htm moved successfully.
    File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\facebook_com[1].htm not found!
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\pool_distilled_ieCA9IISWB.htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\pool_distilled_ieCARICNHK.htm moved successfully.
    File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\push[1].htm not found!
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\fc[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\r-csc[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\r-sf[1].htm moved successfully.
    C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2K6MDFGJ\xframe-proxy_20130927[1].htm moved successfully.
    File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • Advertisement
  • Registered Users Posts: 246 ✭✭sandra_b


    I don't know if it is relevant - there are some errors in the log about D:/ files not found.
    D:/ is the drive when I run my broadband dongle, and it is not connected on start up. It was running during scan though.

    Happy New Year to you!

    Do you think it is safe to log in to internet banking?


  • Registered Users Posts: 840 ✭✭✭jsa112


    yeah let adwcleaner clean anything it finds.

    don't worry bout the D:\ drive thing.

    yep should be fine to do internet banking


    just one more thing, do you have the avg log from when it found something ?


  • Registered Users Posts: 246 ✭✭sandra_b


    Hi jsa112,

    I'll scan and clean with adwcleaner again. I'll post you that log later this evening.

    I can't find log from AVG, there is only "Reports" tab with update logs. I'll google or look in help to find if it is hidden somewhere.

    Thank you :)


  • Registered Users Posts: 246 ✭✭sandra_b


    Hi again,

    I managed to find something in AVG. These are not log files, but I got them in History and did "Export" to text files. There were 4 trojans:

    Trojan1:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"


    Trojan2:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"


    Trojan3:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"


    Trojan4:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"


  • Registered Users Posts: 840 ✭✭✭jsa112


    open OTL click the none button at the very top, then copy and paste this into the box


    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    SaveMBR:0
    createrestorepoint
    %systemroot%\*. /mp /s
    C:\*.*
    showhidden
    c:\Users\Laptop\AppData\Roaming\*.*
    C:\Program Files\Internet Explorer\iexplore.exe /md5
    /md5start
    svchost.exe
    /md5stop


    click run scan post the log it gives


  • Registered Users Posts: 246 ✭✭sandra_b


    Ok, I'll do that now.
    I have just run adwcleaner, do you want to see logs from scan and clean?
    I noticed it removed AVG secure search from Firefox. Why is that? I thought AVG is "safe" (although I can't remember how I installed it, it was probably always there :( )


  • Registered Users Posts: 840 ✭✭✭jsa112


    yeah post all logs I ask for. AVG installed some crap toolbar thats why it got removed.


  • Registered Users Posts: 246 ✭✭sandra_b


    Hi Jsa112,

    during OTL scan AVG has detected trojan again and I clicked an option to remove it. Is it OK, should I have ignored it? What does it mean, is it "false" alarm?

    I am posting 3 logs in the bext 3 posts - adwcleaner scan, adwcleaner clean and the latest OTL scan.

    Here is report from AVG when it found Trojan during otl.exe:

    Resident Shield Results
    "Threat Name" "Result" "Detection Time" "Object Type" "Process"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
    "Trojan horse BackDoor.Generic18.ENR, c:\_OTL\MovedFiles\12312013_173650\C_Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe" "Secured" "31/12/2013, 22:02:08" "File or Directory" "C:\Users\Laptop\Downloads\OTL.exe"


  • Registered Users Posts: 246 ✭✭sandra_b


    adwcleaner scan log:

    # AdwCleaner v3.016 - Report created 31/12/2013 at 20:40:05
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Laptop - LAPTOP-PC
    # Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526


    -\\ Mozilla Firefox v26.0 (en-GB)

    [ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]

    Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1071 octets] - [31/12/2013 17:23:08]
    AdwCleaner[R1].txt - [993 octets] - [31/12/2013 20:40:05]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1052 octets] ##########


  • Registered Users Posts: 246 ✭✭sandra_b


    adwcleaner clean log:

    # AdwCleaner v3.016 - Report created 31/12/2013 at 20:42:30
    # Updated 23/12/2013 by Xplode
    # Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # Username : Laptop - LAPTOP-PC
    # Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\Program Files\AVG Secure Search
    Folder Deleted : C:\Program Files\PriceGong
    Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\Laptop\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Laptop\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Laptop\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\Laptop\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\alot
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16526


    -\\ Mozilla Firefox v26.0 (en-GB)

    [ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]

    Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1071 octets] - [31/12/2013 17:23:08]
    AdwCleaner[R1].txt - [1132 octets] - [31/12/2013 20:40:05]
    AdwCleaner[S0].txt - [7855 octets] - [31/12/2013 20:42:30]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7915 octets] ##########


  • Advertisement
  • Registered Users Posts: 246 ✭✭sandra_b


    OTL log:

    OTL logfile created on: 31/12/2013 21:40:04 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    984.18 Mb Total Physical Memory | 75.26 Mb Available Physical Memory | 7.65% Memory free
    2.18 Gb Paging File | 1.07 Gb Available in Paging File | 49.01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.31 Gb Total Space | 82.60 Gb Free Space | 59.72% Space Free | Partition Type: NTFS
    Drive D: | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS

    Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - - File not found
    MsConfig - StartUpFolder: C:^Users^Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found
    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
    MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    MsConfig - StartUpReg: UpdateP2GShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    MsConfig - State: "startup" - 2

    SafeBootMin: AppMgmt - Service
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    SafeBootNet: AppMgmt - Service
    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - Service
    SafeBootNet: Messenger - Service
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: NTDS - File not found
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: rdsessmgr - Service
    SafeBootNet: sacsvr - Service
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootNet: WudfUsbccidDriver - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
    SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Custom Scans ==========

    < %systemroot%\*. /mp /s >

    < C:\*.* >
    [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/21 02:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2008/02/06 16:51:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2013/12/31 21:31:26 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
    [2013/12/31 21:31:23 | 1346,555,904 | -HS- | M] () -- C:\pagefile.sys
    [2013/12/31 21:42:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
    [2010/12/18 23:40:02 | 000,005,892 | ---- | M] () -- C:\scramble.log
    [2010/10/15 18:16:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
    [2013/12/31 20:44:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
    [2010/09/19 17:33:28 | 000,000,000 | -H-D | M] -- C:\Applications\OEM
    [2011/04/11 23:42:05 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2010/10/24 09:25:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
    [2010/10/30 15:14:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
    [2010/10/30 15:14:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\YouCam\1.00
    [2010/10/30 15:14:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\YouCam\1.00
    [2006/11/02 12:37:34 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
    [2006/11/02 13:02:03 | 000,000,000 | RH-D | M] -- C:\Users\Default
    [2006/11/02 11:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
    [2010/09/19 17:33:44 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData
    [2010/10/04 12:35:32 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
    [2010/10/04 12:39:36 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
    [2010/09/23 17:07:13 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Media Player\Art Cache
    [2010/09/19 17:34:33 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn
    [2010/10/15 11:42:25 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn1
    [2011/01/13 01:29:34 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn2
    [2010/11/09 00:18:17 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\CyberLink\MediaCache
    [2010/09/23 18:53:21 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\CyberLink\MediaCache\Power2Go
    [2011/05/27 22:14:25 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
    [2010/10/04 12:38:51 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\IETldCache\Low
    [2010/10/04 12:39:17 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
    [2013/12/30 00:13:30 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
    [2006/11/02 10:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
    [2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
    [2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\Power2Go
    [2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{397A21FB-EADF-4116-9027-32B8FA04C3E2}\Version\5.50
    [2010/09/23 18:53:05 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{E303BA32-9368-4a3c-AE3A-AFDADCBDE48B}\Version\1.00
    [2012/12/26 20:47:54 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
    [2006/11/02 11:18:34 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
    [2008/09/12 17:37:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData

    < c:\Users\Laptop\AppData\Roaming\*.* >
    [2010/09/29 00:18:18 | 000,000,132 | ---- | M] () -- c:\Users\Laptop\AppData\Roaming\wklnhst.dat

    < C:\Program Files\Internet Explorer\iexplore.exe /md5 >
    [2013/11/14 23:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Program Files\Internet Explorer\iexplore.exe

    < MD5 for: SVCHOST.EXE >
    [2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
    [2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < End of report >


  • Registered Users Posts: 840 ✭✭✭jsa112


    it means the infection is respawning, going to need to bring out the big guns


    download and run combofix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    post the log it gives


  • Registered Users Posts: 246 ✭✭sandra_b


    Uhhhh :( It looks very scary.
    Can I keep my browser(s) open while it is running (I want to have that page you posted open)?
    It looks from the manual that it can take a while, is it dangerous of I leave it for tomorrow? I still didn't log to my internet banking, but need to to this evening, is it safe?

    You are so nice for helping me with this, God bless you :)


  • Registered Users Posts: 246 ✭✭sandra_b


    Oh I read the guide again now - it states I should close my browser as well and print the guide.
    I don't have access to printer before Friday, do you think I can leave for 2 days?


  • Registered Users Posts: 840 ✭✭✭jsa112


    you can leave the browser open if ya need to, shouldn't matter too much, no need to print the guide if its too much hassle.

    it should be safe to do internet banking.

    don't worry bout all those guidelines, better to run it now than in 2 days to be honest. should only take 20mins to run it, and is safe


  • Registered Users Posts: 246 ✭✭sandra_b


    Ok :)


  • Registered Users Posts: 840 ✭✭✭jsa112


    Celebrate New Years instead of talking to me :)


  • Registered Users Posts: 246 ✭✭sandra_b


    Hahha, I was thinking the same about you. I have very bad flu, not in celebration mood at all. It is not only laptop that is infected :(

    I wish you very Happy New Year, you have earned a lot of good karma helping others :)


  • Registered Users Posts: 246 ✭✭sandra_b


    Hi Jsa112,

    if you are stil awake I am sending combofix log in the next post :)

    One thing - when it started it asked me to stop AVG. I couldn't find how to do it at the moment (when I am in panic mode my brain stops working).
    Then, when it was at stage 3 I disabled AVG. I hope it is OK and did not ruin anything?


  • Advertisement
  • Registered Users Posts: 246 ✭✭sandra_b


    ComboFix 13-12-31.01 - Laptop 01/01/2014 0:23.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.984.291 [GMT 0:00]
    Running from: c:\users\Laptop\Desktop\ComboFix.exe
    AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-01 to 2014-01-01 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-01 00:40 . 2014-01-01 00:43
    d
    w- c:\users\Laptop\AppData\Local\temp
    2014-01-01 00:40 . 2014-01-01 00:40
    d
    w- c:\users\Default\AppData\Local\temp
    2013-12-31 21:42 . 2013-12-31 21:42 512 ----a-w- C:\PhysicalMBR.bin
    2013-12-31 17:36 . 2013-12-31 17:36
    d
    w- C:\_OTL
    2013-12-31 17:21 . 2013-12-31 20:42
    d
    w- C:\AdwCleaner
    2013-12-30 19:06 . 2013-12-30 19:07
    d
    w- c:\users\Laptop\AppData\Local\dumps
    2013-12-12 00:33 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
    2013-12-12 00:33 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
    2013-12-12 00:33 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
    2013-12-12 00:32 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
    2013-12-12 00:32 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
    2013-12-12 00:32 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
    2013-12-12 00:32 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
    2013-12-12 00:32 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
    2013-12-12 00:31 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
    2013-12-12 00:30 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-10 22:10 . 2012-07-18 20:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-12-10 22:10 . 2011-05-21 16:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-11-10 14:41 . 2012-09-29 10:07 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
    2013-11-05 21:50 . 2013-11-05 21:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
    2013-11-04 21:57 . 2013-11-04 21:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
    2013-10-31 23:00 . 2013-10-31 23:00 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2013-10-31 22:30 . 2013-10-31 22:30 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
    2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
    2013-10-24 22:28 . 2013-10-24 22:28 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
    2013-10-11 02:08 . 2013-11-13 23:47 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
    2013-10-11 02:07 . 2013-11-13 23:47 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2013-10-03 12:45 . 2013-11-13 23:48 297984 ----a-w- c:\windows\system32\gdi32.dll
    2013-10-03 12:45 . 2013-11-13 23:48 993792 ----a-w- c:\windows\system32\crypt32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-17 135680]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-12 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
    "SpareMessaging"="c:\program files\Spare Messaging\MessagingApp.exe" [2007-11-28 42824]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
    "ModemListener"="c:\program files\Mobilni Internet\ModemListener.exe" [2010-07-12 98304]
    "AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjMyNzYyMjI3LVBMKzktWE8zNisxLU4xRCsxLVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUxTRCsyLUREVCsw&prod=90&ver=10.0.1382" [?]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Launch.lnk - c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe [2008-9-12 17542]
    OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_1F0B30F16FFA954160D1AF.exe [2008-9-11 21630]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @=&quot;Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
    path=c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
    backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
    2008-08-06 10:30 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-11-20 18:15 1826816 ----a-w- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-09-12 17:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
    2007-09-13 15:32 222504 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
    2008-01-04 10:02 222504 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-05 21:11 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:11]
    .
    2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:10]
    .
    2014-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:10]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://mail.yahoo.com/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: raiffeisenbank.rs\rol
    DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
    DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
    FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\
    FF - ExtSQL: !HIDDEN! 2010-09-30 21:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
    SafeBoot-WudfPf
    SafeBoot-WudfRd
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2014-01-01 00:43
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    .
    [HKEY_USERS\S-1-5-21-2051435258-2395563607-277202808-1000_Classes\CLSID\{70C06E40-C893-6D47-AA91-8381842D4939}]
    @Denied: (A 4) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    DLLs Loaded Under Running Processes
    .
    - - - - - - - > 'Explorer.exe'(4832)
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    .
    Completion time: 2014-01-01 00:47:31
    ComboFix-quarantined-files.txt 2014-01-01 00:47
    .
    Pre-Run: 87,420,944,384 bytes free
    Post-Run: 87,454,965,760 bytes free
    .
    - - End Of File - - 370100B5B78161CB6F6CCC8FE18CE6CF
    5C616939100B85E558DA92B899A0FC36


Advertisement