Jump to content

searchnu/406 problem Assistance gratefully received...


Recommended Posts

Hi guys,

Thanks for the great instructions on opening the logs. I have done as requested on the I'm infected page. Here are my logs. I would be grateful if someone could help me out. I got the infection from downloadnig the ilivid player. Please let me know if you require any other information. Many thanks in advance.

Kind Regards,

Joe.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_22

Run by Joeninhoo at 21:20:17 on 2012-03-26

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1016 [GMT 1:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Windows\system32\lxbkcoms.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\SMINST\BLService.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Users\Joeninhoo\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Common Files\Steam\SteamService.exe

c:\program files\logitech\quickcam\lu\lulnchr.exe

C:\program files\logitech\quickcam\lu\LogitechUpdate.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File

BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll

TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File

TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden

uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [steam] "c:\program files\steam\Steam.exe" -silent

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"

uRun: [AROReminder] c:\program files\aro 2012\ARO.exe -rem

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"

mRun: [updateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"

mRun: [updatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start

mRun: [updateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"

mRun: [updatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

mRun: [sunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"

mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

StartupFolder: c:\users\joenin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\joeninhoo\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-explorer: HideSCANetwork = 0 (0x0)

uPolicies-explorer: HideSCAVolume = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-gb\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{50731180-27B7-427D-997F-26D9C153EE3E} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{EE160F71-9F6A-4F8A-8214-B6EF2A80A70E} : DhcpNameServer = 192.168.1.254

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll

Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll

AppInit_DLLs: avgrsstx.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\joeninhoo\appdata\roaming\mozilla\firefox\profiles\rgifzzql.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-26 64512]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-8-14 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-8-14 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-8-14 108552]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-14 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-14 297752]

R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]

R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-28 365952]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-8-31 1153368]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2011-4-22 728480]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-3-9 92592]

R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]

R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-28 193840]

R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2010-1-27 5248]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c9f311daf3f8e0;Google Update Service (gupdate1c9f311daf3f8e0);c:\program files\google\update\GoogleUpdate.exe [2009-6-22 133104]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 167264]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-22 133104]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-03-26 19:32:18 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2012-03-26 19:28:48 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys

2012-03-26 19:27:23 -------- d-----w- c:\program files\Lavasoft

2012-03-26 19:02:46 -------- d-----w- c:\users\joeninhoo\appdata\roaming\Malwarebytes

2012-03-26 18:46:10 -------- d-----w- c:\programdata\Malwarebytes

2012-03-26 18:46:08 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-26 18:46:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-26 18:41:59 -------- d-----w- c:\program files\Ask.com

2012-03-26 18:41:07 -------- d-----w- c:\users\joeninhoo\appdata\roaming\Sammsoft

2012-03-26 18:40:39 -------- d-----w- c:\program files\ARO 2012

2012-03-26 18:40:26 -------- d-----w- c:\users\joeninhoo\appdata\local\APN

2012-03-25 12:14:17 -------- d-----w- c:\program files\iLivid

2012-03-25 12:11:21 -------- d-----w- c:\programdata\boost_interprocess

2012-03-23 20:02:01 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9d5c51d6-0ca7-41b0-ac17-db47be135191}\mpengine.dll

2012-03-18 13:39:09 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-18 13:39:09 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-15 18:09:51 -------- d-----r- c:\users\joeninhoo\Dropbox

2012-03-14 20:54:19 -------- d-----w- c:\users\joeninhoo\appdata\roaming\Dropbox

2012-02-28 01:07:34 -------- d-----w- c:\programdata\100

2012-02-28 00:56:23 -------- d-----w- c:\programdata\InstallMate

.

==================== Find3M ====================

.

2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe

.

============= FINISH: 21:22:37.80 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 05/06/2009 03:00:44

System Uptime: 26/03/2012 20:55:46 (1 hours ago)

.

Motherboard: Wistron | | 303C

Processor: AMD Athlon Dual-Core QL-62 | Socket A | 2000/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 122.67 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 1.739 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32Red Casino

32Red Poker Room

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

Adobe Shockwave Player

AOL Toolbar 5.0

Apple Mobile Device Support

Apple Software Update

ARO 2012

Ask Toolbar

Atheros Driver Installation Program

AVG Free 8.5

AviSynth 2.5

Bonjour

Canon iP1900 series Printer Driver

Canon iP1900 series User Registration

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Choice Guard

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Conexant HD Audio

CyberLink DVD Suite

CyberLink YouCam

DHTML Editing Component

DivX Web Player

Dropbox

ESU for Microsoft Vista

Football Manager 2009

Google Chrome

Google Earth

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.7

HP Help and Support

HP Quick Launch Buttons 6.40 H2

HP Total Care Advisor

HP Update

HP User Guides 0118

HP Wireless Assistant

HPAsset component for HP Active Support Library

HPNetworkAssistant

HPTCSSetup

Inkjet Printer/Scanner Extended Survey Program

IrfanView (remove only)

iTunes

Java 6 Update 7

LabelPrint

Ladbrokes Poker

Lexmark X1100 Series

LightScribe System Software 1.14.17.1

Logitech QuickCam

Logitech QuickCam Driver Package

Malwarebytes Anti-Malware version 1.60.1.1000

McAfee Security Scan Plus

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mozilla Firefox 11.0 (x86 en-GB)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My HP Games

NetWaiting

Norton Internet Security

NVIDIA Drivers

Paddy Power Poker

Paddy Power Casino

PeaZip 2.6.3

Power2Go

PowerDirector

PVSonyDll

QuickTime

Realtek USB 2.0 Card Reader

Rome - Total War

Ruby Fortune Casino

SAMSUNG Intelli-studio

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Skype™ 3.8

SopCast 3.2.9

SPORE Creature Creator Trial Edition

Spybot - Search & Destroy

SpyHunter

Steam

Support.com Toolbar Updater

Synaptics Pointing Device Driver

Testbase Key Stage 3 Mathematics

TomTom HOME 2.8.1.2218

TomTom HOME Visual Studio Merge Modules

Turbo Lister 2

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC80CRTRedist - 8.0.50727.762

Videora iPod Converter 5.03

vShare Plugin

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

YouTube Downloader App 2.03

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Joe and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Hi Maniac,

Thanks for the prompt reply. I have copied the logs, as advised. If possible, during the process, if you see anything else that could cause me problems, please let me know. Thanks again.

Joe.

OTL Extras logfile created on: 26/03/2012 21:56:10 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Joeninhoo\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 34.52% Memory free

5.72 Gb Paging File | 3.95 Gb Available in Paging File | 68.99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.27 Gb Total Space | 122.66 Gb Free Space | 55.19% Space Free | Partition Type: NTFS

Drive D: | 10.61 Gb Total Space | 1.74 Gb Free Space | 16.39% Space Free | Partition Type: NTFS

Computer Name: JOENINHO | User Name: Joeninhoo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-137512113-1790784834-1351908496-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htafile [open] -- "%1" %*

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [- Browse with PeaZip] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-ext2browse" "%1" (Giorgio Tani)

Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)

Directory [browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{37258E65-5C9F-460D-8772-5178F204EF63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{421FB3DC-E05C-42D6-8490-1D2FCD07E125}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{898E7BF0-7551-4231-81CD-7E5BAE83D66B}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0B783AD3-B3B1-4880-BFD0-28ABC3695A2D}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{1F16C324-743E-4E51-A86C-C30BCF336860}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |

"{2743705D-9861-492C-9645-764118B5DD0A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{39D40DE1-CFFE-4409-88BE-1602DF0E5D09}" = protocol=17 | dir=in | app=c:\windows\system32\lxbkcoms.exe |

"{39F61228-0230-4C2A-AB9B-CA57972BF825}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |

"{5AA92794-EFDC-47B4-BF0E-ADC26E32F2FF}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{62969880-39C0-463C-BCA6-AC7A43BC9412}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |

"{62CE5181-0E81-4F63-9B99-968D3EF43310}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{63E5B742-9D5F-48FC-8AA1-728C7383AF84}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{65EB2968-1355-4777-BCE4-A37B59DFC52E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{6F69AE85-B831-4436-8F4F-28EF5FE30CCC}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{952B8B40-C61B-4392-9B40-899010C299BD}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{A68A8988-38A1-465D-8285-B5DC51A79BCE}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |

"{AB899C37-6F61-4629-A875-10316FC17E7B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{B10CB22F-ED43-41EF-A4B0-5E18E5123B35}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{BBE273DD-2A4C-47F6-AFF5-6FD161419A16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E72DA3E0-0C9F-40ED-B767-8B7C75FCDC37}" = protocol=17 | dir=in | app=c:\users\joeninhoo\appdata\roaming\dropbox\bin\dropbox.exe |

"{EB53E8AB-6226-4B66-BF0B-5D11B3F9CBD9}" = protocol=6 | dir=in | app=c:\windows\system32\lxbkcoms.exe |

"{ED65E3F0-49DE-4760-AEE3-5B71E18AE9C8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{FA0895E8-9B5F-4BD6-80F7-BBAB3FC7FD1D}" = protocol=6 | dir=in | app=c:\users\joeninhoo\appdata\roaming\dropbox\bin\dropbox.exe |

"{FCF1C50C-E834-4C3E-874D-D4E0A9AE8331}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"TCP Query User{1996E5ED-F8DA-41C0-B35C-5136DBEFEB7F}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"TCP Query User{7043B3A8-F6D8-4F51-85DE-9A40A02B3F79}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"TCP Query User{C23B036E-88B4-4C33-BEC5-D61A78A1AE08}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"TCP Query User{F73F9807-531B-42BB-92C8-811337836ED9}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"UDP Query User{1AEA9ADB-2375-4A29-A2E5-831C1C7EC880}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"UDP Query User{2D8E8468-500E-469B-85D7-8B4DBE36E32D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"UDP Query User{8313F26E-C5E4-4D57-8C6A-69399776F612}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"UDP Query User{9F11482C-E401-4BB5-82A2-31648E7248C2}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series" = Canon iP1900 series Printer Driver

"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2

"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista

"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7

"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements

"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.6.3

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007

"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth

"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library

"{CF33A0CE-702A-4E66-B91B-F995F9DDFD5B}" = SpyHunter

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"32red" = 32Red Casino

"32red (Poker)" = 32Red Poker Room

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"AOL Toolbar" = AOL Toolbar 5.0

"ARO 2012_is1" = ARO 2012

"AVG8Uninstall" = AVG Free 8.5

"AviSynth" = AviSynth 2.5

"Canon iP1900 series User Registration" = Canon iP1900 series User Registration

"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"Football Manager 2009" = Football Manager 2009

"Google Chrome" = Google Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"Intelli-studio" = SAMSUNG Intelli-studio

"IrfanView" = IrfanView (remove only)

"ladbrokes (Poker)" = Ladbrokes Poker

"Lexmark X1100 Series" = Lexmark X1100 Series

"lvdrivers_11.80" = Logitech QuickCam Driver Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 11.0 (x86 en-GB)" = Mozilla Firefox 11.0 (x86 en-GB)

"NVIDIA Drivers" = NVIDIA Drivers

"Paddy Power Casino" = Paddy Power Casino

"Paddy Power Poker" = Paddy Power Poker

"PROPLUS" = Microsoft Office Professional Plus 2007

"rubyfortune" = Ruby Fortune Casino

"SopCast" = SopCast 3.2.9

"Steam App 10540" = Football Manager 2009

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Testbase K3_MATHS" = Testbase Key Stage 3 Mathematics

"TomTom HOME" = TomTom HOME 2.8.1.2218

"Videora iPod Converter" = Videora iPod Converter 5.03

"vShare" = vShare Plugin

"WildTangent hp Master Uninstall" = My HP Games

"WinLiveSuite_Wave3" = Windows Live Essentials

"YouTube Downloader App" = YouTube Downloader App 2.03

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-137512113-1790784834-1351908496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Support.com Toolbar Updater

"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 01/06/2011 06:21:23 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

Error - 01/06/2011 06:21:23 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

Error - 01/06/2011 06:21:24 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

Error - 01/06/2011 06:21:24 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

Error - 01/06/2011 06:21:24 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

Error - 01/06/2011 06:21:24 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

Error - 01/06/2011 06:21:24 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

Error - 01/06/2011 06:21:24 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

Error - 01/06/2011 06:21:24 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

Error - 01/06/2011 06:21:24 | Computer Name = Joeninho | Source = Windows Search Service | ID = 3013

Description =

[ System Events ]

Error - 24/06/2009 17:47:39 | Computer Name = Joeninho | Source = HTTP | ID = 15016

Description =

Error - 24/06/2009 17:48:04 | Computer Name = Joeninho | Source = Service Control Manager | ID = 7000

Description =

Error - 25/06/2009 15:06:50 | Computer Name = Joeninho | Source = HTTP | ID = 15016

Description =

Error - 25/06/2009 15:08:24 | Computer Name = Joeninho | Source = Service Control Manager | ID = 7000

Description =

Error - 26/06/2009 13:49:41 | Computer Name = Joeninho | Source = HTTP | ID = 15016

Description =

Error - 26/06/2009 13:51:18 | Computer Name = Joeninho | Source = Service Control Manager | ID = 7000

Description =

Error - 27/06/2009 14:09:53 | Computer Name = Joeninho | Source = HTTP | ID = 15016

Description =

Error - 27/06/2009 14:11:31 | Computer Name = Joeninho | Source = Service Control Manager | ID = 7000

Description =

Error - 27/06/2009 19:43:52 | Computer Name = Joeninho | Source = HTTP | ID = 15016

Description =

Error - 27/06/2009 19:45:27 | Computer Name = Joeninho | Source = Service Control Manager | ID = 7000

Description =

< End of report >

OTL logfile created on: 26/03/2012 21:56:10 - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Joeninhoo\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 34.52% Memory free

5.72 Gb Paging File | 3.95 Gb Available in Paging File | 68.99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.27 Gb Total Space | 122.66 Gb Free Space | 55.19% Space Free | Partition Type: NTFS

Drive D: | 10.61 Gb Total Space | 1.74 Gb Free Space | 16.39% Space Free | Partition Type: NTFS

Computer Name: JOENINHO | User Name: Joeninhoo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/26 21:50:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Joeninhoo\Desktop\OTL.exe

PRC - [2012/03/21 00:29:43 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe

PRC - [2012/03/12 19:23:18 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

PRC - [2012/03/12 19:23:16 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

PRC - [2012/02/15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Joeninhoo\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe

PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011/10/17 18:35:00 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2011/08/24 17:46:13 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe

PRC - [2011/04/22 20:12:44 | 004,666,272 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe

PRC - [2011/04/22 20:12:36 | 000,728,480 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe

PRC - [2011/04/10 18:41:14 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2011/03/09 13:30:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

PRC - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/08/14 20:01:43 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/08/14 20:01:43 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/14 20:01:42 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009/08/14 20:01:39 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009/08/14 20:01:38 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/07/07 02:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe

PRC - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe

PRC - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

PRC - [2008/08/14 17:11:14 | 000,447,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2008/06/10 12:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

PRC - [2008/01/25 14:32:56 | 000,689,416 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe

PRC - [2008/01/25 14:32:48 | 000,191,240 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe

PRC - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2008/01/21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/01/25 11:20:32 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/21 00:29:40 | 020,297,512 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll

MOD - [2012/03/21 00:29:24 | 000,907,048 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll

MOD - [2012/03/21 00:29:24 | 000,190,776 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll

MOD - [2012/03/21 00:29:24 | 000,123,192 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll

MOD - [2012/03/21 00:29:23 | 001,099,576 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll

MOD - [2012/03/12 19:23:16 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL

MOD - [2011/07/01 17:01:10 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll

MOD - [2011/06/30 21:57:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll

MOD - [2011/06/30 21:57:54 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll

MOD - [2011/06/30 21:57:54 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll

MOD - [2011/06/30 21:57:53 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll

MOD - [2011/06/30 14:31:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll

MOD - [2011/06/30 11:38:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll

MOD - [2011/06/30 11:38:03 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll

MOD - [2011/06/30 11:37:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll

MOD - [2011/06/30 11:37:26 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll

MOD - [2011/06/30 11:37:13 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll

MOD - [2011/06/30 11:37:12 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll

MOD - [2011/06/30 11:36:46 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll

MOD - [2011/06/30 11:36:23 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll

MOD - [2011/06/30 11:36:17 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll

MOD - [2011/06/30 11:34:27 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

MOD - [2011/04/22 19:41:44 | 000,905,728 | ---- | M] () -- C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll

MOD - [2008/10/01 00:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll

MOD - [2008/10/01 00:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2008/10/01 00:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2008/10/01 00:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll

MOD - [2008/10/01 00:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2008/10/01 00:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2008/10/01 00:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2008/10/01 00:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2008/09/24 01:21:22 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll

MOD - [2008/08/14 17:22:36 | 000,112,912 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\LAppRes.DLL

MOD - [2008/08/14 17:15:46 | 002,407,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe

MOD - [2008/08/14 17:13:30 | 000,149,264 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiVOIPDevicePlugin.dll

MOD - [2008/08/14 17:13:08 | 000,165,136 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless4001.dll

MOD - [2008/08/14 17:13:08 | 000,138,000 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\LogiCordless.dll

MOD - [2008/08/14 17:12:10 | 000,167,184 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\EFVal.dll

MOD - [2008/08/14 17:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

MOD - [2008/08/14 17:11:48 | 000,345,872 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\DevMngr.dll

MOD - [2008/07/27 19:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

MOD - [2008/07/27 19:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2008/07/27 19:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2008/07/26 08:24:04 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll

MOD - [2008/01/21 03:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll

MOD - [2007/08/14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll

MOD - [2007/07/12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

MOD - [2007/07/12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)

SRV - [2012/03/21 00:29:43 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/03/12 19:23:18 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)

SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/11/10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011/04/22 20:12:36 | 000,728,480 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)

SRV - [2011/03/09 13:30:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/08/14 20:01:39 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009/08/14 20:01:38 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2008/10/06 17:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)

SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)

SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/01/25 11:20:32 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\JOENIN~1\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2011/11/03 12:06:56 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)

DRV - [2011/11/03 12:06:56 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)

DRV - [2010/01/27 18:10:44 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV - [2009/08/14 20:02:28 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/08/14 20:02:23 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/14 20:02:22 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/07/26 16:26:44 | 004,658,584 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)

DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2008/07/26 16:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2008/06/05 17:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)

DRV - [2008/05/09 20:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/04/27 19:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008/04/24 23:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2008/01/29 14:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®

DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{68DDDCA3-3EE1-4C06-BC87-2EFD6C6DA18C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM\..\SearchScopes\{AE0A1692-D826-4DD8-A768-B1C00C16CC70}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKLM\..\SearchScopes\{EAE607C7-156A-4E35-986B-D2A631ADF84E}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Pavilion&pf=cnnb

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\SearchScopes\{68DDDCA3-3EE1-4C06-BC87-2EFD6C6DA18C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcnnbie7-en-gb

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={8D37B4B3-104D-4A9A-866F-666F25F37F0F}&mid=27368558a9bb4b6270cb3bed3620a557-6b268ba1d48dced77266b496584ef2dc91d12836〈=us&ds=AVG&pr=fr&d=2011-11-30 12:34:30&v=10.0.0.7&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\SearchScopes\{AE0A1692-D826-4DD8-A768-B1C00C16CC70}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\SearchScopes\{EAE607C7-156A-4E35-986B-D2A631ADF84E}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/03 21:50:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 19:24:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/18 14:39:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/15 12:13:00 | 000,000,000 | ---D | M]

[2012/03/26 19:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joeninhoo\AppData\Roaming\mozilla\Extensions

[2011/03/05 14:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joeninhoo\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2012/03/26 20:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joeninhoo\AppData\Roaming\mozilla\Firefox\Profiles\rgifzzql.default\extensions

[2010/05/07 23:26:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Joeninhoo\AppData\Roaming\mozilla\Firefox\Profiles\rgifzzql.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/03/26 20:39:17 | 000,000,000 | ---D | M] ("Support.com Toolbar") -- C:\Users\Joeninhoo\AppData\Roaming\mozilla\Firefox\Profiles\rgifzzql.default\extensions\toolbar@ask.com

[2012/03/25 13:11:20 | 000,002,519 | ---- | M] () -- C:\Users\Joeninhoo\AppData\Roaming\Mozilla\Firefox\Profiles\rgifzzql.default\searchplugins\Search_Results.xml

[2012/03/26 19:34:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/03/18 14:39:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/01/23 19:34:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/21 18:06:06 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/03/12 19:23:14 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/02/21 18:06:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/02/21 18:06:06 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/02/21 18:06:06 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/03/25 13:11:20 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

[2012/02/21 18:06:06 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe (Support.com, Inc.)

O4 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

O4 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000..\Run: [steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - Startup: C:\Users\Joeninhoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joeninhoo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O7 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCANetwork = 0

O7 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAVolume = 0

O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)

O15 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50731180-27B7-427D-997F-26D9C153EE3E}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE160F71-9F6A-4F8A-8214-B6EF2A80A70E}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Silhouette.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/09/21 12:05:18 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 21:50:24 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Joeninhoo\Desktop\OTL.exe

[2012/03/26 21:08:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Joeninhoo\Desktop\dds.scr

[2012/03/26 20:32:18 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2012/03/26 20:28:48 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2012/03/26 20:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2012/03/26 20:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

[2012/03/26 20:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2012/03/26 20:02:46 | 000,000,000 | ---D | C] -- C:\Users\Joeninhoo\AppData\Roaming\Malwarebytes

[2012/03/26 19:46:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/26 19:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/03/26 19:46:08 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/03/26 19:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/03/26 19:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2012/03/26 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\Joeninhoo\AppData\Roaming\Sammsoft

[2012/03/26 19:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2012

[2012/03/26 19:40:39 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2012

[2012/03/26 19:40:26 | 000,000,000 | ---D | C] -- C:\Users\Joeninhoo\AppData\Local\APN

[2012/03/25 13:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid

[2012/03/25 13:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/03/15 19:09:51 | 000,000,000 | R--D | C] -- C:\Users\Joeninhoo\Dropbox

[2012/03/14 21:55:40 | 000,000,000 | ---D | C] -- C:\Users\Joeninhoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

[2012/03/14 21:54:19 | 000,000,000 | ---D | C] -- C:\Users\Joeninhoo\AppData\Roaming\Dropbox

[2012/02/28 02:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\100

[2012/02/28 01:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 21:50:48 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Joeninhoo\Desktop\OTL.exe

[2012/03/26 21:13:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/03/26 21:09:13 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Joeninhoo\Desktop\dds.scr

[2012/03/26 21:04:36 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/03/26 21:04:36 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/03/26 21:02:48 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012/03/26 21:02:07 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012/03/26 20:57:21 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini

[2012/03/26 20:56:46 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/26 20:56:32 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/26 20:56:31 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/26 20:56:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/03/26 20:56:14 | 2951,139,328 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/26 20:54:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/03/26 20:32:18 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys

[2012/03/26 20:28:51 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2012/03/26 19:46:15 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/26 19:40:47 | 000,001,653 | ---- | M] () -- C:\Users\Joeninhoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk

[2012/03/26 19:40:47 | 000,001,647 | ---- | M] () -- C:\Users\Joeninhoo\Desktop\Check PC For Errors.lnk

[2012/03/26 17:55:58 | 001,099,943 | ---- | M] () -- C:\Users\Joeninhoo\Documents\Mission Appointment Letter Joe Hannaway.pdf

[2012/03/26 17:53:21 | 000,053,051 | ---- | M] () -- C:\Users\Joeninhoo\Documents\Mission document 1.pdf

[2012/03/26 17:38:56 | 073,164,281 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2012/03/25 16:36:52 | 000,000,560 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk

[2012/03/24 11:49:03 | 001,099,921 | ---- | M] () -- C:\Users\Joeninhoo\Documents\Appointment Letter Joe Hannaway.pdf

[2012/03/22 19:14:55 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/03/21 19:19:18 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJoeninhoo.job

[2012/03/15 19:09:51 | 000,000,945 | ---- | M] () -- C:\Users\Joeninhoo\Desktop\Dropbox.lnk

[2012/03/14 21:56:25 | 000,000,925 | ---- | M] () -- C:\Users\Joeninhoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/02/28 02:09:31 | 000,115,200 | ---- | M] () -- C:\Users\Joeninhoo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/26 20:28:51 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2012/03/26 19:46:15 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/03/26 19:40:47 | 000,001,653 | ---- | C] () -- C:\Users\Joeninhoo\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk

[2012/03/26 19:40:47 | 000,001,647 | ---- | C] () -- C:\Users\Joeninhoo\Desktop\Check PC For Errors.lnk

[2012/03/26 17:55:58 | 001,099,943 | ---- | C] () -- C:\Users\Joeninhoo\Documents\Mission Appointment Letter Joe Hannaway.pdf

[2012/03/26 17:53:21 | 000,053,051 | ---- | C] () -- C:\Users\Joeninhoo\Documents\Mission document 1.pdf

[2012/03/25 13:10:35 | 000,000,560 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk

[2012/03/24 11:49:03 | 001,099,921 | ---- | C] () -- C:\Users\Joeninhoo\Documents\Appointment Letter Joe Hannaway.pdf

[2012/03/15 19:09:51 | 000,000,945 | ---- | C] () -- C:\Users\Joeninhoo\Desktop\Dropbox.lnk

[2012/03/14 21:56:25 | 000,000,925 | ---- | C] () -- C:\Users\Joeninhoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011/05/09 23:35:26 | 000,000,130 | ---- | C] () -- C:\Users\Joeninhoo\AppData\Roaming\wklnhst.dat

[2011/04/11 20:59:27 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll

[2011/04/11 20:59:27 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll

[2011/04/11 20:59:27 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll

[2011/04/11 20:59:26 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll

[2010/11/23 01:20:40 | 000,000,230 | ---- | C] () -- C:\Windows\exampro32.ini

========== LOP Check ==========

[2011/03/25 00:58:52 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/03/26 21:00:26 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\Dropbox

[2009/08/24 20:22:49 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\GetRightToGo

[2011/09/23 18:46:51 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\IrfanView

[2009/07/02 20:39:56 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\Leadertech

[2012/03/23 22:00:57 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\Microgaming

[2009/10/06 23:40:45 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\muvee Technologies

[2009/08/25 00:11:31 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\PeaZip

[2010/07/01 21:51:12 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\Regensoft

[2012/03/26 19:41:07 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\Sammsoft

[2011/04/11 20:59:40 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\Simply Super Software

[2011/05/14 10:04:19 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\Sports Interactive

[2011/05/09 23:35:28 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\Template

[2011/03/05 14:18:01 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\TomTom

[2012/03/26 22:01:32 | 000,000,000 | ---D | M] -- C:\Users\Joeninhoo\AppData\Roaming\uTorrent

[2012/03/26 20:54:51 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having three anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I suggest you to uninstall two of them.

Norton Internet Security

Ad-Aware

AVG Free 8.5

My suggestion is to keep Norton Internet Securityor AVG Free 8.5. Uninstall the others.

Uninstall those too:

Ask Toolbar

vShare Plugin

Support.com Toolbar Updater

Step 3

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
    IE - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
    FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q="
    [2012/03/26 20:39:17 | 000,000,000 | ---D | M] ("Support.com Toolbar") -- C:\Users\Joeninhoo\AppData\Roaming\mozilla\Firefox\Profiles\rgifzzql.default\extensions\toolbar@ask.com
    O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O2 - BHO: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Support.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-137512113-1790784834-1351908496-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
    O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
    [2012/03/26 19:41:59 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    [2012/03/25 13:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

    :files
    C:\Program Files\vShare

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Hi Maniac,

All completed, as instructed. Here is the OTL fix log. Thanks again.

Kind Regards,

Joe.

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-137512113-1790784834-1351908496-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

Registry key HKEY_USERS\S-1-5-21-137512113-1790784834-1351908496-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage

Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=406&sr=0&q=" removed from keyword.URL

Folder C:\Users\Joeninhoo\AppData\Roaming\mozilla\Firefox\Profiles\rgifzzql.default\extensions\toolbar@ask.com\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-137512113-1790784834-1351908496-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome\ not found.

File C:\Program Files\vShare\vshare_toolbar.dll not found.

Folder C:\Program Files\Ask.com\ not found.

C:\ProgramData\boost_interprocess\B8968FA87E0ACD01 folder moved successfully.

C:\ProgramData\boost_interprocess folder moved successfully.

========== FILES ==========

File\Folder C:\Program Files\vShare not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Joeninhoo

->Temp folder emptied: 129269857 bytes

->Temporary Internet Files folder emptied: 554442139 bytes

->Java cache emptied: 4670681 bytes

->FireFox cache emptied: 184226955 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 3847766 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1458955 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 365881667 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 8494118 bytes

Total Files Cleaned = 1,194.00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 03272012_225812

Files\Folders moved on Reboot...

C:\Users\Joeninhoo\AppData\Local\Temp\ehmsas.txt moved successfully.

File\Folder C:\Windows\temp\logishrd\LVPrcInj02.dll not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.