searchnu.com/406 Issue!

straddlester · May 25, 2012

Hi..

I've experienced a similar problem to many with this rather annoying SEARCHNU.com/406 issue. I've done a fair amount of reading but can't seem to get rid of it on my own, and was hoping someone may be able to help me.

I've downloaded OTL as suggested and will paste my results below. Any help is appreciated

OTL:

OTL logfile created on: 25/05/2012 16:52:34 - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Ricky\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 37.82% Memory free

3.86 Gb Paging File | 2.33 Gb Available in Paging File | 60.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.99 Gb Total Space | 260.26 Gb Free Space | 91.32% Space Free | Partition Type: NTFS

Computer Name: RICK-COMP | User Name: Ricky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/25 16:51:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ricky\Downloads\OTL.com

PRC - [2012/05/24 21:59:13 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/23 02:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll

MOD - [2012/05/23 02:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

MOD - [2012/05/23 02:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll

MOD - [2012/05/23 02:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll

MOD - [2012/05/23 02:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll

MOD - [2012/05/23 02:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll

MOD - [2012/05/23 02:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/05/12 09:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/05/12 09:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/03/03 12:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/12/04 11:17:30 | 007,749,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/11/05 15:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-563841743-4287429772-2236192623-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com

IE - HKU\S-1-5-21-563841743-4287429772-2236192623-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com

IE - HKU\S-1-5-21-563841743-4287429772-2236192623-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-563841743-4287429772-2236192623-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ricky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ricky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/05/24 21:59:18 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Ricky\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll

CHR - Extension: Angry Birds = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\

CHR - Extension: GWF Abstract = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcdkbbekfdnikmpmidoficiefilgbbep\1_0\

CHR - Extension: YouTube = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Search Box = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni\1.0_0\

CHR - Extension: Gmail = C:\Users\Ricky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{672A5F0A-B947-439B-823E-61F3B9CC99FF}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/25 16:34:43 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Malwarebytes

[2012/05/25 16:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/25 16:34:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/05/25 16:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/05/25 16:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/25 16:31:19 | 000,000,000 | ---D | C] -- C:\Users\Ricky\Tracing

[2012/05/25 16:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FMRTE

[2012/05/25 16:12:58 | 000,000,000 | ---D | C] -- C:\BraCa Soft

[2012/05/25 16:07:38 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\TP

[2012/05/25 16:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2012/05/25 15:57:26 | 000,000,000 | ---D | C] -- C:\Windows\OEMTemp

[2012/05/25 06:25:57 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log

[2012/05/25 03:30:41 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/05/25 03:30:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live

[2012/05/25 03:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2012/05/25 03:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live

[2012/05/25 03:29:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH

[2012/05/25 03:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/05/25 03:25:38 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\Windows Live

[2012/05/25 03:25:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live

[2012/05/25 03:25:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office

[2012/05/25 03:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft

[2012/05/25 03:22:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bing Bar Installer

[2012/05/24 22:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/05/24 22:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/05/24 22:06:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/05/24 22:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/05/24 21:59:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared

[2012/05/24 21:59:14 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012/05/24 21:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

[2012/05/24 21:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Real

[2012/05/24 21:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real

[2012/05/24 21:59:10 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Real

[2012/05/24 21:56:52 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Macromedia

[2012/05/24 21:56:27 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/05/24 21:56:11 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Adobe

[2012/05/24 21:56:09 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\Google

[2012/05/24 21:56:02 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\Deployment

[2012/05/24 21:56:02 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\Apps

[2012/05/24 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\OEM

[2012/05/24 21:54:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMachines Documentation

[2012/05/24 21:54:55 | 000,000,000 | ---D | C] -- C:\book

[2012/05/24 21:54:47 | 000,000,000 | R--D | C] -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/05/24 21:54:47 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Searches

[2012/05/24 21:54:47 | 000,000,000 | R--D | C] -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/05/24 21:54:47 | 000,000,000 | -H-D | C] -- C:\Users\Ricky\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2012/05/24 21:54:39 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Identities

[2012/05/24 21:54:38 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Contacts

[2012/05/24 21:54:37 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\VirtualStore

[2012/05/24 21:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\eMachines Accessory Store

[2012/05/24 21:52:21 | 000,000,000 | --SD | C] -- C:\Users\Ricky\AppData\Roaming\Microsoft

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Videos

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Saved Games

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Pictures

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Music

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Links

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Favorites

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Downloads

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Documents

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\Desktop

[2012/05/24 21:52:21 | 000,000,000 | R--D | C] -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\AppData\Local\Temporary Internet Files

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\Templates

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\Start Menu

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\SendTo

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\Recent

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\PrintHood

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\NetHood

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\Documents\My Videos

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\Documents\My Pictures

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\Documents\My Music

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\My Documents

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\Local Settings

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\AppData\Local\History

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\Cookies

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\Application Data

[2012/05/24 21:52:21 | 000,000,000 | -HSD | C] -- C:\Users\Ricky\AppData\Local\Application Data

[2012/05/24 21:52:21 | 000,000,000 | -H-D | C] -- C:\Users\Ricky\AppData

[2012/05/24 21:52:21 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\Temp

[2012/05/24 21:52:21 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Local\Microsoft

[2012/05/24 21:52:21 | 000,000,000 | ---D | C] -- C:\Users\Ricky\AppData\Roaming\Media Center Programs

[2012/05/24 21:52:04 | 000,000,000 | -HSD | C] -- C:\Recovery

[2012/05/24 21:47:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012/05/24 21:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012/05/24 21:46:57 | 002,714,112 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2012/05/24 21:46:57 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/05/24 21:46:57 | 000,363,008 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/05/24 21:46:57 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2012/05/24 21:46:57 | 000,198,656 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/05/24 21:46:57 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2012/05/24 21:46:57 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/05/24 21:46:57 | 000,095,744 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/05/24 21:46:57 | 000,073,216 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/05/24 21:46:56 | 002,191,872 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2012/05/24 21:46:56 | 000,321,536 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012/05/24 21:46:56 | 000,320,512 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2012/05/24 21:46:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/05/24 21:46:56 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/05/24 21:46:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2012/05/24 21:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2012/05/24 21:44:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2012/05/24 21:43:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

[2012/05/24 21:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel

[2012/05/24 21:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel

[2012/05/24 21:42:12 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2012/05/25 16:34:36 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/25 16:32:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/25 16:32:09 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/25 16:29:00 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/25 16:29:00 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/25 16:29:00 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/25 16:24:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/25 16:24:30 | 1553,289,216 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/25 16:13:03 | 000,000,765 | ---- | M] () -- C:\Users\Public\Desktop\miniFMRTE.lnk

[2012/05/25 16:13:03 | 000,000,741 | ---- | M] () -- C:\Users\Public\Desktop\FMRTE v5.lnk

[2012/05/25 16:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-563841743-4287429772-2236192623-1001UA.job

[2012/05/25 06:25:56 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag

[2012/05/24 22:01:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-563841743-4287429772-2236192623-1001Core.job

[2012/05/24 21:59:14 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012/05/24 21:55:40 | 000,001,446 | ---- | M] () -- C:\Users\Ricky\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/05/24 21:52:39 | 000,015,396 | ---- | M] () -- C:\Windows\SysNative\results.xml

[2012/05/24 21:51:34 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2012/05/24 21:51:34 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2012/05/24 21:49:35 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/05/24 21:48:37 | 000,000,003 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd

========== Files Created - No Company Name ==========

[2012/05/25 16:34:36 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/25 16:13:03 | 000,000,765 | ---- | C] () -- C:\Users\Public\Desktop\miniFMRTE.lnk

[2012/05/25 16:13:03 | 000,000,741 | ---- | C] () -- C:\Users\Public\Desktop\FMRTE v5.lnk

[2012/05/25 06:26:56 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag

[2012/05/25 03:30:24 | 000,001,314 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk

[2012/05/25 03:30:18 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk

[2012/05/25 03:30:11 | 000,001,467 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk

[2012/05/25 03:30:05 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk

[2012/05/25 03:25:02 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk

[2012/05/24 21:56:09 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-563841743-4287429772-2236192623-1001UA.job

[2012/05/24 21:56:09 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-563841743-4287429772-2236192623-1001Core.job

[2012/05/24 21:55:40 | 000,001,446 | ---- | C] () -- C:\Users\Ricky\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/05/24 21:54:51 | 000,001,418 | ---- | C] () -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012/05/24 21:54:48 | 000,001,452 | ---- | C] () -- C:\Users\Ricky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/05/24 21:52:39 | 000,015,396 | ---- | C] () -- C:\Windows\SysNative\results.xml

[2012/05/24 21:52:21 | 000,000,290 | ---- | C] () -- C:\Users\Ricky\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/05/24 21:52:21 | 000,000,272 | ---- | C] () -- C:\Users\Ricky\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/05/24 21:48:37 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\PLD_Framework.cmd

[2012/05/24 21:42:12 | 1553,289,216 | -HS- | C] () -- C:\hiberfil.sys

[2010/09/14 06:25:36 | 000,874,032 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010/09/14 06:25:36 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/09/14 06:25:36 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/09/14 06:25:36 | 000,049,712 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2010/09/14 06:25:34 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

========== LOP Check ==========

[2012/05/24 21:54:57 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\OEM

[2012/05/25 16:08:03 | 000,000,000 | ---D | M] -- C:\Users\Ricky\AppData\Roaming\TP

[2009/07/14 06:08:49 | 000,004,102 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Extras:

OTL Extras logfile created on: 25/05/2012 16:52:34 - Run 1

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Ricky\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 37.82% Memory free

3.86 Gb Paging File | 2.33 Gb Available in Paging File | 60.36% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.99 Gb Total Space | 260.26 Gb Free Space | 91.32% Space Free | Partition Type: NTFS

Computer Name: RICK-COMP | User Name: Ricky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{052C28B1-C85B-489C-89E8-5126ED1A69D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{0B29B10A-6237-4857-9A79-FCF71D85722C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{0EAE4B32-E6F7-4271-9CD0-023AE09C6657}" = rport=139 | protocol=6 | dir=out | app=system |

"{112FEE33-499D-4885-B55C-64F86C814BB6}" = lport=445 | protocol=6 | dir=in | app=system |

"{183655A8-FB57-4F8E-873B-E627BB990408}" = lport=139 | protocol=6 | dir=in | app=system |

"{2E85921F-D038-4235-934A-4BF2707463CA}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3211E4D7-F92C-4DB2-8B76-AAB5B2B0D66B}" = rport=137 | protocol=17 | dir=out | app=system |

"{3D2FBCF9-9EF3-4D44-B62A-12E6A7910D98}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3D74CD06-41C6-4B77-9983-FE54B0BFD136}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{4C7D5F6C-12F3-404B-8113-C266207826BB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4D86A4A7-601D-40AB-86B1-AAD24C68870D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5A3505D9-039B-423B-A5D3-00774B16BA61}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8831BA83-4D1E-4E3F-8D4A-83E0449E6E96}" = lport=138 | protocol=17 | dir=in | app=system |

"{8E1C2F90-3C2F-49DE-B1AC-F6A6309B9C42}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{92BFC1A1-70AB-4F6C-9D9E-1D7448E46EE3}" = rport=138 | protocol=17 | dir=out | app=system |

"{A1498D2B-6955-45B4-B16D-569DA43BC8B0}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C79AF0AA-4AD7-4CF7-8DCE-58D27A7066CE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CDD87980-D2AC-4C41-A3A8-27F425C194A7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{D729CF78-0A1F-41B9-8174-18C467D458C9}" = lport=137 | protocol=17 | dir=in | app=system |

"{DA6A7466-E811-4823-8650-218A0BA09BA0}" = rport=445 | protocol=6 | dir=out | app=system |

"{E667F269-A47B-4E48-8268-5B8B91FC3915}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{E6BB1B7B-5CC4-4EB0-ADBF-40FE90069D87}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F222BC18-E9CD-4137-950F-33586FC2FFFE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{10B1B9CB-BF22-4F72-8FE3-17BA681C148B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{22948443-F13C-4BE4-91F0-F8C692BFBBBC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{2DF8E36F-D137-4D83-96CE-B238A5C1A14E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{30E91369-DFD6-4BAE-A196-76FF6897B312}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4AEDF1C5-FA9D-4E80-8788-770BC3DA673F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4F0B9CF2-60CE-4A6B-996C-85F89073ECA7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{51A9BE8B-1D63-4370-BDD2-079A8A0BDD9D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6D823F75-FF9E-4989-B628-73C8FA494EE5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7087FF12-960C-4435-96AC-5507D9E142D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{72CFEB15-2037-4C36-AB6A-4AC16E3D58AE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{89AB8F1E-E48A-44FE-B12C-2D5191588F3B}" = protocol=6 | dir=out | app=system |

"{988185BD-69B2-48A0-839E-B691DD44DFC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A20D1EC6-E850-4F26-A253-A4182F4E1D7F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{A6F563B7-4A6E-43FF-8551-9B29D3FC1F7B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{ABF5681B-0B84-4429-BB7D-B33264515021}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B0B538F9-6F4C-4CD6-B989-49F059D5DF0B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B0D3D4F8-B5A7-4618-A9F0-3ADF1F148E12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{C18BE418-334A-4F22-B3FB-B440F770DC8A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C5FFE4AC-294C-4441-BE53-9D5D6E8C5355}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{E93C77E5-18C0-4908-A513-9D124BDE9D0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EDF0E355-737A-45F4-8910-7CB2364E51CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{FE5EDD9E-B262-46A3-865F-72FB1BACE26E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1" = FMRTE 5.2.4

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"eMachines Screensaver" = eMachines ScreenSaver

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"RealPlayer 15.0" = RealPlayer

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-563841743-4287429772-2236192623-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 24/05/2012 17:29:35 | Computer Name = RICK-COMP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 24/05/2012 19:30:05 | Computer Name = RICK-COMP | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 25/05/2012 11:32:01 | Computer Name = RICK-COMP | Source = .NET Runtime | ID = 1026

Description =

Error - 25/05/2012 11:32:03 | Computer Name = RICK-COMP | Source = Application Error | ID = 1000

Description = Faulting application name: FMRTE.exe, version: 5.2.4.4813, time stamp:

0x4f9b58c1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.16385, time stamp:

0x4a5bdbdf Exception code: 0xe0434352 Fault offset: 0x0000b727 Faulting process id:

0xa54 Faulting application start time: 0x01cd3a8b81f0beaf Faulting application path:

C:\BraCa Soft\FMRTE v5\FMRTE.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll

Report

Id: c6b49dd8-a67e-11e1-8bf4-1078d291f7ed

[ System Events ]

Error - 24/05/2012 16:43:19 | Computer Name = WIN-SPM6NH2APAV | Source = Microsoft-Windows-Application-Experience | ID = 205

Description = The Program Compatibility Assistant service failed to perform the

phase two initialization.

Error - 24/05/2012 16:45:50 | Computer Name = WIN-SPM6NH2APAV | Source = Service Control Manager | ID = 7023

Description = The Windows Time service terminated with the following error: %%2

Error - 24/05/2012 16:46:59 | Computer Name = WIN-SPM6NH2APAV | Source = DCOM | ID = 10010

Description =

< End of report >

If someone could help me with this i'd really appreciate it.

Thanks

MrCharlie · May 25, 2012

Welcome to the forum.

Following this guide usually works:

http://deletemalware.blogspot.ca/2012/04/remove-searchnu-uninstall-guide.html

Don't download any of the scanners they recommend!

When done, reboot and run a OTL scan.

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

Please let me know, MrC

straddlester · May 25, 2012

Thanks i've done that this is what is left.

OTR:

OTL logfile created on: 25/05/2012 18:06:16 - Run 2

OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Ricky\Downloads

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 46.98% Memory free

3.86 Gb Paging File | 2.54 Gb Available in Paging File | 65.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 284.99 Gb Total Space | 259.76 Gb Free Space | 91.15% Space Free | Partition Type: NTFS

Computer Name: RICK-COMP | User Name: Ricky | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/25 16:51:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Ricky\Downloads\OTL.com

PRC - [2012/05/24 21:59:13 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/23 02:56:50 | 000,441,880 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppgooglenaclpluginchrome.dll

MOD - [2012/05/23 02:56:49 | 003,922,456 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll

MOD - [2012/05/23 02:55:35 | 000,553,496 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\libglesv2.dll

MOD - [2012/05/23 02:55:33 | 000,117,784 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\libegl.dll

MOD - [2012/05/23 02:55:24 | 000,134,696 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\avutil-51.dll

MOD - [2012/05/23 02:55:23 | 000,250,408 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\avformat-54.dll

MOD - [2012/05/23 02:55:21 | 002,375,720 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\avcodec-54.dll

MOD - [2012/05/23 02:06:23 | 008,743,584 | ---- | M] () -- C:\Users\Ricky\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)