searchnu.com/406 issues

[jaguarcat]

Hi this has taken over my browser and I cannot remove it with the removal programs I have tried.I am a little new to this and do not want to get out of my depth but have followed a previous thread about the same problem and have attached the OCL, and would really appreciate your help.

thanks

OTL logfile created on: 5/30/2012 4:26:43 PM - Run 1

OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\`\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 51.00% Memory free

5.73 Gb Paging File | 4.00 Gb Available in Paging File | 69.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 424.66 Gb Total Space | 380.04 Gb Free Space | 89.49% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 19.72 Gb Free Space | 49.31% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: ` | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/30 16:25:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\`\Desktop\OTL.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/12 21:35:13 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe

PRC - [2012/03/12 21:35:10 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

PRC - [2012/02/20 11:18:28 | 000,425,240 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.364.0\BingBar.exe

PRC - [2012/02/20 11:18:28 | 000,268,056 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.364.0\BingApp.exe

PRC - [2012/02/20 11:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.EXE

PRC - [2012/02/20 11:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.364.0\BBSvc.EXE

PRC - [2012/02/20 11:18:28 | 000,142,104 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.364.0\bingsurrogate.exe

PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2011/11/07 18:45:30 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11c_ActiveX.exe

PRC - [2011/11/06 16:26:22 | 000,347,008 | ---- | M] (EasyBits Software AS) -- C:\ProgramData\GameXN\GameXNGO.exe

PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2011/07/16 05:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe

PRC - [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2010/04/23 15:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/01/13 18:18:30 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WButton.exe

PRC - [2009/12/14 19:25:00 | 000,200,704 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe

PRC - [2009/12/11 23:18:16 | 000,348,960 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\OSD.exe

PRC - [2009/12/10 07:48:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/12/10 07:48:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe

PRC - [2009/07/14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/12 21:35:10 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe

MOD - [2012/03/12 21:35:09 | 001,869,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll

MOD - [2012/02/27 09:42:48 | 000,088,976 | ---- | M] () -- C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll

MOD - [2012/01/31 17:16:08 | 001,042,432 | ---- | M] () -- C:\Users\`\AppData\Local\Microsoft\BingBar\Apps\Translator_f5cbd3ef4c144434b17913278004e270\7.1.364\Blingext.dll

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/04/21 02:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/12 21:35:13 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)

SRV - [2012/02/20 11:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.364.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/20 11:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.364.0\BBSvc.EXE -- (BBSvc)

SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/11/10 14:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/10/09 08:29:41 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/09/22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/12/10 07:48:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2009/12/10 07:48:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/10/23 01:05:40 | 000,118,560 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/07/14 02:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)

SRV - [2009/07/14 02:15:38 | 000,067,584 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/10 22:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/05/27 19:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)

DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/05/24 14:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2010/03/04 16:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2010/03/02 12:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2010/02/27 04:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/02/03 18:06:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV - [2009/09/18 03:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®

DRV - [2009/07/14 02:20:28 | 000,022,096 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)

DRV - [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)

DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/07/14 00:14:09 | 000,246,784 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)

DRV - [2009/07/14 00:11:15 | 000,070,656 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=283&systemid=406&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com

IE - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]

IE - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://medion.msn.com/

IE - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found

IE - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}

IE - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={6DE4FE97-9492-4845-B30F-CC8D729C4DB9}&mid=1c8029e732c947d68f8bd16f6b5a4066-ae768f5ddcd666ef585b031553d2e084b037392b〈=us&ds=AVG&pr=fr&d=2011-12-08 10:43:17&v=9.0.0.18&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\..\SearchScopes\{C7267A3A-CA22-4CBB-98AD-6F124182E666}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2012/02/02 18:58:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/02/02 18:58:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 21:36:59 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/24 19:30:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/05/26 21:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\`\AppData\Roaming\Mozilla\Extensions

[2012/05/24 19:30:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/04/21 02:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.52\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\`\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: AVG Internet Security (Enabled) = C:\Users\`\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Users\`\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\`\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AVG Safe Search = C:\Users\`\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\

CHR - Extension: Gmail = C:\Users\`\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [bCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" File not found

O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)

O4 - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000..\Run: [GameXN] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)

O4 - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000..\Run: [GameXN (news)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)

O4 - HKU\S-1-5-21-1214709837-2587368711-1749435114-1000..\Run: [GameXN (update)] C:\ProgramData\GameXN\GameXNGO.exe (EasyBits Software AS)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 File not found

O9 - Extra 'Tools' menuitem : eBay.co.uk - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4 File not found

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7A07D9DF-1A6D-4115-9761-FF4022981585}: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/30 16:25:05 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\`\Desktop\OTL.exe

[2012/05/30 16:20:50 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{C38D5556-C37C-4596-8313-EF92A1E68F85}

[2012/05/30 16:20:39 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{5D4D643D-E3D1-43C9-A91D-470E14968110}

[2012/05/30 14:16:49 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{B2CC7082-6978-430D-8325-A43CFA070DC4}

[2012/05/29 20:47:36 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{0190850D-3A20-4F66-B250-897A69487678}

[2012/05/29 17:19:16 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{8CF06F23-5D80-4CFF-AA05-0F5BFB7F35C6}

[2012/05/29 15:53:11 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{4F2616AD-EAAB-4978-8538-912907B67E39}

[2012/05/29 15:53:00 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{621DC250-E2E7-4706-8A43-23CF593C09AF}

[2012/05/29 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Roaming\SpeedyPC Software

[2012/05/29 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Roaming\DriverCure

[2012/05/29 15:30:20 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software

[2012/05/29 14:13:47 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{28C808EE-EBD2-4581-A6E8-ACC4F89FDB9A}

[2012/05/29 14:13:33 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{CEB36E32-4113-4E74-A5B5-D322C11C7F60}

[2012/05/29 11:08:00 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{1C7DAF68-1F67-4164-8C8B-579626B06E1A}

[2012/05/28 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{C92A564A-8AD9-44A8-8229-18216F59B117}

[2012/05/28 10:42:55 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{DC6DFB50-8E2E-4DBE-9203-0FE76654BAA4}

[2012/05/26 21:15:56 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{C8AAC0E9-A814-4FFE-8780-B06AEB46368E}

[2012/05/26 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Roaming\Mozilla

[2012/05/26 21:15:53 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\Mozilla

[2012/05/25 10:05:07 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{0CB0E548-8281-4F1A-B633-EB92AC724042}

[2012/05/24 19:47:45 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{6C070856-3B39-4397-835A-4252E1287B39}

[2012/05/24 19:47:30 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{3A048FAA-88DA-4FC3-9790-87AB7C9CE43C}

[2012/05/24 19:30:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012/05/24 19:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/05/24 19:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012/05/24 19:21:26 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{D0636816-6E38-422C-8F23-725F79618619}

[2012/05/24 19:21:11 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{CA3957B2-ED58-4FFD-9896-315DE55B7AA3}

[2012/05/24 10:54:08 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{815E4877-7A2C-43B7-A982-EEF26C976C32}

[2012/05/23 20:38:22 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{BCEDF715-68D0-4A0F-A76B-C9574E75F7C6}

[2012/05/23 13:50:19 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{0AA7287C-F7E6-4543-87F0-CA5C7AC1AB88}

[2012/05/23 13:50:09 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{E16714E1-1AFF-4053-8DF3-FEA74173C8B9}

[2012/05/23 13:08:07 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{1908AFCA-3729-4F2B-B018-A76995DD2253}

[2012/05/23 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{B8D527E3-F1CE-4288-BE81-48561FB1551F}

[2012/05/23 11:11:16 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Roaming\Malwarebytes

[2012/05/23 11:10:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/23 11:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/23 11:10:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/05/23 11:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/05/23 10:51:16 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{5F97FD45-3C3B-40A8-9B5C-1B01E6D5A8CC}

[2012/05/22 11:07:00 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{DBB59377-0524-4E56-8624-49249CBF1A5B}

[2012/05/21 20:52:34 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{8B8877A5-298E-45D1-BF86-86CD15FECC3E}

[2012/05/21 20:52:23 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{4EB45123-0E6B-4083-B94F-532528D1A1E8}

[2012/05/20 20:07:28 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{92948962-E7DA-48CA-BECE-01E8ADCFD0B2}

[2012/05/20 20:07:08 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{5CFCAEEE-CD5C-4500-8ACF-FE8B3936078B}

[2012/05/18 20:17:30 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{61A99AE0-9C06-459D-8063-BB2031692D4D}

[2012/05/18 20:17:16 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{E9915F11-E0B3-484E-B944-3E218246E4C3}

[2012/05/17 22:20:30 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{B6B00861-CC2B-4D31-84B1-92A64BD69012}

[2012/05/17 22:20:19 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{6839D62B-39BA-46BA-B49E-FB4B3E3017C3}

[2012/05/17 22:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/05/16 21:44:23 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\Ilivid Player

[2012/05/16 21:35:28 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar

[2012/05/16 21:28:26 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{7EB728AC-87FF-4E72-8057-E3543DD9E0AA}

[2012/05/16 21:28:11 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{33D633C0-ED41-4F83-809F-9AD95F58CFE7}

[2012/05/15 18:56:35 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{BCCCC017-C7CB-41B9-B976-E47DCF68066D}

[2012/05/15 18:56:23 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{561CCA6A-88E1-4810-A41A-DEDA7D1E804F}

[2012/05/15 10:33:51 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{37A8D251-F05B-4F98-B12F-18185BB1221B}

[2012/05/15 10:33:37 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{0C74F3E2-19C4-41A0-BD67-BB9913CE72B5}

[2012/05/13 20:48:35 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{85EB28C3-796C-4A6C-99F8-34A7446444D3}

[2012/05/13 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{8111A822-4667-45AB-8E9A-965BAB1F0DE7}

[2012/05/13 18:20:11 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{DA7BDF91-5D91-4363-A800-16805C303B76}

[2012/05/13 18:19:55 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{AC1F4832-EB37-4C72-BF90-F715DAB2B2D5}

[2012/05/13 17:58:08 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{F28EFE93-1808-4B64-A2FE-1F5EAB19DCE3}

[2012/05/13 17:57:55 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{20044786-79CF-4BF9-A2D1-087F4AC63183}

[2012/05/12 20:37:40 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{DCB7FA8B-1406-4D5E-A5F8-1331713C655A}

[2012/05/12 20:37:25 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{9E34356E-93FB-4FF3-9154-C8BF8EB0D0AF}

[2012/05/10 20:59:53 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{2C4BBDEE-5259-4776-9FB7-8092698CDD0F}

[2012/05/10 20:59:41 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{8A2E2BDA-3C09-453A-ABE8-BF99081EE99D}

[2012/05/07 18:26:13 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{695800A0-AABD-4F3B-A2FC-CF3C02FCBC5E}

[2012/05/07 18:25:59 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{BEAFFE5C-D3E4-43CD-9D63-608358CF053D}

[2012/05/05 15:29:21 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{7D827AD8-4F81-40AC-9600-F5FFF3E81BF4}

[2012/05/05 15:29:08 | 000,000,000 | ---D | C] -- C:\Users\`\AppData\Local\{A1FE2D40-D3D3-459B-9AAD-FA9C94BCF978}

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/30 16:27:01 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/30 16:27:01 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/30 16:25:11 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\`\Desktop\OTL.exe

[2012/05/30 16:24:48 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/05/30 16:24:48 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/05/30 16:18:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/30 16:18:37 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/30 14:22:29 | 099,492,269 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2012/05/29 15:31:38 | 000,002,679 | ---- | M] () -- C:\Users\Public\Desktop\eBay.co.uk.lnk

[2012/05/24 19:30:40 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/05/23 11:10:55 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/05/13 18:18:23 | 000,424,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/24 19:30:40 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/05/24 19:30:40 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/05/23 11:10:55 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/01/26 13:20:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/06/29 00:38:29 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

[2010/06/29 00:28:10 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2010/06/28 14:06:08 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/06/28 14:06:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2010/06/28 14:06:07 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2010/06/28 14:06:07 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2010/06/28 14:06:07 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2010/06/28 14:06:06 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2010/06/28 14:06:06 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

========== LOP Check ==========

[2010/12/08 20:18:16 | 000,000,000 | ---D | M] -- C:\Users\`\AppData\Roaming\Ashampoo

[2010/11/30 20:49:40 | 000,000,000 | ---D | M] -- C:\Users\`\AppData\Roaming\AVG10

[2010/10/03 18:16:56 | 000,000,000 | ---D | M] -- C:\Users\`\AppData\Roaming\BullGuard

[2012/05/29 15:30:30 | 000,000,000 | ---D | M] -- C:\Users\`\AppData\Roaming\DriverCure

[2012/05/30 16:20:34 | 000,000,000 | ---D | M] -- C:\Users\`\AppData\Roaming\go

[2012/03/16 22:25:22 | 000,000,000 | ---D | M] -- C:\Users\`\AppData\Roaming\SoftGrid Client

[2012/05/29 15:30:30 | 000,000,000 | ---D | M] -- C:\Users\`\AppData\Roaming\SpeedyPC Software

[2010/10/10 20:03:02 | 000,000,000 | ---D | M] -- C:\Users\`\AppData\Roaming\TP

[2011/03/20 20:20:47 | 000,000,000 | ---D | M] -- C:\Users\`\AppData\Roaming\Windows Live Writer

[2012/02/21 19:12:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 5/30/2012 4:26:43 PM - Run 1

OTL by OldTimer - Version 3.2.44.0 Folder = C:\Users\`\Desktop

Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 51.00% Memory free

5.73 Gb Paging File | 4.00 Gb Available in Paging File | 69.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 424.66 Gb Total Space | 380.04 Gb Free Space | 89.49% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 19.72 Gb Free Space | 49.31% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: ` | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1214709837-2587368711-1749435114-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- Reg Error: Key error.

https [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09AD4B41-E3CD-489C-B9EC-30F4D4EEEA72}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0AB0185C-BEAC-489B-83F4-8FCD043335CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{14A3E45B-789A-4C75-B8D0-788C2EC860F5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2C6FFC90-BCCE-4A80-B8EB-2F0451FCDBBD}" = lport=10243 | protocol=6 | dir=in | app=system |

"{30A12E18-6670-4A50-88E8-0E033C6EB4F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3BCDA23C-3483-4469-A990-070493C504C0}" = rport=137 | protocol=17 | dir=out | app=system |

"{42F49E8B-E8DD-4E84-B59D-0F162269EEEE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{437CADC6-76AD-4463-AC75-DD828D91ACD9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{479C170E-917C-4EC8-BF9F-14E7DCF4F946}" = lport=2869 | protocol=6 | dir=in | app=system |

"{5FF1473D-9DC0-40DB-B317-0171FBFBBF32}" = lport=137 | protocol=17 | dir=in | app=system |

"{6DB83D58-5C39-4EA6-B852-E2E70A03C896}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{72CBEEF5-9D76-41D6-B942-B34A0A30D2A9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{81722DB5-DF24-4FC5-995E-30E71DFBD5A1}" = rport=139 | protocol=6 | dir=out | app=system |

"{833A8DE9-2BE5-418E-BA24-E55C4CE5E44A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{8A858559-3514-4E30-8A53-4E5097C45F43}" = rport=445 | protocol=6 | dir=out | app=system |

"{BBBF6736-0419-4709-8D59-7EB16D6C5B47}" = lport=139 | protocol=6 | dir=in | app=system |

"{C14E391E-9197-4A7F-8DDA-092ADFBE558B}" = rport=138 | protocol=17 | dir=out | app=system |

"{C4CF2C01-21A4-49ED-90F6-36D41F3808B2}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C72CDB13-3C2C-41EB-B64F-267AD5B2EC51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D0E9C690-1E30-4481-95BB-DDFA692F7A33}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{D35E837B-8C6E-4974-A606-9BD7A3B1FA6B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D3E36728-8323-4E21-A066-CD72A2B3DA13}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D4CBE133-1941-402F-A90A-61320B29399B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{D736231E-F425-4852-9BE4-AACB3DF44BB5}" = lport=138 | protocol=17 | dir=in | app=system |

"{E34ADA9A-433A-4D5A-826D-EAD65136D651}" = lport=445 | protocol=6 | dir=in | app=system |

"{F0B3F247-1C0E-4D9B-964B-A5DECAF39C11}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{012A609E-3C4A-4468-B5F0-EB35D4445C55}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{01C8C75D-54CC-47C4-8FF3-EA0DD7E86BC2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{0442CF97-5402-40CE-8DB1-1A7889164DB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{048B7B05-95CA-4660-87C1-C783F12F8400}" = protocol=6 | dir=out | app=system |

"{0AD1080C-000D-4044-8E78-97638F16359E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{0B794838-A347-4E6C-AA53-072C9D738EE3}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |

"{0E76DAF7-687D-4F9F-9AF9-0DE2147095CF}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{1B5D7FFE-5EA9-4317-BAD3-02F51FC97235}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{225881AE-B72B-4A69-860F-35A8BE3C51C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{237B9F62-63B3-4825-915D-3EC9F3471B2B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{2497E865-51B0-4162-AE09-771950110E0A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{27513528-06FE-49C6-9406-DA5DA2DC7F84}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

"{28217631-8082-43E8-9373-748066CAB4B1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{2AA83B81-FB50-4FA7-AF61-C891B02433A1}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{2D9E3806-DD0B-4EA6-A530-BE54683BF4EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{41AC2B18-C716-402D-A8A9-7D8F4C11F674}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{47B722DF-FABB-415B-8470-2644E6178163}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{492EAD08-BB76-4414-AD0E-96056B72359A}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |

"{50C2F269-D365-44CF-9B89-F5A8A9ED5DB4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{5A955919-2A8B-4653-9F0F-E97D430DAA6F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{5F6F7393-88F5-48F2-95FB-F933A4A656BA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{6195984C-DC5C-4DB9-944C-10DA2AB5B472}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{68AC7D5A-D543-4F16-AABE-C0916F1C0E6B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{6BA77723-B73D-4E4D-ACE3-ED902C3FF4D4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{738DE1B8-130F-4A19-A230-617584F61390}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{74322332-B429-4154-B35F-971D5058FE77}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{79F68914-3C1A-4915-82F2-2AAE0A6C486E}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |

"{80337AC3-EB68-4D3A-925C-838088576C8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{842D480C-ACDB-4C71-AC56-C38EFC906434}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{84ED14AE-405F-4DEE-9FD4-2C5549017C85}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{8747F26B-9919-470B-B86B-2E7D77BC9A5A}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |

"{89874625-49D4-456D-A775-788ED41608CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8BBFBE47-861F-4F7F-A482-6311A794D115}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9EDA4A16-5B65-48DD-BFD9-724BA835BFC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{A167FB86-8152-48CC-B617-8AE435CBF8B6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{ACC2775A-0399-4C54-BA1F-F670310DA870}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AD0994ED-3352-4354-847A-C644B70A2D3C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{AEC2A186-3B60-4BAF-A13E-3F5B4980D398}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C6DBF7B4-F7C4-4E0C-8C2A-4938671DC6B1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{C736498A-E5A5-404F-B98C-2F50E657BB86}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{E45F4662-D7B4-4BEF-853C-2E7AC9B448C0}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{EDDA817E-738E-49A0-975B-1A060C87E6BB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{F5AA6AB9-AF1C-4A13-80B1-CACAD24E07B2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{FCE6B531-79FC-440B-AAB9-C1F55871FCEA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{FD1B417E-84D4-4DBE-8A5A-2458AE81E172}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{FDFA282D-42F6-4DA9-BF0D-56179A1B8131}" = dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4

"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE

"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4EAB69C5-7763-4BB8-9D06-733292AA6E0C}" = Bing Bar

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL

"{59215BC2-3FBA-4E5E-8DC1-4275AC7FBD66}" = AVG 2011

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.4 MUI

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw

"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR

"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension

"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"{E533E637-FB3E-4F28-8B18-449CC9AB7235}" = AVG 2011

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters

"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio

"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander

"Ashampoo Snap_is1" = Ashampoo Snap

"AVG" = AVG 2011

"HaaliMkx" = Haali Media Splitter

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso

"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Searchqu Toolbar" = Searchqu Toolbar

"searchqutoolbar" = Searchqu Toolbar

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214709837-2587368711-1749435114-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Game Organizer" = GameXN GO

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[Firefox]

Hello and welcome to Malwarebytes

If you think you are infected, here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

IMPORTANT: Don't use any temporary file cleaners unless requested - this can cause data loss and make recovery difficult

You have 3 Options that you can choose from as listed below:

• Option 1 —— Free Expert advice in the Malware Removal Forum
  
• Option 2 —— Paying customer -- Contact Support via email
  
• Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the General Malwarebytes' Anti-Malware Forum, you need to start a topic in the

Malware Removal forum so a qualified helper can help you fix any malware related problems/infections you may have.

• Please read and follow the directions >>Right HERE<<, skipping any steps you are unable to complete.
  
• After posting your new post, make sure under options, you select Track this topic and choose Immediate Email Notification,
  so that you're alerted when someone has replied to your post.

NOTE: Please do not post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies.

If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

• If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  Or
  
• You may send a Private Message to a Moderator asking for assistance.
  

OPTION 2

Alternatively, as a paying customer, you can contact the help desk by filling out the form located >>Right HERE<<

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our Malwarebytes Premium Services support site --> >>Right HERE<<

Please be patient, someone will assist you as soon as possible.

PS: Please use the "Reply to this topic" button not the Reply button when you start replying.