MalwareTips.com
Current time: 05-22-2013, 09:59 PM
Hello,is this your first visit?! If NOT use this login panel!
Nick:  
Password:     
If YES, you should join
our amazing community!
Create an account!
Follow us
Facebook MalwareTips.com Twitter MalwareTips.com Google Plus MalwareTips.com
  • Portal
    Home
  • News
    Headlines
  • Forums
    Community
  • Tutorials
    How-to's
  • Malware Help
    Assistance
    • Removal assistance
    • Malware removal guides
    • Security wizard
  • Reviews
    Products review
    • Video reviews
    • Written reviews
  • Giveaways
    Free stuff
    • Giveaways and promo
    • Discounts
    • Desktop enhancements
  • Malware Hub
    Virus Pipe
    • Virus Exchange
    • Virus List
  • Blogs
    Research
User Control Panel View New Posts View Today's Posts House Rules

MalwareTips.com / Malware Removal and Prevention Services / Malware Removal Assistance v
« Previous 1 ... 11 12 13 14 15 ... 20 Next »
/ Win 7 Defender removal
Tweet
Post Reply 
Threaded Mode | Linear Mode
Win 7 Defender removal
12-23-2012, 05:33 PM
Post: #1
jrossite Offline
New member (Level 1)
 		Posts: 1
Joined: Dec 2012
Kudos 0
Win 7 Defender removal
Operating system: Windows 7 Home Premium
Architecture: 64 bit
Antivirus software and on-demand scanners on this system : Norton PC Checkup 3.0, Spybot search Malwarebytes Anti-Malware. I can't tell you the last time I ran them...not recently enough. They may have even expired. I have pop-ups blocked and do not go to unknown sites often.
OTL log is not from the infected machine:
OTL logfile created on: 12/23/2012 8:57:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jill\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.36% Memory free
6.18 Gb Paging File | 4.71 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445.61 Gb Total Space | 346.98 Gb Free Space | 77.87% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 15.23 Gb Free Space | 76.15% Space Free | Partition Type: NTFS

Computer Name: JILL-PC | User Name: Jill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jill\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Dell\Dell Photo P703w AIO Printer\Printer\Center\dlSvc.exe (Dell Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\DLKAMUI.exe (Dell Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec4​51da0e6d4e\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be2​93b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3f​f176465127\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f985851968721​95e009\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f1​3fc59804\mscorlib.ni.dll ()
MOD - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
SRV - (KodakSvc) -- C:\Program Files\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company)
SRV - (dlSvc) -- C:\Program Files\Dell\Dell Photo P703w AIO Printer\Printer\Center\dlSvc.exe (Dell Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Dell Network Discovery Service) -- C:\Program Files\Dell\Dell Photo P703w AIO Printer\Printer\Device\DLDiscovery.exe (Dell)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_1a0d9ac6\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTe...urceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/searc...archTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://hotmail.com/http://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={s...-SearchBox
IE - HKCU\..\SearchScopes\{2A696BCE-44CF-45a4-B905-59CDFA08531A}: "URL" = http://del.icio.us/search/?fr=del_icio_u...}&type=all
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTe...1I7ADBR_en
IE - HKCU\..\SearchScopes\{91B72A84-FB6D-4E29-8568-FFDB68677330}: "URL" = http://www.google.com/search?q={searchTe...lz=1I7ADBR
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&...te=us&nt=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jill\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/16 18:50:10 | 000,000,000 | ---D | M]

[2009/11/30 21:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill\AppData\Roaming\Mozilla\Extensions
[2008/12/25 19:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/11/30 21:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jill\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{g​oogle:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Jill\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Jill\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

O1 HOSTS File: ([2011/08/16 14:12:21 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DLKAStatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\DLKAMUI.exe (Dell Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Jill\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shock...tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAsset...ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4D97131-5CC5-4526-94DB-F4D48E9A825B}: DhcpNameServer = 10.184.5.136 10.184.5.137 10.184.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F26BE02A-2884-40DD-88D9-03420A7636D1}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ee8e990-747b-11df-a9be-00219bd8fc22}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee8e990-747b-11df-a9be-00219bd8fc22}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{ea2411f8-d1de-11dd-b007-00219bd8fc22}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/23 08:05:49 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/23 08:05:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/15 03:09:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/12/15 03:09:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/12/15 03:09:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/12/15 03:09:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/12/15 03:09:45 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/12/15 03:09:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/12/15 03:09:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/12/15 03:09:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/12/15 03:05:38 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2012/12/15 03:05:34 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll
[2012/12/15 03:05:33 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2012/12/15 03:05:33 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2012/12/15 03:05:32 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2012/12/15 03:05:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2012/12/14 15:43:16 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/12/14 15:42:42 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012/12/14 15:42:42 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2012/12/14 15:42:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

========== Files - Modified Within 30 Days ==========

[2012/12/23 09:05:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8B84C02F-95D5-48BD-A8ED-569E40579F20}.job
[2012/12/23 08:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/23 08:28:04 | 000,607,656 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/23 08:28:04 | 000,105,264 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/23 08:23:51 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/23 08:23:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 08:23:36 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/23 08:23:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/23 08:23:02 | 000,388,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/23 08:22:15 | 3211,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/23 08:12:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/23 08:05:17 | 104,095,949 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/12/20 18:20:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2106158024-3476827084-2602108575-1000UA.job
[2012/12/20 18:20:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2106158024-3476827084-2602108575-1000Core.job
[2012/12/16 18:50:11 | 000,000,832 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2012/12/16 05:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/16 02:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/14 15:52:54 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/12/14 15:52:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/14 15:27:24 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/29 15:50:26 | 000,480,638 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm

========== Files Created - No Company Name ==========

[2012/12/15 03:05:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/15 03:05:46 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/04/27 15:59:08 | 000,000,680 | ---- | C] () -- C:\Users\Jill\AppData\Local\d3d9caps.dat
[2012/02/13 14:57:29 | 000,208,896 | ---- | C] () -- C:\Windows\System32\HPPAPR01.DLL
[2012/02/13 14:57:29 | 000,000,508 | ---- | C] () -- C:\Windows\System32\HPPAPR01.DAT
[2011/03/02 10:34:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/20 09:31:41 | 000,000,122 | ---- | C] () -- C:\Users\Jill\webct_upload_applet.properties
[2010/06/01 11:07:21 | 000,061,224 | ---- | C] () -- C:\Users\Jill\GoToAssistDownloadHelper.exe
[2009/05/17 15:39:35 | 000,014,848 | ---- | C] () -- C:\Users\Jill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/22 13:36:03 | 000,000,382 | ---- | C] () -- C:\Users\Jill\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 09:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 22:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 22:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/11/12 15:42:10 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Amazon
[2011/02/23 15:50:40 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\AVG10
[2010/12/08 19:37:09 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Delicious IE Extension
[2012/01/23 09:12:00 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\HorizonWimba
[2010/06/01 09:55:43 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Leadertech
[2011/08/16 10:40:52 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\LimeWire
[2010/06/06 11:38:39 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Temp
[2008/11/22 13:36:16 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\Template
[2008/12/25 19:25:46 | 000,000,000 | ---D | M] -- C:\Users\Jill\AppData\Roaming\TomTom

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 12/23/2012 8:57:35 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jill\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 61.36% Memory free
6.18 Gb Paging File | 4.71 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445.61 Gb Total Space | 346.98 Gb Free Space | 77.87% Space Free | Partition Type: NTFS
Drive D: | 19.99 Gb Total Space | 15.23 Gb Free Space | 76.15% Space Free | Partition Type: NTFS

Computer Name: JILL-PC | User Name: Jill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\FirewallRules]
"{09EB1EF9-DD2B-4B3B-AA9D-ACB8883DF622}" = lport=9223 | protocol=6 | dir=in | name=dldiscovery |
"{0C96629B-DA37-4D65-B934-042B2D1F2769}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{177D0345-1037-4845-AAC2-2AC538C2A91C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{1A358937-8002-44F4-B349-9F754F260F65}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{2267D599-8A78-4890-B7EC-8839FD9ED498}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{339769F6-4F1F-44A1-8F38-964168AC9B29}" = lport=9222 | protocol=6 | dir=in | name=dldiscovery |
"{3A9DD6DB-137D-40CF-975C-20B3A0454AFB}" = lport=9323 | protocol=6 | dir=in | name=ekdiscovery |
"{72E0CB5F-DE11-4752-90ED-BF88F274AA15}" = lport=9222 | protocol=6 | dir=in | name=dldiscovery |
"{D9F923BC-CD41-458D-8907-729D7633DB41}" = lport=9223 | protocol=6 | dir=in | name=dldiscovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir​ewallPolicy\FirewallRules]
"{02F67D99-5321-41E9-A7F8-0A55E71C7773}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{08F5EAE5-B82F-4C70-AC79-689CDADD7D9D}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{0BF69C88-8E8E-423C-AFDD-0BCE63B56F80}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1512DC2E-0BD0-49B8-B9BF-F0A684E12414}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{18B0167B-8153-4140-834D-91556E1EBDE2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1E932562-C5DC-42BD-B1D1-B52BBFDEB205}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{2065CCF5-DE72-4374-A210-CE1D4AFB8E51}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{243D70EB-8547-46C2-B59C-91364023E67E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{2AC7E14C-75BB-49C2-B0CD-CF5163AA9A32}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{38359A74-8553-4A23-95A4-FEB3DFCB3196}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3947A4AC-D1D5-49A5-8C64-0ACD30259F90}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{3DB7D7DE-D954-4472-AD28-F7CF79062D2C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3E0F1C7A-EC10-42CD-91DD-E8F9B9DB6F01}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{493EB447-AB5A-4CFE-B932-02EFABE71325}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{53D37292-7B94-4AD5-A906-17F40B8A7753}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{63783EC6-47EB-4FF4-9A21-629BB6A5161A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{64CE4299-6711-4E13-A4AB-83B53F112F91}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{67484AC2-3FAB-4AFA-BE83-DDEBE659F549}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{8C7D633B-294A-44E7-9EB1-3227D382DC39}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{99421E85-5881-4313-AEDD-1749EF6CE4E5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A2C6F5BF-37E6-4116-AC29-A81306709A50}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{A7628187-34AD-4AA3-A70F-447DBFEE6422}" = dir=in | app=c:\users\jill\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A7934A09-5C69-40EE-86F3-59F1111506DC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BBA11876-836B-4606-BD2C-14A405441B41}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C238D709-99BD-41BD-90B3-6C79C67CA661}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{C73EF25D-41B2-42B9-9930-9899D248FC16}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{CAF15606-39AD-48EA-B0B9-44357EA61F21}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D16B1F05-5CD2-4816-ADBC-EC86A745C05A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D851AEE2-54A0-407D-8395-40A2406083F8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{F5DFDEFA-86A9-4881-B5E7-81828BE84D15}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F8103E06-655E-4128-B93C-BF75FFE0F78F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA1C8F28-07FA-4D56-BF98-DE6692AC20A2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{669F143A-3C03-475F-8286-23D9AF82E63C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{67762BE6-25F8-452C-81F1-D001DD58D6CE}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{C0741159-A94E-4155-AE16-36FBD2E80913}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |
"UDP Query User{4812E677-7FFE-4447-B6C8-628D4B482E25}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BF5A3F45-6E96-4D0E-9F77-9A9EA605FC62}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{CC8D42C6-82AC-4CBC-B49D-C197B6C234E0}C:\program files\java\jre1.6.0_05\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_05\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{074AED0D-DD1C-432A-B38D-F8733604033F}" = aioscnnr
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{15861CC0-77F6-474B-B469-EEF420BB5718}" = center
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17E62CCD-5CE8-4E25-9519-C4A3ACEA89A1}" = aioscnnr
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26D71432-1FD1-4271-902D-052E3DF490FD}" = aiofw
"{277B62C4-4BFD-4BA1-B66A-6D15A37A2AC5}" = aioocr
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31C12645-6029-4DBE-BEC0-C1F7E9855097}" = ksDIP
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{49C8076B-B7E1-4C90-83CE-DF24FE501EBC}" = aioprnt
"{55115B99-1B96-479E-AFD6-CE17FC9F94B5}" = AVG 2011
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{575EE68A-13DD-4BF7-BB30-661583816615}" = Dell Photo P703w WiFi Config Utility
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58CD6991-1426-4E32-8B24-1C1D4FB629D8}" = Pazzles Inspiration Studio
"{59B73DDC-593A-4D02-B9CA-1D8C9F912324}" = aioprnt
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BFB956C-3AB9-492A-9E91-5D8C87DCC598}" = Paint.NET v3.5.1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98570C14-E7BF-4BC2-BB8A-D997E56F3684}" = AVG 2011
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A550E5A4-F1FE-A40E-7E3C-3AA214E95DD3}" = FlipShare
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3B9DF7D-1296-4254-9DC7-1AC1C9185237}" = helpug
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DB2E7FC7-631A-4CE4-94A3-FF8198CF3032}" = Pazzles Inspiration Studio
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{DF56288E-E66B-4F3F-81FE-03AE4F63F049}" = Dell Photo P703w AIO Printer
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F335EAD6-9B90-4AEC-BBE6-CC8FE4AF69C4}" = Help_CTR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AVG" = AVG 2011
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 1.99.1
"HTC_WModemDriver" = WModem Driver Installer
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Dell Touchpad
"TomTom HOME" = TomTom HOME 2.5.2.60

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/8/2012 7:47:46 PM | Computer Name = Jill-PC | Source = Google Update | ID = 20
Description =

Error - 12/8/2012 7:48:02 PM | Computer Name = Jill-PC | Source = Google Update | ID = 20
Description =

Error - 12/9/2012 1:41:05 PM | Computer Name = Jill-PC | Source = Google Update | ID = 20
Description =

Error - 12/9/2012 11:27:16 PM | Computer Name = Jill-PC | Source = Google Update | ID = 20
Description =

Error - 12/13/2012 11:15:36 PM | Computer Name = Jill-PC | Source = Google Update | ID = 20
Description =

Error - 12/14/2012 7:21:02 PM | Computer Name = Jill-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/15/2012 7:29:50 AM | Computer Name = Jill-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/16/2012 10:46:08 PM | Computer Name = Jill-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 135c Start Time: 01cddc000c381870 Termination Time: 47

Error - 12/17/2012 1:30:29 PM | Computer Name = Jill-PC | Source = Google Update | ID = 20
Description =

Error - 12/23/2012 12:01:53 PM | Computer Name = Jill-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/23/2012 12:23:57 PM | Computer Name = Jill-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 5/26/2009 3:33:18 PM | Computer Name = Jill-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/20/2009 9:58:50 PM | Computer Name = Jill-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/26/2009 9:43:12 PM | Computer Name = Jill-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2010 6:34:04 PM | Computer Name = Jill-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 7/5/2010 12:40:35 AM | Computer Name = Jill-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 12/9/2012 1:41:20 PM | Computer Name = Jill-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 12/15/2012 7:09:06 AM | Computer Name = Jill-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/15/2012 7:09:06 AM | Computer Name = Jill-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/15/2012 7:29:50 AM | Computer Name = Jill-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/15/2012 7:29:50 AM | Computer Name = Jill-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/18/2012 7:45:19 AM | Computer Name = Jill-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.10.112 for the Network Card with network
address 001FE2C6D5EB has been denied by the DHCP server 192.168.10.1 (The DHCP
Server sent a DHCPNACK message).

Error - 12/23/2012 12:00:27 PM | Computer Name = Jill-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:14:11 PM on 12/20/2012 was unexpected.

Error - 12/23/2012 12:01:54 PM | Computer Name = Jill-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/23/2012 12:01:54 PM | Computer Name = Jill-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/23/2012 12:23:58 PM | Computer Name = Jill-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/23/2012 12:23:58 PM | Computer Name = Jill-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >
aswNBR
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-23 09:24:31
-----------------------------
09:24:31.885 OS Version: Windows 6.0.6002 Service Pack 2
09:24:31.886 Number of processors: 2 586 0xF0D
09:24:31.888 ComputerName: JILL-PC UserName: Jill
09:24:33.745 Initialize success
09:24:45.916 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:24:45.920 Disk 0 Vendor: SAMSUNG_ 2AK1 Size: 476940MB BusType: 3
09:24:45.932 Disk 0 MBR read successfully
09:24:45.936 Disk 0 MBR scan
09:24:45.940 Disk 0 Windows VISTA default MBR code
09:24:45.945 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 156 MB offset 63
09:24:45.961 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 20473 MB offset 321300
09:24:45.975 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 456307 MB offset 42250950
09:24:45.986 Disk 0 scanning sectors +976768065
09:24:46.082 Disk 0 scanning C:\Windows\system32\drivers
09:24:52.950 Service scanning
09:25:04.443 Modules scanning
09:25:22.970 Disk 0 trace - called modules:
09:25:23.023 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
09:25:23.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c18ac8]
09:25:23.416 3 CLASSPNP.SYS[8a5ac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85122030]
09:25:23.426 Scan finished successfully
09:29:47.948 Disk 0 MBR has been saved successfully to "C:\Users\Jill\Desktop\MBR.dat"
09:29:48.129 The log file has been saved successfully to "C:\Users\Jill\Desktop\aswMBR.txt"
Date and how issue started: I was searching for a hotel in San Juan and all of a sudden my webpages all closed. When I try to open anything, including an internet page, the system security alert comes up. I can look at computer files but can't open programs at all. I tried a system restore, but it is not turned on. This all happened last night.
Current issues and symptoms: As above, cannot run anything, cannot open anything.
Steps taken in order to remove the infection: Tried to follow the instructions on your website, restarted in safe mode with networking, but still get the popup from Win7 when I try to open the internet so I can't download the fixes. I tried the system repair at start up (unsuccessful) and tried to restore to an earlier time (unsuccessful).
REQUESTED LOGS: OTL LOG
Thank you for offering a fix for the Win7 Defender virus. My problem is this: when I start my computer in safe mode with networking, the virus still keeps me from opening up an internet page. Is there any way to download the fix when I cannot get internet access?
Find all posts by this user
Quote this message in a reply
12-23-2012, 06:14 PM
Post: #2
Fiery Offline
Community Admin
 		Posts: 1,588
Joined: Jan 2011
Kudos 495
RE: Win 7 Defender removal
Hi and welcome to MT!

My name is Fiery and I will assist you in the removal of this rogue.

Open OTL. Under custom scan/fixes, copy and paste the following:

Quote::OTL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4D97131-5CC5-4526-94DB-F4D48E9A825B}: DhcpNameServer = 10.184.5.136 10.184.5.137 10.184.5.112

:Files
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

and click Run Fix . Post the log afterwards.

Also do you have a USB and another computer you can access to download and transfer the following files to the infected PC?

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
Find all posts by this user
Quote this message in a reply
« Next Oldest | Next Newest »
Post Reply 


Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  Win 7 Defender removal problem asdfdav 36 2,178 01-11-2013 12:39 AM
Last Post: Fiery

  • View a Printable Version
  • Send this Thread to a Friend
  • Subscribe to this thread


User(s) browsing this thread: 1 Guest(s)

 


Proudly powered by MyBB.
Copyright - MalwareTips.com © 2012. All rights reserved. | Webdesign by End Soft Design
Contact Us | Privacy policy | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication | Members List | Forum Team

MalwareTips.com is an independent website.All trademarks mentioned on this page are the property of their respective owners.