Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Trojan found - please help
-
31-12-2013 2:48amHi Jsa112,
I would appreciate VERY MUCH if you could help me to remove viruses from my laptop.
It is old and I should buy a new one, but it will take a while...
It is slow and Firefox keeps crashing (Flash plug in problem) + last week it shows odd date time on start up.
Yesterday, AVG detected Trojan and I run Malwarebytes which removed it.
I did it twice as first time I only removed Trojan, next time I removed all.
Today I run it again and another Trojan was found, which I removed.
I am posting you all 3 logs in the next 3 posts.
I see that someone with the same problem run OTL so I run it as well. I just downloaded it and click "Run Scan" - logs are in the 4th and 5th post.
Thank you so much in advance.0
Comments
-
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org/
Database version: v2013.12.29.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-PC [administrator]
30/12/2013 23:34:49
mbam-log-2013-12-30 (23-34-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210112
Time elapsed: 43 minute(s), 40 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hemxccapeaj.exe (Trojan.VBInject) -> Delete on reboot.
(end)0 -
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org/
Database version: v2013.12.29.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-PC [administrator]
30/12/2013 02:08:01
mbam-log-2013-12-30 (02-08-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208333
Time elapsed: 16 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 12
HKCR\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceFactorIE.PriceGongBHO.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceFactorIE.PriceGongBHO (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceGongIE.PriceGongCtrl.1 (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\PriceGongIE.PriceGongCtrl (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
HKCR\AppID\PriceGongIE.DLL (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PUP.Optional.PriceGong.A) -> Quarantined and deleted successfully.
(end)0 -
Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org/
Database version: v2013.12.29.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Laptop :: LAPTOP-PC [administrator]
30/12/2013 00:17:50
mbam-log-2013-12-30 (00-17-50).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206092
Time elapsed: 31 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PUP.Optional.PriceGong.A) -> No action taken.
Registry Keys Detected: 12
HKCR\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\CLSID\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\PriceFactorIE.PriceGongBHO.1 (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\PriceFactorIE.PriceGongBHO (PUP.Optional.PriceGong.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB} (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\PriceGongIE.PriceGongCtrl.1 (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\PriceGongIE.PriceGongCtrl (PUP.Optional.PriceGong.A) -> No action taken.
HKCR\AppID\PriceGongIE.DLL (PUP.Optional.PriceGong.A) -> No action taken.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)0 -
OTL logfile created on: 31/12/2013 00:56:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
984.18 Mb Total Physical Memory | 287.48 Mb Available Physical Memory | 29.21% Memory free
2.18 Gb Paging File | 0.83 Gb Available in Paging File | 37.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 80.28 Gb Free Space | 58.04% Space Free | Partition Type: NTFS
Drive | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/12/30 23:14:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Downloads\OTL.exe
PRC - [2013/12/15 21:20:57 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/12/15 21:20:56 | 001,771,544 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
PRC - [2013/12/15 21:20:56 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/06/06 21:06:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
PRC - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010/11/16 13:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
PRC - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/06/13 12:06:44 | 000,414,720 | ---- | M] (ODM) -- C:\Program Files\OEM\OSD_1.2\osd.exe
PRC - [2008/05/07 16:19:26 | 006,139,904 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) -- C:\Program Files\OEM\OSD_1.2\OsdService.exe
PRC - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
========== Modules (No Company Name) ==========
MOD - [2013/12/15 21:20:57 | 002,471,448 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/12/15 21:20:57 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\log4cplusU.dll
MOD - [2013/10/19 02:26:18 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/08/15 20:02:40 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/15 19:58:55 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/11 19:42:34 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/06/06 21:06:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Broadband to go\Broadband to go.exe
MOD - [2010/07/12 20:47:40 | 000,098,304 | ---- | M] () -- C:\Program Files\Mobilni Internet\ModemListener.exe
MOD - [2009/04/15 09:32:22 | 000,135,168 | ---- | M] () -- C:\Program Files\Broadband to go\LocaleMgrPlugin.dll
MOD - [2009/04/15 09:31:30 | 000,159,744 | ---- | M] () -- C:\Program Files\Broadband to go\SMSPlugin.dll
MOD - [2009/04/15 09:30:10 | 000,032,768 | ---- | M] () -- C:\Program Files\Broadband to go\NotifyServicePlugin.dll
MOD - [2009/04/15 09:26:14 | 000,057,344 | ---- | M] () -- C:\Program Files\Broadband to go\ConfigFilePlugin.dll
MOD - [2009/04/15 09:24:16 | 000,098,304 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrPlugin.dll
MOD - [2009/04/15 09:20:46 | 000,118,784 | ---- | M] () -- C:\Program Files\Broadband to go\NetInfoPlugin.dll
MOD - [2009/04/15 09:17:36 | 000,086,016 | ---- | M] () -- C:\Program Files\Broadband to go\DialUpPlugin.dll
MOD - [2009/04/15 09:16:22 | 000,159,744 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceMgrUIPlugin.dll
MOD - [2009/04/15 09:06:26 | 000,856,064 | ---- | M] () -- C:\Program Files\Broadband to go\NDISAPI.dll
MOD - [2008/11/08 14:15:44 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\XCodec.dll
MOD - [2008/11/08 14:15:40 | 000,061,440 | ---- | M] () -- C:\Program Files\Broadband to go\DeviceOperate.dll
MOD - [2008/11/08 14:15:34 | 000,151,552 | ---- | M] () -- C:\Program Files\Broadband to go\DetectDev.dll
MOD - [2008/11/08 14:15:28 | 000,552,960 | ---- | M] () -- C:\Program Files\Broadband to go\atcomm.dll
MOD - [2007/11/28 15:43:08 | 000,042,824 | ---- | M] () -- C:\Program Files\Spare Messaging\MessagingApp.exe
MOD - [2007/08/23 15:39:30 | 000,014,848 | ---- | M] () -- C:\Program Files\Broadband to go\isaputrace.dll
MOD - [2007/07/31 14:50:04 | 000,090,112 | ---- | M] () -- C:\Program Files\Broadband to go\FileManager.dll
========== Services (SafeList) ==========
SRV - [2013/12/21 01:26:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/15 21:20:56 | 001,771,544 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0)
SRV - [2013/12/10 22:11:05 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/11/16 13:37:38 | 000,264,704 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/06/17 16:09:02 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\DeviceHelper\DeviceManager.exe -- (DeviceManager)
SRV - [2008/02/22 08:24:28 | 000,094,208 | ---- | M] (TODO: <公司名稱>) [Auto | Running] -- C:\Program Files\OEM\OSD_1.2\OsdService.exe -- (OsdService)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\swumx20.sys -- (SWUMX20)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - [2013/11/10 14:41:57 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/01/13 10:54:18 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2011/01/13 10:54:16 | 000,089,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/01/13 10:54:16 | 000,073,344 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/01/13 10:54:16 | 000,064,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/06/17 16:09:00 | 000,103,552 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qcusbser.sys -- (qcusbser)
DRV - [2009/07/22 16:44:18 | 000,148,992 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumxa3.sys -- (SWUMXA3)
DRV - [2009/07/22 16:44:04 | 000,197,504 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2009/02/17 19:38:12 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2008/12/30 10:57:54 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/12/13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/07/15 08:20:24 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/07/10 10:36:06 | 000,331,776 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2008/05/21 16:46:48 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\directport.sys -- (GpdDevDPort)
DRV - [2008/05/02 13:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/22 18:06:56 | 000,008,192 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\kbfiltr.sys -- (GpdKbFilter)
DRV - [2008/01/21 02:23:26 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007/08/23 10:22:08 | 001,201,312 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI;
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.askaboutmoney.com/forum [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4186E915-6684-410A-A99C-66AF1C7C2FBF}: "URL" = http://search.avg.com/?d=4e04ea29&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7DSGI_en-GBIE398
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={67DB2C4F-1BD0-4C23-B6F8-F82FB2E5F196}&mid=358a021a42c7445281ced87b11c35f73-3be0ba691d70878c46ba264f8cdaedd3a1cfb76e&lang=en&ds=AVG&pr=fr&d=2013-09-25 22:48:34&v=15.4.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..extensions.enabledAddons: %7Bda8bd68d-8e90-41cd-8345-a71b294e72e6%7D:2.0.16.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/21 00:13:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/12/18 23:40:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/21 01:25:35 | 000,000,000 | ---D | M]
[2010/12/27 20:07:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Extensions
[2013/11/05 01:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions
[2011/04/06 19:47:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/08/15 20:57:51 | 000,380,223 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\izer@camelcamelcamel.com.xpi
[2013/11/05 01:45:22 | 000,454,725 | ---- | M] () (No name found) -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\extensions\{da8bd68d-8e90-41cd-8345-a71b294e72e6}.xpi
[2013/12/21 01:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/21 01:25:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/21 01:25:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/12/21 01:25:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/21 01:25:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/12/21 01:25:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/12/21 01:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/21 01:25:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/21 01:26:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/24 20:44:11 | 000,003,715 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Skype Click to Call = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: AVG Secure Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\
CHR - Extension: AVG Secure Search = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\.bak
CHR - Extension: Google Wallet = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ModemListener] C:\Program Files\Mobilni Internet\ModemListener.exe ()
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpareMessaging] C:\Program Files\Spare Messaging\MessagingApp.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: raiffeisenbank.rs ([rol] https in Trusted sites)
O16 - DPF: {73848533-39E1-49F1-9363-28054268C094} https://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll (FileInterface Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} https://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll (SecAPI Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D476B39-5E72-4B60-B1B3-51942DB45C12}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB56C1F-01D1-4F60-907E-B6CEEEAD28B3}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B69C798C-C9E4-4294-9585-642735622220}: NameServer = 212.129.64.220 212.129.64.221
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C401496D-850D-4C25-ABE5-409F1360FD22}: DhcpNameServer = 62.40.32.33 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8B8E3FA-BA28-41C2-B622-4E1C8AD58993}: DhcpNameServer = 192.168.1.1 0.0.0.0
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - \AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/05 00:34:52 | 000,000,047 | R--- | M] () - \AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\Shell\AutoRun\command - "" = \Installer.exe
O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell\AutoRun\command - "" = \WIN\setup.exe
O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/12/30 19:06:12 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\dumps
[2013/12/29 13:03:54 | 000,255,070 | ---- | C] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
[2013/12/21 01:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/12 02:37:46 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 02:37:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 02:37:42 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 02:37:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/12 02:37:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 02:37:39 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 02:37:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/12 02:37:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/12 00:33:05 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013/12/12 00:33:02 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/12 00:33:01 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/12 00:32:46 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/12 00:32:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013/12/12 00:31:47 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/10 10:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2010/11/21 01:03:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Laptop\mbam-setup-1.46.exe
[2010/10/04 00:38:21 | 141,707,952 | ---- | C] (AVG Technologies) -- C:\Users\Laptop\avg_free_x86_all_2011_1120a3152.exe
[2010/10/04 00:29:57 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Laptop\avgremover.exe
[2010/09/30 00:17:30 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\Laptop\ccsetup236.exe
[2010/09/28 23:31:05 | 014,951,776 | ---- | C] (Microsoft Corporation) -- C:\Users\Laptop\word2007-kb974631-fullfile-x86-glb.exe
[2010/09/28 23:04:57 | 019,075,976 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Laptop\SkypeSetupFull.exe
========== Files - Modified Within 30 Days ==========
[2013/12/31 01:05:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/31 00:35:20 | 000,634,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/31 00:35:20 | 000,120,782 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/31 00:27:42 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 00:27:40 | 000,005,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 00:27:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/31 00:26:54 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/12/31 00:26:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/31 00:25:42 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/31 00:17:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/30 00:13:30 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/29 13:03:56 | 000,255,070 | ---- | M] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
[2013/12/29 03:00:00 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2013/12/10 22:10:48 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/10 22:10:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/12/05 21:37:36 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
========== Files Created - No Company Name ==========
[2013/12/30 00:13:30 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/21 00:08:19 | 000,003,714 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2011/07/18 19:53:39 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{BB5C1344-8CEB-4AEB-97D3-4FB026A34D40}
[2011/06/23 22:41:55 | 001,529,005 | ---- | C] () -- C:\Users\Laptop\AVGInstLog.cab
[2011/06/09 23:51:11 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Local\{DBE900B0-FC28-482C-AE85-F8BD909E858D}
[2010/10/24 22:34:24 | 104,347,466 | ---- | C] () -- C:\Users\Laptop\eclipse-java-helios-SR1-win32.zip
[2010/10/05 00:02:40 | 014,501,192 | ---- | C] () -- C:\Users\Laptop\winzip145.exe
[2010/09/29 00:16:50 | 000,000,132 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat
[2010/09/29 00:14:19 | 155,184,736 | ---- | C] () -- C:\Users\Laptop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe
[2010/09/25 16:26:23 | 000,007,680 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >0 -
OTL Extras logfile created on: 31/12/2013 00:56:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
984.18 Mb Total Physical Memory | 287.48 Mb Available Physical Memory | 29.21% Memory free
2.18 Gb Paging File | 0.83 Gb Available in Paging File | 37.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 80.28 Gb Free Space | 58.04% Space Free | Partition Type: NTFS
Drive | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F686817-827A-4DFA-AF19-81C36FC27388}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{21CBE05C-0319-4E98-BF8D-7AA257B69ABF}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{3B4DED64-C94F-4A27-AE93-E6B38A406686}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{3F1CD20C-6E81-4B72-9349-EF848C811427}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{407DB6C9-4DE5-4804-8DA2-D5C46E7DD576}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{487AE651-B21A-48B5-B01B-E321F97B45FF}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{6CD4EEB8-1348-495A-BBB6-907A055D71D0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{766A76AB-DA30-4BAA-B1D7-1CF7AB55B77F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{767BD960-8B8B-427D-A120-43718ECE6987}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{869723A7-0311-48F2-922E-BDC165A0C557}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{8B0787E1-AEAB-4563-9194-2B344D4DF950}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{D9571F73-7711-4AAA-92A2-1904534F687F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{DE041E30-4306-4CBE-B4E4-08A233006137}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1519E84-7C12-49D0-9196-314860169A50}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{E2E90169-84D1-4678-A513-34DA0D40D0C9}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{E406489E-3D9B-4953-AE88-1EADABEF257E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{F27DD36F-E1C4-4322-BDCA-33F0AD586FF8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{F28DF785-9674-49DC-BF6A-0AC26936F103}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"TCP Query User{89D4C546-14D8-42E0-9737-98B4F26665EF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{9574B267-CB2F-47DB-913D-CB4B5BC49860}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=6 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
"UDP Query User{6466B0F2-A3ED-40AB-A688-24B2EA618D90}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{815EC70A-B98E-4FDE-B45F-38DEFC6D0668}C:\program files\huawei technologies\huawei umts data card\3 usb modem.exe" = protocol=17 | dir=in | app=c:\program files\huawei technologies\huawei umts data card\3 usb modem.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{49AEFEAB-A10B-4E8E-B577-2287ACA2B8AF}" = AVG 2014
"{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73289228-1853-4623-982A-EB17FF0270CA}" = OSD_1.2
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C939F015-83C6-432C-B67B-0816AA0B4C17}" = Spare Messaging
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"alotToolbar" = ALOT Toolbar
"AVG" = AVG 2014
"AVG Secure Search" = AVG Security Toolbar
"Broadband to go" = Broadband to go
"CCleaner" = CCleaner
"eircom mobile broadband" = eircom mobile broadband
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Huawei Modems" = Huawei modem
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobilni Internet ALCATEL_is1" = Mobilni Internet
"Mozilla Firefox 26.0 (x86 en-GB)" = Mozilla Firefox 26.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"O2 Broadband" = O2 Broadband
"PriceGong" = PriceGong 2.1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29/12/2013 21:04:06 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 29/12/2013 21:04:06 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 29/12/2013 21:04:07 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 29/12/2013 21:04:07 | Computer Name = Laptop-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 29/12/2013 21:16:10 | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16526, time stamp
0x52855173, faulting module PriceGongIE.dll, version 2.1.0.6, time stamp 0x4baf202a,
exception code 0xc0000005, fault offset 0x000129b7, process id 0x15b0, application
start time 0x01cf04fb3b642b62.
Error - 29/12/2013 22:29:30 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
Description =
Error - 23/04/2008 20:02:52 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
Description =
Error - 30/12/2013 14:59:24 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
Description =
Error - 30/12/2013 17:44:33 | Computer Name = Laptop-PC | Source = Application Error | ID = 1000
Description = Faulting application FlashPlayerPlugin_11_9_900_170.exe, version 11.9.900.170,
time stamp 0x529b79bf, faulting module ntdll.dll, version 6.0.6002.18881, time
stamp 0x51da3e27, exception code 0xc000070a, fault offset 0x0008adc5, process id
0x3f38, application start time 0x01cf05a7337ffb5e.
Error - 30/12/2013 20:09:49 | Computer Name = Laptop-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 26.0.0.5087 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 5a64 Start Time: 01cf05bac482419e Termination Time: 1922
Error - 30/12/2013 20:27:35 | Computer Name = Laptop-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 02/09/2013 15:42:54 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (828.1128)
Error - 02/09/2013 15:42:54 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (828.1129)
Error - 17/09/2013 15:00:15 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (1620.1128)
Error - 17/09/2013 15:00:15 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (1620.1129)
Error - 26/09/2013 22:11:29 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (16768.1128)
Error - 26/09/2013 22:11:29 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (16768.1129)
Error - 02/10/2013 15:37:58 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (2192.1128)
Error - 02/10/2013 15:37:58 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (2192.1129)
Error - 01/11/2013 06:17:23 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3016.1128)
Error - 01/11/2013 06:17:23 | Computer Name = Laptop-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3016.1129)
[ System Events ]
Error - 29/12/2013 21:02:45 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29/12/2013 21:04:16 | Computer Name = Laptop-PC | Source = DCOM | ID = 10010
Description =
Error - 29/12/2013 22:29:30 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 23/04/2008 20:02:53 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30/12/2013 14:59:24 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30/12/2013 15:17:10 | Computer Name = Laptop-PC | Source = DCOM | ID = 10005
Description =
Error - 30/12/2013 15:17:38 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 30/12/2013 15:17:38 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30/12/2013 20:23:26 | Computer Name = Laptop-PC | Source = DCOM | ID = 10010
Description =
Error - 30/12/2013 20:27:37 | Computer Name = Laptop-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >0 -
Advertisement
-
download and run adwcleaner
www.bleepingcomputer.com/download/adwcleaner/
post its log
open OTL copy this into the box
:OTL
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O32 - AutoRun File - [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.) - \AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/05 00:34:52 | 000,000,047 | R--- | M] () - \AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell - "" = AutoRun
O33 - MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell - "" = AutoRun
O33 - MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell - "" = AutoRun
O33 - MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell - "" = AutoRun
O33 - MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\Shell\AutoRun\command - "" = \Installer.exe
O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ced01605-c815-11df-9386-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\Shell\AutoRun\command - "" = \WIN\setup.exe
O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell - "" = AutoRun
O33 - MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell - "" = AutoRun
O33 - MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell - "" = AutoRun
O33 - MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell - "" = AutoRun
O33 - MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = \AutoRun.exe -- [2009/01/20 17:22:18 | 000,126,976 | R--- | M] (Huawei Technologies Co., Ltd.)
[2013/12/29 13:03:54 | 000,255,070 | ---- | C] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
[2013/12/29 13:03:56 | 000,255,070 | ---- | M] (Flash ) -- C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2010/12/18 23:40:06 | 000,000,000 | ---D | M]
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
C:\hemxccapeaj.exe /s
C:\Program Files\PriceGong
C:\bjrwzmzisvc.exe /s
click run fix post the log it gives you0 -
Shell I first run adwcleaner and then OTL "Run Fix"? Do you need log from OTL or adwcleaner? Sorry if this is stupid question, but I am not sure if the order matters
Thank you soooo much!!!!0 -
yes do adwcleaner first then otl, then post both their logs that they give you0
-
Adw log is below (I clicked Scan, should I do Clean as well)?
I am going to run OTL now and post the log when it completes.
# AdwCleaner v3.016 - Report created 31/12/2013 at 17:23:08
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v26.0 (en-GB)
[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]0 -
This is OTL log after restart:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
C:\Program Files\alot\bin\BHO\alotBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
C:\Program Files\alot\bin\alot.dll moved successfully.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
File move failed. \AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe0c-9fd5-11e0-af22-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006cfe17-9fd5-11e0-af22-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00d35687-ca62-11df-b236-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00d35687-ca62-11df-b236-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00d35687-ca62-11df-b236-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{026fa62d-b753-11e2-9a2b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6508-1eb0-11e0-ac9f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff6514-1eb0-11e0-ac9f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02ff651e-1eb0-11e0-ac9f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0e8-6491-11e0-9ebf-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f0f4-6491-11e0-9ebf-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0695f100-6491-11e0-9ebf-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0939b2a7-1ea5-11e0-bf25-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267a0-03ee-11e1-a00d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267af-03ee-11e1-a00d-001e101fabdd}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a2267ba-03ee-11e1-a00d-001e101faa49}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f52-6489-11e0-aa1e-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f5d-6489-11e0-aa1e-001e101fb45e}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f68-6489-11e0-aa1e-001e101f3315}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0eec8f72-6489-11e0-aa1e-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bb6883b-1eaf-11e0-9f2a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{242ead3e-c14d-11e0-8d03-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b887-1e99-11e0-8ac3-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2539b894-1e99-11e0-8ac3-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4be-648f-11e0-8efe-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38a8b4cd-648f-11e0-8efe-001e101f50a4}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b537968-648c-11e0-aa37-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac59f-03f8-11e1-a3d7-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{465ac5ae-03f8-11e1-a3d7-001e101f1ed9}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4663489c-2e4a-11e0-bee8-001e101fe5e1}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348ce-2e4a-11e0-bee8-001e101faa49}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348e9-2e4a-11e0-bee8-001e101fabdd}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{466348fc-2e4a-11e0-bee8-001e101f8ed0}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{481150ce-f174-11e1-bd4f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a301b-1ea7-11e0-a36d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499a3028-1ea7-11e0-a36d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1204-b756-11e2-9325-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f0b1211-b756-11e2-9325-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f11b-1e9f-11e0-868b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f12a-1e9f-11e0-868b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69c5f13e-1e9f-11e0-868b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d5406ec-19cd-11e0-b0f2-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f33813a-d847-11df-95d3-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76c69f10-f14f-11e1-acaa-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a08-1eb3-11e0-983e-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7b1b5a12-1eb3-11e0-983e-00030db35011}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c58bfa6-b758-11e2-ab1c-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fde9661-f508-11e0-91fb-001e101f9ae7}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83acca52-c2bf-11e0-99d8-001e101f8aaa}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8520ea88-ceea-11e2-afd9-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{886c06e8-ceed-11e2-8c5f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96057f-c733-11df-b684-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96057f-c733-11df-b684-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96057f-c733-11df-b684-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96059c-c733-11df-b684-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e96059c-c733-11df-b684-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e96059c-c733-11df-b684-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9546dc9b-1e9b-11e0-a353-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d6fdf07-b75d-11e2-837a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a0f44d0c-c6fb-11df-9e95-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0f44d0c-c6fb-11df-9e95-00030db35011}\ not found.
File \Installer.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9206c55-d7e6-11df-906a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e906d-f16b-11e1-b698-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a97e9089-f16b-11e1-b698-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae939764-ca5f-11df-8d58-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65bfd26-1e9c-11e0-8f17-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1eb538c-0a4a-11e1-ae4d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68188af-898b-11e0-a223-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68188af-898b-11e0-a223-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68188af-898b-11e0-a223-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cd53c7fd-219e-11e0-b785-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced015f1-c815-11df-9386-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced015f1-c815-11df-9386-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced015f1-c815-11df-9386-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced01605-c815-11df-9386-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced01605-c815-11df-9386-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ced01605-c815-11df-9386-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ced01605-c815-11df-9386-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf18804f-1ea1-11e0-873f-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf188061-1ea1-11e0-873f-00030db35011}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d31bb189-20a9-11e0-a59d-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d950778e-b750-11e2-a81a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9507797-b750-11e2-a81a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d981389f-a741-11e0-a149-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d981389f-a741-11e0-a149-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d981389f-a741-11e0-a149-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daa3ba7c-2336-11e0-968f-00030db35011}\ not found.
File \WIN\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbb9899d-c12f-11e0-826b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69002-c2bb-11e0-94fd-001e101f534f}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe69011-c2bb-11e0-94fd-001e101f82a7}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbe6901b-c2bb-11e0-94fd-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dbfb9308-4c41-11e1-b324-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc7565bf-6e7c-11e0-8ddd-001e101f82a0}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25831f-03f4-11e1-adaa-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd25832f-03f4-11e1-adaa-001e101f8aaa}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb380-03df-11e1-ad9a-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e78bb38f-03df-11e1-ad9a-001e101f1f81}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa39f-03e2-11e1-b34b-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb6aa3ae-03e2-11e1-b34b-001e101fabdd}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd20-03f0-11e1-93d0-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd2f-03f0-11e1-93d0-001e101f8924}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eca2cd3a-03f0-11e1-93d0-001e101f2500}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ef7630be-c1f4-11e0-93bd-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3e878bf-7c08-11e0-97ef-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff0d77f-9853-11e0-ac68-00030db35011}\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File move failed. \AutoRun.exe scheduled to be moved on reboot.
C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe moved successfully.
File C:\Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\ not found.
C:\Program Files\PriceGong\2.1.0\FF\content folder moved successfully.
C:\Program Files\PriceGong\2.1.0\FF\components folder moved successfully.
C:\Program Files\PriceGong\2.1.0\FF folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
User: Laptop
->Temp folder emptied: 448227 bytes
->Temporary Internet Files folder emptied: 232584155 bytes
->Java cache emptied: 1237443 bytes
->FireFox cache emptied: 130934024 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 9362 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10170274 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 358.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Laptop
->Flash cache emptied: 492 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Laptop
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < C:\hemxccapeaj.exe /s> in the current context!
Error: Unable to interpret < C:\Program Files\PriceGong> in the current context!
Error: Unable to interpret < C:\bjrwzmzisvc.exe /s> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 12312013_173650
Files\Folders moved on Reboot...
File\Folder \AutoRun.exe not found!
File\Folder \AUTORUN.INF not found!
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZC0PGFTE\envelope1[1].eot moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KU09T2\pool_distilled_ie[11].htm moved successfully.
File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5KU09T2\showthread[2].htm not found!
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XQQ379GX\xframe-proxy_20130927[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\12[3].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\pool_distilled_ie[6].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OPJ37KOD\showthread[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LE6BPX6T\ai[3].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EU2ENB4T\mail-ltr6[1].eot moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DXL1YJTD\st[1] moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\ai[4].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\ai[5].htm moved successfully.
File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\facebook_com[1].htm not found!
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\pool_distilled_ieCA9IISWB.htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\pool_distilled_ieCARICNHK.htm moved successfully.
File\Folder C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CLBOTGJ6\push[1].htm not found!
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\fc[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\r-csc[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\54HL3KDW\r-sf[1].htm moved successfully.
C:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2K6MDFGJ\xframe-proxy_20130927[1].htm moved successfully.
File move failed. C:\Windows\temp\avg_secure_search.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...0 -
Advertisement
-
I don't know if it is relevant - there are some errors in the log about / files not found.
/ is the drive when I run my broadband dongle, and it is not connected on start up. It was running during scan though.
Happy New Year to you!
Do you think it is safe to log in to internet banking?0 -
yeah let adwcleaner clean anything it finds.
don't worry bout the \ drive thing.
yep should be fine to do internet banking
just one more thing, do you have the avg log from when it found something ?0 -
Hi jsa112,
I'll scan and clean with adwcleaner again. I'll post you that log later this evening.
I can't find log from AVG, there is only "Reports" tab with update logs. I'll google or look in help to find if it is hidden somewhere.
Thank you0 -
Hi again,
I managed to find something in AVG. These are not log files, but I got them in History and did "Export" to text files. There were 4 trojans:
Trojan1:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
Trojan2:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
Trojan3:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
Trojan4:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"0 -
open OTL click the none button at the very top, then copy and paste this into the box
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
SaveMBR:0
createrestorepoint
%systemroot%\*. /mp /s
C:\*.*
showhidden
c:\Users\Laptop\AppData\Roaming\*.*
C:\Program Files\Internet Explorer\iexplore.exe /md5
/md5start
svchost.exe
/md5stop
click run scan post the log it gives0 -
Ok, I'll do that now.
I have just run adwcleaner, do you want to see logs from scan and clean?
I noticed it removed AVG secure search from Firefox. Why is that? I thought AVG is "safe" (although I can't remember how I installed it, it was probably always there )0 -
yeah post all logs I ask for. AVG installed some crap toolbar thats why it got removed.0
-
Hi Jsa112,
during OTL scan AVG has detected trojan again and I clicked an option to remove it. Is it OK, should I have ignored it? What does it mean, is it "false" alarm?
I am posting 3 logs in the bext 3 posts - adwcleaner scan, adwcleaner clean and the latest OTL scan.
Here is report from AVG when it found Trojan during otl.exe:
Resident Shield Results
"Threat Name" "Result" "Detection Time" "Object Type" "Process"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\tfoqktardtf.exe" "Secured" "29/12/2013, 22:49:18" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SJZK9F39\svchost[1].exe" "Secured" "29/12/2013, 22:49:41" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Roaming\mwpyvtnsdug.exe" "Secured" "30/12/2013, 22:02:05" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse Dropper.Generic9.JDV, c:\Users\Laptop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0TBQQNC7\svchost[1].exe" "Secured" "30/12/2013, 22:02:31" "File or Directory" "C:\Program Files\Internet Explorer\iexplore.exe"
"Trojan horse BackDoor.Generic18.ENR, c:\_OTL\MovedFiles\12312013_173650\C_Users\Laptop\AppData\Roaming\bjrwzmzisvc.exe" "Secured" "31/12/2013, 22:02:08" "File or Directory" "C:\Users\Laptop\Downloads\OTL.exe"0 -
adwcleaner scan log:
# AdwCleaner v3.016 - Report created 31/12/2013 at 20:40:05
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v26.0 (en-GB)
[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1071 octets] - [31/12/2013 17:23:08]
AdwCleaner[R1].txt - [993 octets] - [31/12/2013 20:40:05]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1052 octets] ##########0 -
adwcleaner clean log:
# AdwCleaner v3.016 - Report created 31/12/2013 at 20:42:30
# Updated 23/12/2013 by Xplode
# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Username : Laptop - LAPTOP-PC
# Running from : C:\Users\Laptop\Downloads\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\PriceGong
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Laptop\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Laptop\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Laptop\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Laptop\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\alot
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
-\\ Mozilla Firefox v26.0 (en-GB)
[ File : C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
-\\ Google Chrome v31.0.1650.63
[ File : C:\Users\Laptop\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1071 octets] - [31/12/2013 17:23:08]
AdwCleaner[R1].txt - [1132 octets] - [31/12/2013 20:40:05]
AdwCleaner[S0].txt - [7855 octets] - [31/12/2013 20:42:30]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7915 octets] ##########0 -
Advertisement
-
OTL log:
OTL logfile created on: 31/12/2013 21:40:04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Laptop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
984.18 Mb Total Physical Memory | 75.26 Mb Available Physical Memory | 7.65% Memory free
2.18 Gb Paging File | 1.07 Gb Available in Paging File | 49.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 82.60 Gb Free Space | 59.72% Space Free | Partition Type: NTFS
Drive | 25.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive S: | 1.46 Gb Total Space | 1.30 Gb Free Space | 88.83% Space Free | Partition Type: NTFS
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: UpdateP2GShortCut - hkey= - key= - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Custom Scans ==========
< %systemroot%\*. /mp /s >
< C:\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 02:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/02/06 16:51:27 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/12/31 21:31:26 | 1032,740,864 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/31 21:31:23 | 1346,555,904 | -HS- | M] () -- C:\pagefile.sys
[2013/12/31 21:42:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2010/12/18 23:40:02 | 000,005,892 | ---- | M] () -- C:\scramble.log
[2010/10/15 18:16:05 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013/12/31 20:44:33 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010/09/19 17:33:28 | 000,000,000 | -H-D | M] -- C:\Applications\OEM
[2011/04/11 23:42:05 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/10/24 09:25:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2010/10/30 15:14:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser
[2010/10/30 15:14:18 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\CLUpdater\YouCam\1.00
[2010/10/30 15:14:15 | 000,000,000 | -H-D | M] -- C:\ProgramData\CyberLink\EvoParser\YouCam\1.00
[2006/11/02 12:37:34 | 000,000,000 | RH-D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[2006/11/02 13:02:03 | 000,000,000 | RH-D | M] -- C:\Users\Default
[2006/11/02 11:18:34 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2010/09/19 17:33:44 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData
[2010/10/04 12:35:32 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
[2010/10/04 12:39:36 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
[2010/09/23 17:07:13 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Media Player\Art Cache
[2010/09/19 17:34:33 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn
[2010/10/15 11:42:25 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn1
[2011/01/13 01:29:34 | 000,000,000 | RH-D | M] -- C:\Users\Laptop\AppData\Local\Microsoft\Windows\Burn\Burn2
[2010/11/09 00:18:17 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\CyberLink\MediaCache
[2010/09/23 18:53:21 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\CyberLink\MediaCache\Power2Go
[2011/05/27 22:14:25 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
[2010/10/04 12:38:51 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\IETldCache\Low
[2010/10/04 12:39:17 | 000,000,000 | -H-D | M] -- C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
[2013/12/30 00:13:30 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2006/11/02 10:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg
[2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\Power2Go
[2008/09/12 17:47:27 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{397A21FB-EADF-4116-9027-32B8FA04C3E2}\Version\5.50
[2010/09/23 18:53:05 | 000,000,000 | -H-D | M] -- C:\Users\Public\CyberLink\OLReg\HKEY_CLASS_ROOT\CLSID\{E303BA32-9368-4a3c-AE3A-AFDADCBDE48B}\Version\1.00
[2012/12/26 20:47:54 | 000,000,000 | -H-D | M] -- C:\Users\Public\Recorded TV\TempRec
[2006/11/02 11:18:34 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData
[2008/09/12 17:37:58 | 000,000,000 | -H-D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData
< c:\Users\Laptop\AppData\Roaming\*.* >
[2010/09/29 00:18:18 | 000,000,132 | ---- | M] () -- c:\Users\Laptop\AppData\Roaming\wklnhst.dat
< C:\Program Files\Internet Explorer\iexplore.exe /md5 >
[2013/11/14 23:18:24 | 000,757,488 | ---- | M] (Microsoft Corporation) MD5=43E6F2A7FB182F2D7CB0CE5B8F1005CF -- C:\Program Files\Internet Explorer\iexplore.exe
< MD5 for: SVCHOST.EXE >
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 02:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< End of report >0 -
it means the infection is respawning, going to need to bring out the big guns
download and run combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
post the log it gives0 -
Uhhhh It looks very scary.
Can I keep my browser(s) open while it is running (I want to have that page you posted open)?
It looks from the manual that it can take a while, is it dangerous of I leave it for tomorrow? I still didn't log to my internet banking, but need to to this evening, is it safe?
You are so nice for helping me with this, God bless you0 -
Oh I read the guide again now - it states I should close my browser as well and print the guide.
I don't have access to printer before Friday, do you think I can leave for 2 days?0 -
you can leave the browser open if ya need to, shouldn't matter too much, no need to print the guide if its too much hassle.
it should be safe to do internet banking.
don't worry bout all those guidelines, better to run it now than in 2 days to be honest. should only take 20mins to run it, and is safe0 -
Ok0
-
Celebrate New Years instead of talking to me0
-
Hahha, I was thinking the same about you. I have very bad flu, not in celebration mood at all. It is not only laptop that is infected
I wish you very Happy New Year, you have earned a lot of good karma helping others0 -
Hi Jsa112,
if you are stil awake I am sending combofix log in the next post
One thing - when it started it asked me to stop AVG. I couldn't find how to do it at the moment (when I am in panic mode my brain stops working).
Then, when it was at stage 3 I disabled AVG. I hope it is OK and did not ruin anything?0 -
Advertisement
-
ComboFix 13-12-31.01 - Laptop 01/01/2014 0:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.353.1033.18.984.291 [GMT 0:00]
Running from: c:\users\Laptop\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2013-12-01 to 2014-01-01 )))))))))))))))))))))))))))))))
.
.
2014-01-01 00:40 . 2014-01-01 00:43
d
w- c:\users\Laptop\AppData\Local\temp
2014-01-01 00:40 . 2014-01-01 00:40
d
w- c:\users\Default\AppData\Local\temp
2013-12-31 21:42 . 2013-12-31 21:42 512 ----a-w- C:\PhysicalMBR.bin
2013-12-31 17:36 . 2013-12-31 17:36
d
w- C:\_OTL
2013-12-31 17:21 . 2013-12-31 20:42
d
w- C:\AdwCleaner
2013-12-30 19:06 . 2013-12-30 19:07
d
w- c:\users\Laptop\AppData\Local\dumps
2013-12-12 00:33 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-12 00:33 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-12 00:33 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 00:32 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 00:32 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 00:32 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 00:32 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 00:32 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-12 00:31 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 00:30 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-10 22:10 . 2012-07-18 20:08 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-10 22:10 . 2011-05-21 16:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-10 14:41 . 2012-09-29 10:07 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-11-05 21:50 . 2013-11-05 21:50 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 21:57 . 2013-11-04 21:57 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-31 23:00 . 2013-10-31 23:00 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-10-31 22:30 . 2013-10-31 22:30 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-24 22:28 . 2013-10-24 22:28 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-10-11 02:08 . 2013-11-13 23:47 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07 . 2013-11-13 23:47 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-03 12:45 . 2013-11-13 23:48 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45 . 2013-11-13 23:48 993792 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-17 135680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-12 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SpareMessaging"="c:\program files\Spare Messaging\MessagingApp.exe" [2007-11-28 42824]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"ModemListener"="c:\program files\Mobilni Internet\ModemListener.exe" [2010-07-12 98304]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-11-07 4956176]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNjMyNzYyMjI3LVBMKzktWE8zNisxLU4xRCsxLVFJWDErNC1YMjAxMCsyLUZMMTArMS1MSUMrODgtU1AxKzEtU1AxVEIrMS1TUDFTMisxLVNVRCsxLVMxSSsxLVNVMysxLUxTRCsyLUREVCsw&prod=90&ver=10.0.1382" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launch.lnk - c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe [2008-9-12 17542]
OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_1F0B30F16FFA954160D1AF.exe [2008-9-11 21630]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 20:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-08-06 10:30 20480 ----a-w- c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 18:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-09-12 17:29 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 15:32 222504 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GShortCut]
2008-01-04 10:02 222504 ----a-w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 21:11 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 22:11]
.
2013-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:10]
.
2014-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-28 23:10]
.
.
Supplementary Scan
.
uStart Page = hxxp://mail.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=DSGI&bmod=DSGI
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Trusted Zone: raiffeisenbank.rs\rol
DPF: {73848533-39E1-49F1-9363-28054268C094} - hxxps://rol.raiffeisenbank.rs/RetailDLL/FSINT9.dll
DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://rol.raiffeisenbank.rs/RetailDLL/EBCSCC2a.dll
FF - ProfilePath - c:\users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\8bfdnkt5.default\
FF - ExtSQL: !HIDDEN! 2010-09-30 21:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ROC_ROC_NT - c:\program files\AVG Secure Search\ROC_ROC_NT.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-01 00:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
LOCKED REGISTRY KEYS
.
[HKEY_USERS\S-1-5-21-2051435258-2395563607-277202808-1000_Classes\CLSID\{70C06E40-C893-6D47-AA91-8381842D4939}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
DLLs Loaded Under Running Processes
.
- - - - - - - > 'Explorer.exe'(4832)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
Completion time: 2014-01-01 00:47:31
ComboFix-quarantined-files.txt 2014-01-01 00:47
.
Pre-Run: 87,420,944,384 bytes free
Post-Run: 87,454,965,760 bytes free
.
- - End Of File - - 370100B5B78161CB6F6CCC8FE18CE6CF
5C616939100B85E558DA92B899A0FC360
Advertisement