Jump to content

Another searchnu.com/406 help thread


Recommended Posts

Hi all,

My girlfriends laptop has become infected with the searchnu virus and after various different methods of removing it I've managed to prevent it from altering the homepage every time the computer is restarted. However, it is still not allowing me to search with google and I want to be sure its completely removed from the system.

Here are my OTL logs:

OTL logfile created on: 29/04/2012 13:49:50 - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Stef\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.78% Memory free

6.12 Gb Paging File | 4.90 Gb Available in Paging File | 79.99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 34.06 Gb Free Space | 22.85% Space Free | Partition Type: NTFS

Computer Name: STEF-PC | User Name: Stef | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/29 13:41:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Stef\Downloads\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/14 00:01:01 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

PRC - [2012/03/14 00:00:49 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

PRC - [2012/03/11 13:48:36 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2012/02/03 20:28:56 | 000,350,208 | ---- | M] () -- C:\Program Files\SABnzbd\SABnzbd.exe

PRC - [2012/01/28 20:47:23 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe

PRC - [2011/12/06 11:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

PRC - [2011/06/07 23:10:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/11/24 22:16:03 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe

PRC - [2010/09/23 20:50:58 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe

PRC - [2010/09/15 09:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe

PRC - [2010/09/15 09:33:32 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe

PRC - [2010/07/22 08:32:19 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe

PRC - [2010/07/22 08:32:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe

PRC - [2010/07/22 08:31:41 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe

PRC - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe

PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/21 03:23:52 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

========== Modules (No Company Name) ==========

MOD - [2012/03/14 00:00:49 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

MOD - [2012/02/03 20:28:56 | 000,350,208 | ---- | M] () -- C:\Program Files\SABnzbd\SABnzbd.exe

MOD - [2011/12/04 16:16:49 | 006,276,768 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2011/11/28 15:27:42 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll

MOD - [2011/11/10 16:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/01 17:52:28 | 000,057,344 | ---- | M] () -- C:\Program Files\SABnzbd\lib\OpenSSL.crypto.pyd

MOD - [2010/11/01 17:52:28 | 000,037,888 | ---- | M] () -- C:\Program Files\SABnzbd\lib\OpenSSL.SSL.pyd

MOD - [2010/11/01 17:52:28 | 000,007,168 | ---- | M] () -- C:\Program Files\SABnzbd\lib\OpenSSL.rand.pyd

MOD - [2010/10/08 03:37:34 | 000,546,205 | ---- | M] () -- C:\Program Files\SABnzbd\lib\sqlite3.dll

MOD - [2010/01/31 16:14:32 | 000,118,784 | ---- | M] () -- C:\Program Files\SABnzbd\lib\pywintypes25.dll

MOD - [2010/01/31 16:11:56 | 000,671,744 | ---- | M] () -- C:\Program Files\SABnzbd\lib\_ssl.pyd

MOD - [2010/01/31 16:11:52 | 000,294,912 | ---- | M] () -- C:\Program Files\SABnzbd\lib\_hashlib.pyd

MOD - [2010/01/31 16:11:52 | 000,135,168 | ---- | M] () -- C:\Program Files\SABnzbd\lib\pyexpat.pyd

MOD - [2010/01/31 16:11:52 | 000,086,016 | ---- | M] () -- C:\Program Files\SABnzbd\lib\_ctypes.pyd

MOD - [2010/01/31 16:11:52 | 000,053,248 | ---- | M] () -- C:\Program Files\SABnzbd\lib\_socket.pyd

MOD - [2010/01/31 16:11:52 | 000,049,152 | ---- | M] () -- C:\Program Files\SABnzbd\lib\_sqlite3.pyd

MOD - [2010/01/31 16:11:52 | 000,008,192 | ---- | M] () -- C:\Program Files\SABnzbd\lib\select.pyd

MOD - [2010/01/31 15:56:20 | 000,024,576 | ---- | M] () -- C:\Program Files\SABnzbd\lib\servicemanager.pyd

MOD - [2010/01/31 15:56:12 | 000,102,400 | ---- | M] () -- C:\Program Files\SABnzbd\lib\win32api.pyd

MOD - [2010/01/31 15:56:04 | 000,036,864 | ---- | M] () -- C:\Program Files\SABnzbd\lib\win32service.pyd

MOD - [2010/01/31 15:54:18 | 000,040,960 | ---- | M] () -- C:\Program Files\SABnzbd\lib\win32process.pyd

MOD - [2010/01/31 15:54:16 | 000,019,968 | ---- | M] () -- C:\Program Files\SABnzbd\lib\win32pipe.pyd

MOD - [2010/01/31 15:54:06 | 000,014,848 | ---- | M] () -- C:\Program Files\SABnzbd\lib\win32evtlog.pyd

MOD - [2010/01/31 15:54:04 | 000,110,592 | ---- | M] () -- C:\Program Files\SABnzbd\lib\win32file.pyd

MOD - [2010/01/31 15:54:04 | 000,013,824 | ---- | M] () -- C:\Program Files\SABnzbd\lib\win32event.pyd

MOD - [2009/03/03 18:21:18 | 000,012,288 | ---- | M] () -- C:\Program Files\SABnzbd\lib\Cheetah._namemapper.pyd

MOD - [2006/08/12 16:47:52 | 000,009,728 | ---- | M] () -- C:\Program Files\SABnzbd\lib\_yenc.pyd

========== Win32 Services (SafeList) ==========

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/14 00:01:01 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)

SRV - [2012/03/11 13:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2011/11/10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/09/15 09:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)

SRV - [2010/09/15 09:33:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)

SRV - [2010/07/22 08:32:16 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)

SRV - [2010/03/25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)

SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2012/04/29 13:18:56 | 000,026,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro36.sys -- (hitmanpro35)

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/11 13:48:52 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)

DRV - [2012/03/11 13:48:50 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2012/03/11 13:48:50 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)

DRV - [2012/01/28 20:44:10 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)

DRV - [2011/09/24 23:54:51 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2011/05/19 22:18:02 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2010/09/15 09:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)

DRV - [2010/09/15 09:33:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)

DRV - [2010/07/22 08:31:42 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2010/07/20 11:38:24 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2010/07/20 11:38:24 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2010/07/20 11:38:24 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2010/02/28 20:01:47 | 000,390,528 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RapportBuka.sys -- (RapportBuka)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={AED27F67-0A6F-4A13-89FF-02166A98C6E8}&mid=5462bee8297533fa089d2527b6a5ebf7-ce74c84977fa1ef159c790de749133c5971cc6e8〈=us&ds=AVG&pr=fr&d=2011-12-28 18:15:47&v=9.0.0.18&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.order.2: "Google"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863

FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: updater@foxstart.com:1.1.3

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2011/09/24 23:56:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2011/05/19 22:18:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/14 00:01:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/07 23:10:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/07 23:10:44 | 000,000,000 | ---D | M]

[2011/12/28 23:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stef\AppData\Roaming\Mozilla\Extensions

[2012/04/24 21:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\n6ejveom.default\extensions

[2009/09/06 19:27:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\n6ejveom.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/02 20:02:26 | 000,000,000 | ---D | M] (TV Bar 1.2 Community Toolbar) -- C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\n6ejveom.default\extensions\{70a38074-97a6-45da-b1a1-34b0a34dc3ff}

[2011/12/28 23:08:54 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\n6ejveom.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2010/11/02 20:02:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\n6ejveom.default\extensions\engine@conduit.com

[2012/04/24 21:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\n6ejveom.default\extensions\sabnzbdstatus@dq5studios.com

[2012/04/24 21:15:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\n6ejveom.default\extensions\staged-xpis

[2011/12/28 23:08:50 | 000,002,519 | ---- | M] () -- C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\n6ejveom.default\searchplugins\Search_Results.xml

[2011/12/28 23:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/06 13:23:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2009/04/28 15:51:02 | 000,000,000 | ---D | M] ("Update Service") -- C:\Program Files\Mozilla Firefox\extensions\updater@foxstart.com

[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/06/07 23:10:33 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/03/14 00:00:48 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

[2011/06/07 23:10:33 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml

[2011/06/07 23:10:34 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml

[2011/12/28 23:08:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

[2011/06/07 23:10:35 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk = C:\Program Files\SABnzbd\SABnzbd.exe ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD0230D7-33AB-4D6D-894D-7715B10A4C23}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()

O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Stef\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Stef\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{c488bb28-f002-11df-915c-0023ae2ea455}\Shell - "" = AutoRun

O33 - MountPoints2\{c488bb28-f002-11df-915c-0023ae2ea455}\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/29 13:42:45 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/04/29 13:32:22 | 000,000,000 | ---D | C] -- C:\Users\Stef\AppData\Roaming\SpeedyPC Software

[2012/04/29 13:32:22 | 000,000,000 | ---D | C] -- C:\Users\Stef\AppData\Roaming\DriverCure

[2012/04/29 13:32:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2012/04/29 13:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro

[2012/04/29 13:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro

[2012/04/29 13:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro

[2012/04/29 12:58:11 | 000,000,000 | ---D | C] -- C:\Users\Stef\AppData\Roaming\Malwarebytes

[2012/04/29 12:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/29 12:58:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/29 12:58:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/04/29 12:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/04/24 21:40:52 | 000,000,000 | ---D | C] -- C:\Users\Stef\Documents\Downloads

[2012/04/24 21:13:07 | 000,000,000 | ---D | C] -- C:\Users\Stef\AppData\Local\sabnzbd

[2012/04/24 21:12:55 | 000,000,000 | ---D | C] -- C:\Users\Stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd

[2012/04/24 21:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\SABnzbd

========== Files - Modified Within 30 Days ==========

[2012/04/29 13:50:59 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/29 13:50:59 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/29 13:44:17 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/29 13:44:17 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/29 13:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/29 13:43:55 | 3179,679,744 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/29 13:18:56 | 000,026,400 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro36.sys

[2012/04/29 13:15:27 | 000,002,166 | ---- | M] () -- C:\Windows\System32\.crusader

[2012/04/29 13:12:14 | 000,001,732 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2012/04/29 12:58:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/29 12:54:12 | 000,006,756 | ---- | M] () -- C:\Users\Stef\AppData\Local\d3d9caps.dat

[2012/04/29 11:52:51 | 096,579,315 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2012/04/29 11:50:18 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{4CDF3600-BB66-4A1C-8A30-E3F10FD050FD}.job

[2012/04/24 21:13:24 | 000,013,766 | ---- | M] () -- C:\Users\Stef\Documents\cc_20120424_211317.reg

[2012/04/24 21:12:58 | 000,000,788 | ---- | M] () -- C:\Users\Stef\Desktop\SABnzbd.lnk

[2012/04/24 21:12:57 | 000,000,832 | ---- | M] () -- C:\Users\Stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk

[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/04/29 13:43:55 | 3179,679,744 | -HS- | C] () -- C:\hiberfil.sys

[2012/04/29 13:15:27 | 000,002,166 | ---- | C] () -- C:\Windows\System32\.crusader

[2012/04/29 13:12:14 | 000,026,400 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro36.sys

[2012/04/29 13:12:14 | 000,001,732 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk

[2012/04/29 12:58:08 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/24 21:13:20 | 000,013,766 | ---- | C] () -- C:\Users\Stef\Documents\cc_20120424_211317.reg

[2012/04/24 21:12:58 | 000,000,788 | ---- | C] () -- C:\Users\Stef\Desktop\SABnzbd.lnk

[2012/04/24 21:12:57 | 000,000,832 | ---- | C] () -- C:\Users\Stef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk

[2010/10/19 19:57:04 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2010/10/19 19:57:04 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2010/09/15 09:41:54 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll

[2010/09/15 09:41:54 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll

[2010/09/15 09:41:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll

[2010/09/15 09:41:54 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll

========== LOP Check ==========

[2012/03/08 00:42:41 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1

[2009/07/02 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2012/04/29 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\DriverCure

[2009/04/28 17:11:46 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\GetRightToGo

[2009/07/14 17:41:18 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\OpenOffice.org

[2010/10/19 19:55:59 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\Samsung

[2012/04/29 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\SpeedyPC Software

[2009/07/17 17:56:28 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\Template

[2009/04/28 13:23:36 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\TMP

[2010/01/14 23:06:54 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\Trusteer

[2012/04/29 13:21:21 | 000,000,000 | ---D | M] -- C:\Users\Stef\AppData\Roaming\uTorrent

[2012/04/29 12:52:05 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/04/29 11:50:18 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{4CDF3600-BB66-4A1C-8A30-E3F10FD050FD}.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 29/04/2012 13:49:50 - Run 1

OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Stef\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.96 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 57.78% Memory free

6.12 Gb Paging File | 4.90 Gb Available in Paging File | 79.99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 34.06 Gb Free Space | 22.85% Space Free | Partition Type: NTFS

Computer Name: STEF-PC | User Name: Stef | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02040D40-BEE5-49F1-B605-3900BB3470DF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{058A7130-1C0B-4835-AF58-76D8F3C1E602}" = lport=445 | protocol=6 | dir=in | app=system |

"{0CAC6161-3FBC-4239-9188-8E866C86B286}" = rport=137 | protocol=17 | dir=out | app=system |

"{10534249-98C3-456A-97CE-1C94621ACDA3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{16F2F9B7-879A-4B9A-B023-8225EADCFDB1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{175063B6-AE1A-413A-A4EB-E10A0434F8BA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{17693048-856C-48AB-91E8-F138E2677967}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1AD15503-ACA0-4FE3-AE3D-1B32480844F5}" = lport=138 | protocol=17 | dir=in | app=system |

"{1B2DCDE3-4FFD-4BCB-9287-C806B13AF0BD}" = rport=138 | protocol=17 | dir=out | app=system |

"{1BB9A88D-6D20-4B51-8CFA-F06C85B304AC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{352CAB66-342D-4B76-92AD-4D4FB7C42714}" = rport=10243 | protocol=6 | dir=out | app=system |

"{38A6C6D4-9A54-4D67-B8FE-1938A706BF7E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3B34FE69-C36F-4951-BE65-0FA77AE0D8E3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{5C05B861-353E-4C16-9CDA-0C92FB5A84B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{636B0A62-0206-43E8-B9A0-E75D839BB6BA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6DC9D12B-FEA3-4C4D-971C-66AF3ABAD6D3}" = lport=137 | protocol=17 | dir=in | app=system |

"{6E89A5D3-3E10-43FE-8A35-3D0DFDABA5F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{75FCB905-D704-43CB-B843-B62A1CF57383}" = lport=2869 | protocol=6 | dir=in | app=system |

"{7C05410A-1E9A-44E0-A606-395EF9FEA40A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7CB27B1C-CEB1-4990-A571-27CCA5876035}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{8D8860D8-2DD3-4328-89F1-98E69AFD7D58}" = rport=139 | protocol=6 | dir=out | app=system |

"{927FE061-091C-49DF-8363-3F0325F64378}" = lport=139 | protocol=6 | dir=in | app=system |

"{AF25471C-5019-4067-819C-ACB5C298E065}" = lport=10243 | protocol=6 | dir=in | app=system |

"{BEABEFFA-84EF-447B-8C92-FB4DB6C464EF}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{C2FAB1CA-CE05-4149-A9CA-95FC5AF8CAB2}" = rport=445 | protocol=6 | dir=out | app=system |

"{D9FDF63A-9AC3-4FAC-A12A-5531C96DCEA9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E5796B5C-5CA2-4588-86DB-C6FBA0553D3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E67449F5-A726-4B79-9E80-3D4E54FC6B99}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E93CB63E-684F-48BD-B7F7-82E8D7F7B8E5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{079F3F67-6962-4F7E-8DA5-B7A75733A98C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{117E3AA9-9923-44FC-8066-46BD5C5776C3}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |

"{1547CB08-1C0B-4394-80BF-4E9BB6A66D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{1AF6842B-AA65-4108-8A91-51C5BC41029A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{1F88CC3A-B6A2-4D1A-9BC1-3313753BE6CA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{203ABD54-0EE7-4A99-BC09-00ED09C38A7A}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |

"{2E538BF8-4A25-4A94-AF7D-27EB91932A6E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{3BE9F355-34C6-4344-92F2-0E4412020D00}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |

"{433E7AB9-8AA7-4FFD-A7CE-E33B35FB8B7E}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |

"{43555630-38CF-4C40-BEC1-969CCF58586F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4671DC02-586B-47A4-AEED-47C8814A0693}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{4DAC22FB-2AEB-4F50-9586-8C5DCDEC1435}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{617148FD-264D-435F-BDCD-775AF215F588}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{6BB03C59-311E-4224-924C-83C70E1F5111}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{74981DB2-727A-40E9-AF90-5AB83FF985D8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{799D2CA5-7191-41D7-B1DF-1CC8E7740407}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |

"{7FD69CA6-4515-4361-8B94-18FE600F01E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{84BCE7F7-0481-4EE6-B19E-EEFF7FA39631}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{87F6F550-1CA7-479D-9BA8-22323364CA08}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |

"{8E893C22-F660-4440-BD90-C0816163AAE0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{99E02901-6E39-420B-BA6F-DA05285ABF34}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9B7A4CFC-FB84-4027-AF95-9F3954657E60}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{9C3310EB-8C0B-4A96-A73C-FD0EC5BEB425}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{9C67B8D4-8E91-4C63-8FCA-0A016D21D7B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{9C6B7D58-F5AE-4A05-BC41-345BA2BCEA70}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{A24B0BD9-84AD-4054-851E-96FA7530D962}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A823C7B4-7944-4F34-8055-53D84AD1F038}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{B0B1E39E-563D-46DF-9DC9-F979C9D57389}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B8D92A10-BD0E-4647-B1BC-2C0C8902E729}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BAEF1023-2B28-4908-99F9-894F763C3A76}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BC3E0244-B8DD-4E97-B0FB-B396B2F51340}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C402B98C-EB68-4AB6-BFF7-45CCCD8A629F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{C61CC55D-50F0-439C-B70F-88C71F5A01D5}" = protocol=6 | dir=out | app=system |

"{C6CAB99D-E63B-4F22-B444-73580A97434C}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{C993A253-6D6A-46AF-9B7C-E85A93D23D63}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{F5062A93-0CA7-4D74-9978-2B3DC5712CCE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"TCP Query User{BEA03CA9-EB47-4926-8413-AB88A1E800CE}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"TCP Query User{C64FC994-12BE-41FD-AE86-B1713A64A180}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{E1EE0151-7A85-47F1-8A31-E2738489B36C}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"UDP Query User{34AE026D-C60E-4120-8585-F2103FFFC6B1}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"UDP Query User{75D1BFCC-FA6C-4293-A739-20E26382885A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{9D61B6BC-3E3F-44F9-895C-9ABE168DDB73}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 20

"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)

"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup

"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)

"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard

"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)

"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)

"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)

"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10

"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver

"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies

"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1

"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10

"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)

"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic

"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AVG9Uninstall" = AVG Free 9.0

"CCleaner" = CCleaner

"HDMI" = Intel® Graphics Media Accelerator Driver

"HitmanPro36" = HitmanPro 3.6

"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)

"MyFreeCodec" = MyFreeCodec

"PROR" = Microsoft Office Professional 2007 Trial

"Rapport_msi" = Rapport

"RealPlayer 6.0" = RealPlayer

"SABnzbd" = SABnzbd 0.6.15

"uTorrent" = µTorrent

"VLC media player" = VLC media player 0.9.9

"Windows Searchqu Toolbar" = Windows iLivid Toolbar

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"MyFreeCodec" = MyFreeCodec

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 29/04/2012 08:15:28 | Computer Name = Stef-PC | Source = System Restore | ID = 8193

Description =

Error - 29/04/2012 08:19:14 | Computer Name = Stef-PC | Source = EventSystem | ID = 4609

Description =

Error - 29/04/2012 08:20:15 | Computer Name = Stef-PC | Source = WinMgmt | ID = 10

Description =

Error - 29/04/2012 08:44:31 | Computer Name = Stef-PC | Source = Windows Search Service | ID = 9000

Description =

Error - 29/04/2012 08:44:32 | Computer Name = Stef-PC | Source = Windows Search Service | ID = 9002

Description =

Error - 29/04/2012 08:44:32 | Computer Name = Stef-PC | Source = Windows Search Service | ID = 3029

Description =

Error - 29/04/2012 08:44:34 | Computer Name = Stef-PC | Source = Windows Search Service | ID = 3029

Description =

Error - 29/04/2012 08:44:34 | Computer Name = Stef-PC | Source = Windows Search Service | ID = 3028

Description =

Error - 29/04/2012 08:44:34 | Computer Name = Stef-PC | Source = Windows Search Service | ID = 3058

Description =

Error - 29/04/2012 08:45:37 | Computer Name = Stef-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 29/04/2012 08:20:15 | Computer Name = Stef-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 29/04/2012 08:20:15 | Computer Name = Stef-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 29/04/2012 08:44:14 | Computer Name = Stef-PC | Source = HTTP | ID = 15016

Description =

Error - 29/04/2012 08:45:37 | Computer Name = Stef-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 29/04/2012 08:45:37 | Computer Name = Stef-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 29/04/2012 08:45:37 | Computer Name = Stef-PC | Source = Service Control Manager | ID = 7024

Description =

Error - 29/04/2012 08:45:46 | Computer Name = Stef-PC | Source = Service Control Manager | ID = 7031

Description =

Error - 29/04/2012 08:45:46 | Computer Name = Stef-PC | Source = DCOM | ID = 10005

Description =

Error - 29/04/2012 08:45:46 | Computer Name = Stef-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 29/04/2012 08:45:47 | Computer Name = Stef-PC | Source = Service Control Manager | ID = 7000

Description =

< End of report >

I've only been using Firefox, I'll see if IE is affected though.

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-28 18:15:47&v=9.0.0.18&sap=dsp&q={searchTerms}
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    [2011/12/28 23:08:54 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Stef\AppData\Roaming\Mozilla\Firefox\Profiles\n6ejveom.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

    :Commands
    [EMPTYJAVA]
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Reboot and let me know, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.