Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Trouble Uninstalling Spyware RegClean Pro


(!)

jolly1808's Avatar
jolly1808 jolly1808 is offline
Member with 65 posts.
THREAD STARTER
 
Join Date: Mar 2006
18-Dec-2011, 07:48 AM #1
Trouble Uninstalling Spyware RegClean Pro
Hello

Thanks for reading this, hope I can get some help

As the tittle says the program RegClean Pro turned up one day on the PC and im not able to simple uninstall it from RemovePrograms(Windows7)

I tried malwarebytes and spydoctor but neither was able to pick up a problem.

AVG antivirus is running and up-to-date

Ive searched and found some guides to remove the program manually but it looks a bit complicated and im not confident enough to mess around with registry edits by my self

Would appreciate any help possible or advice what to do next to deal with that

Many Thanks

Jolly1808

----------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:41:39, on 18/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\GamesBar\SearchEngineProtection.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Barbara\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll
O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
O4 - HKLM\..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_SC6D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SearchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://vpn.braemarseascope.com/XTSAC.cab
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://vpn.braemarseascope.com/MLWebCacheCleaner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: O?cnao?a Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

--
End of file - 13452 bytes
jolly1808's Avatar
jolly1808 jolly1808 is offline
Member with 65 posts.
THREAD STARTER
 
Join Date: Mar 2006
20-Dec-2011, 07:17 AM #2
Update: DDS LOG


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Barbara at 13:24:37 on 2011-12-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1033.18.2999.1674 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\GamesBar\SearchEngineProtection.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\msiexec.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.82\oberontb.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.82\oberontb.dll
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EPSON Stylus D92 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibze.exe /fu "c:\windows\temp\E_SC6D.tmp" /EF "HKCU"
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SearchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Starter] c:\program files\driver-soft\drivergenius\StarterW3i.exe
mRun: [TaskTray] c:\program files\driver-soft\drivergenius\TaskTray.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\barbara\appdata\roaming\micros~1\windows\startm~1\programs\startup \openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.82\oberontb.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://vpn.braemarseascope.com/XTSAC.cab
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.braemarseascope.com/MLWebCacheCleaner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F2EB36C9-2A1B-4A0E-877E-99BAF026F073} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-30 214664]
R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport \store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-31 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 366152]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-8-30 635416]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-7 855904]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-31 6381056]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-31 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-6-30 101392]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 22216]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportm s\28896\RapportIaso.sys [2011-8-7 21520]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-12 257568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-18 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-10 947528]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-18 136176]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-8-30 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-8-30 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-8-30 34248]
S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2010-11-18 90280]
S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2010-11-18 15016]
S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2010-11-18 122280]
S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2010-11-18 115880]
S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2010-11-18 26024]
S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2010-11-18 111912]
S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2010-11-18 116904]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-12-19 155344]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-22 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-19 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-12-17 19:43:30 -------- d-----w- c:\users\barbara\appdata\roaming\Malwarebytes
2011-12-17 19:42:27 -------- d-----w- c:\programdata\Malwarebytes
2011-12-17 19:42:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-17 19:42:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-15 06:26:53 -------- d-----w- c:\programdata\Avanquest
2011-12-15 06:26:53 -------- d-----w- c:\program files\Avanquest update
2011-12-14 15:32:19 -------- d-----w- c:\program files\iTunes
2011-12-14 15:32:19 -------- d-----w- c:\program files\iPod
2011-12-14 06:58:52 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 06:58:48 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 06:58:29 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 06:58:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 06:58:25 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 06:58:25 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-11 08:46:04 -------- d-----w- c:\users\barbara\appdata\local\DDMSettings
2011-12-07 08:47:56 -------- d-----w- c:\programdata\AVG Secure Search
2011-11-30 17:07:34 -------- d-----w- c:\users\barbara\appdata\roaming\AVG
2011-11-24 20:11:31 -------- d-----w- c:\users\barbara\appdata\roaming\FreeFileViewer
2011-11-22 18:22:23 -------- d-----w- c:\users\barbara\appdata\roaming\Systweak
2011-11-22 18:22:21 17280 ----a-w- c:\windows\system32\roboot.exe
2011-11-22 18:22:20 -------- d-----w- c:\program files\RegClean Pro
2011-11-22 18:15:56 -------- d-----w- c:\program files\File Type Assistant
2011-11-22 18:15:45 -------- d-----w- c:\program files\FreeFileViewer
2011-11-22 18:13:31 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-11-22 18:13:19 -------- d-----w- c:\program files\Driver-Soft
2011-11-22 18:12:11 -------- d-----w- c:\program files\fliptoast
.
==================== Find3M ====================
.
2011-11-11 11:22:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-07 19:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-24 12:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 12:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-07 04:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 04:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-10-03 02:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 13:25:38.97 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.

Last edited by jolly1808; 20-Dec-2011 at 07:53 AM.. Reason: Attached GMER Log
jolly1808's Avatar
jolly1808 jolly1808 is offline
Member with 65 posts.
THREAD STARTER
 
Join Date: Mar 2006
23-Dec-2011, 03:45 PM #3
bump
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,538 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
23-Dec-2011, 04:20 PM #4
Run the following and copy/paste the logs to your reply...

Download OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4
  • Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in:

    Code:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Kevin
jolly1808's Avatar
jolly1808 jolly1808 is offline
Member with 65 posts.
THREAD STARTER
 
Join Date: Mar 2006
24-Dec-2011, 05:49 AM #5
HI Kevin

Thanks for your help and reply

Here is the Logs:

OTL.txt

OTL logfile created on: 24/12/2011 11:38:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Barbara\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.31% Memory free
5.86 Gb Paging File | 3.64 Gb Available in Paging File | 62.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.16 Gb Total Space | 384.53 Gb Free Space | 84.30% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 0.90 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Computer Name: BARBARA-HP | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 11:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
PRC - [2011/12/07 10:47:54 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/07 10:47:53 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/11 13:22:04 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/21 14:06:26 | 000,433,872 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2011/05/22 15:25:38 | 000,292,208 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
PRC - [2011/04/26 15:18:20 | 000,075,120 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/03 16:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files\GamesBar\SearchEngineProtection.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/31 20:18:03 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/31 20:18:03 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/29 22:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2009/06/18 18:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/07 10:47:53 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/19 10:12:26 | 000,204,800 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2011/10/13 22:16:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e4 24a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 22:16:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b262208 0e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 22:16:13 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d4 9244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/13 22:16:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a2 7eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 22:16:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca 933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 22:15:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbe b9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 22:15:52 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0 fcc9649c379\System.ni.dll
MOD - [2011/10/13 22:15:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27 ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/07 18:07:47 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010/12/13 09:58:50 | 000,047,616 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
MOD - [2010/11/18 17:44:02 | 000,139,264 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/10/29 22:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 22:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/09/07 20:38:44 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/05/14 23:55:48 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010/05/07 18:37:50 | 000,290,648 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/04/12 16:59:12 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/07 10:47:54 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 22:25:20 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/18 07:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/01/31 20:18:03 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/19 13:53:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 18:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2011/12/15 21:44:18 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCer berus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/07 18:07:47 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 00:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/06/30 08:18:37 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/01/31 20:18:03 | 006,381,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/31 20:18:03 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/15 00:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
DRV - [2010/05/15 00:02:48 | 000,066,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2010/05/15 00:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 23:58:58 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/01/28 07:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/09/17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/05/25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV - [2009/05/25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009/05/25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV - [2009/05/25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009/05/25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV - [2009/05/25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009/05/25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/04/18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:56:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/14 19:29:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/07 10:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/11 10:41:55 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plug ins/avgnpss.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.braemarseascope.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://vpn.braemarseascope.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pu...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2EB36C9-2A1B-4A0E-877E-99BAF026F073}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\Shell - "" = AutoRun
O33 - MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\Shell\AutoRun\command - "" = L:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezGOSvc - C:\Windows\System32\ezGOSvc.dll ()
NetSvcs: 77129222639303 ] ] - File not found
NetSvcs: [ "http://emp.bbci.co.uk/" - File not found
NetSvcs: [ "http://ad.doubleclick.net/" - File not found
NetSvcs: 1.8950007376847426 - File not found
NetSvcs: "http://news.bbc.co.uk/" - File not found
NetSvcs: 2.1354112790328075 - File not found
NetSvcs: "http://news.bbcimg.co.uk/" - File not found
NetSvcs: 1.8950007376847426 - File not found
NetSvcs: "http://s0.2mdn.net/" - File not found
NetSvcs: 2.3758218203808714 - File not found
NetSvcs: "http://stats.bbc.co.uk/" - File not found
NetSvcs: 1.8950007376847426 ] ] - File not found
NetSvcs: [ "http://facebook.com/" - File not found
NetSvcs: [ "http://www.facebook.com/" - File not found
NetSvcs: 2.6037003999999997 ] ] - File not found
NetSvcs: [ "http://fls.doubleclick.net/" - File not found
NetSvcs: [ "http://ad.doubleclick.net/" - File not found
NetSvcs: 2.2086 - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/24 11:36:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2011/12/20 13:23:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Barbara\Desktop\dds.com
[2011/12/18 13:39:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Barbara\Desktop\HijackThis.exe
[2011/12/17 21:43:30 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Malwarebytes
[2011/12/17 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/17 21:42:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/17 21:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/15 08:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2011/12/15 08:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2011/12/14 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/14 17:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/14 17:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/14 09:43:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 09:43:17 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 09:43:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 09:43:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 09:43:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 09:43:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 08:58:52 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 08:58:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 08:58:29 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 08:58:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 08:58:25 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 08:58:25 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/11 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\DDMSettings
[2011/12/07 21:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2011/12/07 10:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/11/30 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\AVG
[2011/11/30 19:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/11/24 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\FreeFileViewer
[2011/11/24 21:19:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/24 11:41:07 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/24 11:41:07 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/24 11:39:48 | 085,062,687 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/24 11:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2011/12/24 11:34:23 | 000,001,338 | ---- | M] () -- C:\Users\Barbara\Desktop\Clean Registry for Free!.lnk
[2011/12/24 11:34:03 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2011/12/24 11:34:02 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/24 11:34:01 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/12/24 11:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/24 11:33:49 | 2358,595,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 22:48:00 | 000,001,174 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 21:13:17 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2011/12/23 09:56:55 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/23 09:48:34 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBarbara.job
[2011/12/22 17:29:04 | 000,228,983 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/20 13:37:56 | 000,302,592 | ---- | M] () -- C:\Users\Barbara\Desktop\jckge5xl.exe
[2011/12/20 13:23:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Barbara\Desktop\dds.com
[2011/12/19 17:54:59 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/12/19 14:02:23 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/18 18:49:55 | 000,002,292 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/18 13:42:17 | 000,509,150 | ---- | M] () -- C:\Users\Barbara\Desktop\HijackPic.png
[2011/12/18 13:39:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Barbara\Desktop\HijackThis.exe
[2011/12/18 12:37:49 | 001,467,912 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/17 22:51:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/17 22:51:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/14 20:22:12 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2011/12/14 17:23:30 | 000,002,503 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/14 17:23:30 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/14 17:02:01 | 000,431,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/11 10:46:36 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/12/11 10:46:36 | 000,001,597 | ---- | M] () -- C:\Users\Barbara\Desktop\DivX Movies.lnk
[2011/12/11 10:46:27 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/11/30 19:06:56 | 000,001,165 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/30 19:06:56 | 000,001,141 | ---- | M] () -- C:\Users\Barbara\Desktop\AVG PC Tuneup 2011.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/24 11:34:23 | 000,001,338 | ---- | C] () -- C:\Users\Barbara\Desktop\Clean Registry for Free!.lnk
[2011/12/20 13:37:56 | 000,302,592 | ---- | C] () -- C:\Users\Barbara\Desktop\jckge5xl.exe
[2011/12/19 17:54:59 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/12/18 13:42:17 | 000,509,150 | ---- | C] () -- C:\Users\Barbara\Desktop\HijackPic.png
[2011/12/18 12:37:23 | 001,467,912 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/14 17:32:54 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/30 19:06:56 | 000,001,165 | ---- | C] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/30 19:06:56 | 000,001,141 | ---- | C] () -- C:\Users\Barbara\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/19 16:54:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/30 19:04:08 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2011/05/20 19:08:32 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySavi2mpeg.dat
[2011/05/20 19:08:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011/03/24 19:29:31 | 000,004,608 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 20:18:12 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/31 20:18:12 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/01/16 18:31:43 | 000,007,604 | ---- | C] () -- C:\Users\Barbara\AppData\Local\Resmon.ResmonCfg
[2010/12/01 21:12:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/12/01 21:12:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/12/01 21:12:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/12/01 21:12:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/12/01 21:12:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/12/01 21:12:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/12/01 21:12:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/12/01 21:12:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/12/01 21:12:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/12/01 21:12:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/12/01 21:12:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/12/01 21:12:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/12/01 21:12:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/12/01 21:12:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/12/01 21:12:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/12/01 21:12:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/12/01 21:12:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/12/01 21:12:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/12/01 21:12:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/01 21:11:17 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
[2010/11/21 13:04:09 | 000,413,696 | ---- | C] () -- C:\Windows\System32\jsound.dll
[2010/11/21 13:04:09 | 000,380,928 | ---- | C] () -- C:\Windows\System32\jmmpa.dll
[2010/11/21 13:04:09 | 000,282,624 | ---- | C] () -- C:\Windows\System32\jmh261.dll
[2010/11/21 13:04:09 | 000,184,320 | ---- | C] () -- C:\Windows\System32\jmvh263.dll
[2010/11/21 13:04:09 | 000,143,360 | ---- | C] () -- C:\Windows\System32\jmjpeg.dll
[2010/11/21 13:04:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\jmh263enc.dll
[2010/11/21 13:04:09 | 000,098,304 | ---- | C] () -- C:\Windows\System32\jmg723.dll
[2010/11/21 13:04:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\jmmpegv.dll
[2010/11/21 13:04:09 | 000,073,728 | ---- | C] () -- C:\Windows\System32\jmutil.dll
[2010/11/21 13:04:09 | 000,057,344 | ---- | C] () -- C:\Windows\System32\jmgsm.dll
[2010/11/21 13:04:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jmvfw.dll
[2010/11/21 13:04:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmvcm.dll
[2010/11/21 13:04:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmgdi.dll
[2010/11/21 13:04:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmmci.dll
[2010/11/21 13:04:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\jmam.dll
[2010/11/21 13:04:08 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmcvid.dll
[2010/11/21 13:04:08 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmacm.dll
[2010/11/21 13:04:08 | 000,040,960 | ---- | C] () -- C:\Windows\System32\jmdaud.dll
[2010/11/21 13:04:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmfjawt.dll
[2010/11/21 13:04:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmddraw.dll
[2010/11/21 13:04:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmdaudc.dll
[2010/11/18 19:31:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/30 07:44:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/14 23:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/05/14 23:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/05/14 23:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/05/14 23:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/03/10 15:32:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/12/03 13:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/30 00:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,431,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 11:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 14:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

========== LOP Check ==========

[2011/11/30 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AVG
[2011/10/18 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AVG2012
[2011/03/31 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\EPSON
[2011/11/24 22:14:36 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\FreeFileViewer
[2011/07/18 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\go
[2010/12/27 11:01:42 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Leadertech
[2011/08/18 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Oberon Media
[2010/11/18 18:50:47 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\OpenOffice.org
[2010/11/18 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sony
[2010/11/18 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sony Setup
[2011/11/25 07:56:27 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Systweak
[2010/11/18 21:28:55 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Trusteer
[2010/11/20 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\WinBatch
[2011/02/23 11:08:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/02/23 11:08:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2011/12/24 11:34:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2011/12/24 11:34:01 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
[2011/12/23 21:13:17 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2011/12/14 20:22:12 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2011/12/23 09:48:34 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2010/08/30 08:40:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2010/08/30 08:39:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2010/08/30 08:39:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2010/08/30 08:40:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/08/30 08:40:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010/08/30 08:40:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\na om\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/21 10:33:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\op en\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 10:33:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open \command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\na om\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/21 10:33:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\op en\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 10:33:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInf o\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open \command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install\\LastSuccessTime: 2011-12-14 07:45:04

========== Alternate Data Streams ==========

@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:AA4982C6
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E1A6780D
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >


Extras.Txt:

OTL Extras logfile created on: 24/12/2011 11:38:35 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Barbara\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.31% Memory free
5.86 Gb Paging File | 3.64 Gb Available in Paging File | 62.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.16 Gb Total Space | 384.53 Gb Free Space | 84.30% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 0.90 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Computer Name: BARBARA-HP | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03FE0283-AF05-E046-7121-AF0D7BCDBC36}" = CCC Help Norwegian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
"{0AC481DF-AE1F-9189-579F-DC8AD38DB0A4}" = CCC Help Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0FE2DCFC-4AA7-E12F-BC8C-456455BCFCE3}" = CCC Help Polish
"{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20561129-42C2-2574-8050-C9C389D6F221}" = ccc-core-static
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{256CC41E-43C4-9A19-763D-0EBBC387CBFB}" = CCC Help Thai
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{36B971C3-2592-B65B-C23C-787815B22E72}" = CCC Help Swedish
"{387152C6-1AAF-E4E0-F9E3-363536F52170}" = CCC Help Korean
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CFB0AE9-90F7-5753-15A8-EFBB1AD7DF05}" = CCC Help Chinese Standard
"{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding
"{3EAE89BC-C473-57ED-FEDE-8E93BE966A65}" = Catalyst Control Center Graphics Previews Vista
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{47E3EEF6-A987-0E87-04A9-4E473E347E5B}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{55B0255E-3DF4-E9C7-8724-E8B973B4EAE3}" = CCC Help French
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A12421F-CD12-6A69-8669-D3B8D8B13C68}" = ATI Problem Report Wizard
"{6E30650C-81B1-9AD2-812E-DBAA19763B8B}" = HydraVision
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7234FAA6-CCFB-0D04-6854-8F4969A078E2}" = ccc-utility
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91310B50-AB3F-3D8A-3A5B-79EC53321705}" = CCC Help Hungarian
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94F44DC7-50BF-8C1B-873D-F8B0E2B1D6A2}" = Catalyst Control Center Graphics Previews Common
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{966C6CEF-4CF5-E1B8-4C77-5EBD8CD3FF40}" = CCC Help English
"{9933FF7C-EF3C-0C8A-6F72-2DC470A3A30E}" = FlipToast
"{99DC703F-ADB3-0264-268B-C635FD4E34B7}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FE384DE-1FA2-6EE5-F714-9C219CAE6035}" = ATI Catalyst Install Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB805DDA-181C-B2A5-AB9A-4563770E1D99}" = CCC Help Greek
"{AB8943A3-4937-8370-930A-E1D2D03C602D}" = CCC Help Czech
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B94F0C3C-4BB3-1EAE-FED1-6A6422B720EA}" = CCC Help Russian
"{BC7B086C-1AF2-DCEF-28F0-83120EFF8E5F}" = CCC Help Turkish
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CAF1F932-1B1C-DA4F-ACBA-8628329B0CC0}" = CCC Help Dutch
"{CDE20BED-564E-4086-0731-BF25873EE22D}" = CCC Help Portuguese
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
"{E2D13989-3B82-33A2-0F51-1309178B2CD9}" = CCC Help Italian
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5A45A09-4E51-6FAC-815A-A89940983069}" = CCC Help Danish
"{E6C2BA8B-F1C3-C50E-9C7B-8B5E6EC24ADF}" = CCC Help Chinese Traditional
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F23E846D-4CFA-2D7B-BA94-FA6FA7D9102A}" = Catalyst Control Center Localization All
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F6C91BE9-7786-922D-716E-BB1613755F00}" = CCC Help Spanish
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"alotAppbar" = ALOT Appbar
"AVG" = AVG 2012
"com.w3i.FlipToast" = FlipToast
"DivX Setup" = DivX Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Stylus C90_91_D92 User’s Guide" = EPSON Stylus C90_91_D92 Manual
"EZ AVI TO MPEG Converter_is1" = EZ AVI TO MPEG Converter 3.00
"ffdshow_is1" = ffdshow v1.1.3949 [2011-07-25]
"FreeFileViewer_is1" = Free File Viewer 2011
"GamesBar" = GamesBar 2.0.1.82
"Google Chrome" = Google Chrome
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Network Play System (Patching)" = Network Play System (Patching)
"PDF Complete" = PDF Complete Special Edition
"PKR" = PKR
"Rapport_msi" = Rapport
"RegClean Pro_is1" = RegClean Pro
"StarCraft II" = StarCraft II
"The Sims" = The Sims
"Trusted Software Assistant_is1" = File Type Assistant
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 1 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/12/2011 18:36:02 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8112

Error - 17/12/2011 18:36:02 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8112

Error - 17/12/2011 18:36:03 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/12/2011 18:36:03 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9126

Error - 17/12/2011 18:36:03 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9126

Error - 17/12/2011 18:36:04 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/12/2011 18:36:04 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10140

Error - 17/12/2011 18:36:04 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10140

Error - 18/12/2011 12:46:17 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(28:6a:ba:23:e6:2d@fe80::2a6a:baff:fe23:e62d._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 18/12/2011 13:00:02 | Computer Name = Barbara-HP | Source = Windows Backup | ID = 4103
Description =

[ Hewlett-Packard Events ]
Error - 21/12/2010 14:10:08 | Computer Name = Barbara-HP | Source = Hewlett-Packard | ID = 0
Description = el-GR Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 23/03/2011 13:55:05 | Computer Name = Barbara-HP | Source = Hewlett-Packard | ID = 0
Description = el-GR Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 28/03/2011 11:12:11 | Computer Name = Barbara-HP | Source = Hewlett-Packard | ID = 0
Description = el-GR Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 13/10/2011 09:50:42 | Computer Name = Barbara-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(Stri ng
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCo re()

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(Stri ng
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCo re()

at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/59f4275c_f8ac_4b42_a4d4_8335fad22b39/t0cw8wab40hxpueve_t0kt6c_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 2999 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

[ System Events ]
Error - 07/12/2011 13:57:05 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
Software Updater service to connect.

Error - 08/12/2011 02:59:32 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Peer
Networking Identity Manager service to connect.

Error - 08/12/2011 02:59:32 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7000
Description = The Peer Networking Identity Manager service failed to start due to
the following error: %%1053

Error - 08/12/2011 02:59:32 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Networking Grouping service depends on the Peer Networking
Identity Manager service which failed to start because of the following error:
%%1053

Error - 08/12/2011 02:59:32 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7001
Description = The Peer Name Resolution Protocol service depends on the Peer Networking
Identity Manager service which failed to start because of the following error:
%%1053

Error - 13/12/2011 12:48:56 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7023
Description = The Workstation service terminated with the following error: %%14

Error - 20/12/2011 07:27:28 | Computer Name = Barbara-HP | Source = DCOM | ID = 10016
Description =

Error - 20/12/2011 07:27:28 | Computer Name = Barbara-HP | Source = DCOM | ID = 10016
Description =

Error - 20/12/2011 09:01:48 | Computer Name = Barbara-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:21:35 μμ on ?20/?12/?2011 was unexpected.

Error - 20/12/2011 09:01:48 | Computer Name = BARBARA-HP | Source = BugCheck | ID = 1001
Description =


< End of report >


Merry Xmas
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,538 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
24-Dec-2011, 06:41 AM #6
Re-Run by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
    O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
    O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
    O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
    O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com (http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com (https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\Shell - "" = AutoRun
    O33 - MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\Shell\AutoRun\command - "" = L:\Startme.exe
    [2011/12/24 11:34:23 | 000,001,338 | ---- | C] () -- C:\Users\Barbara\Desktop\Clean Registry for Free!.lnk
    [2011/12/24 11:34:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    [2011/12/24 11:34:01 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
    [2011/12/23 21:13:17 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
    [2011/12/14 20:22:12 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
    [2011/12/23 09:48:34 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:AA4982C6
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E1A6780D
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPFC5A2B2
    :System
    mfetdik
    MfeRKDK
    mfehidk
    MfeBOPK
    MfeAVFK
    :Files
    ipconfig /flushdns /c
    C:\Windows\System32\drivers\mfetdik.sys
    C:\Windows\System32\drivers\mferkdk.sys
    C:\Windows\System32\drivers\mfehidk.sys
    C:\Windows\System32\drivers\mfebopk.sys
    C:\Windows\System32\drivers\mfeavfk.sys
    c:\users\barbara\appdata\roaming\Systweak
    c:\windows\system32\roboot.exe
    c:\program files\RegClean Pro
    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click button at the top
  • Let the program run unhindered, reboot the PC when it is done. Let me see the log.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

What i`d like in your reply:

Log from OTL fix
Log from OTL quick scan
Update on issues/concerns...

Kevin
jolly1808's Avatar
jolly1808 jolly1808 is offline
Member with 65 posts.
THREAD STARTER
 
Join Date: Mar 2006
24-Dec-2011, 06:56 AM #7
Hey Kevin

Stuff look good, the program no longer runs on start up and seems to be wiped from my pc

Here is the fix log:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully.
C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}\ deleted successfully.
C:\Program Files\GamesBar\2.0.1.82\oberontb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully.
File C:\Program Files\GamesBar\2.0.1.82\oberontb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
C:\Program Files\alotappbar\bin\alothelper.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Windows\CurrentVersion\Run\\SearchEngineProtection deleted successfully.
C:\Program Files\GamesBar\SearchEngineProtection.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceOb jectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17736ee2-f334-11df-a9f5-6c626d56578a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountP oints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17736ee2-f334-11df-a9f5-6c626d56578a}\ not found.
File L:\Startme.exe not found.
C:\Users\Barbara\Desktop\Clean Registry for Free!.lnk moved successfully.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job moved successfully.
C:\Windows\Tasks\PC Optimizer Pro startups.job moved successfully.
C:\Windows\Tasks\RegClean Pro_DEFAULT.job moved successfully.
C:\Windows\Tasks\RegClean Pro_UPDATES.job moved successfully.
File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
ADS C:\ProgramData\TEMP:AA4982C6 deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
ADS C:\ProgramData\TEMP:E1A6780D deleted successfully.
Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
Error: Unable to interpret <:System> in the current context!
Error: Unable to interpret <mfetdik> in the current context!
Error: Unable to interpret <MfeRKDK> in the current context!
Error: Unable to interpret <mfehidk> in the current context!
Error: Unable to interpret <MfeBOPK> in the current context!
Error: Unable to interpret <MfeAVFK> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Barbara\Desktop\cmd.bat deleted successfully.
C:\Users\Barbara\Desktop\cmd.txt deleted successfully.
C:\Windows\System32\drivers\mfetdik.sys moved successfully.
C:\Windows\System32\drivers\mferkdk.sys moved successfully.
C:\Windows\System32\drivers\mfehidk.sys moved successfully.
C:\Windows\System32\drivers\mfebopk.sys moved successfully.
C:\Windows\System32\drivers\mfeavfk.sys moved successfully.
c:\users\barbara\appdata\roaming\Systweak\RegClean Pro\Version 6.1 folder moved successfully.
c:\users\barbara\appdata\roaming\Systweak\RegClean Pro folder moved successfully.
c:\users\barbara\appdata\roaming\Systweak folder moved successfully.
c:\windows\system32\roboot.exe moved successfully.
c:\program files\RegClean Pro folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Barbara
->Temp folder emptied: 75970798 bytes
->Temporary Internet Files folder emptied: 1189610856 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 343920490 bytes
->Apple Safari cache emptied: 1289216 bytes
->Flash cache emptied: 15127 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23085902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,558.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 12242011_124350

Files\Folders moved on Reboot...
File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
C:\Users\Barbara\AppData\Local\Temp\VGX449D.tmp moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Barbara\AppData\Local\Trusteer\Rapport\user\logs\ koan.5184.log moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T58I0PNU\ads[3].htm moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDXUPQIQ\1031741-trouble-uninstalling-spyware-regclean-pro[1].htm moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TMK3BA8\ads[4].htm moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

And a quick scan:

OTL logfile created on: 24/12/2011 12:51:45 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Barbara\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 50.49% Memory free
5.86 Gb Paging File | 3.66 Gb Available in Paging File | 62.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.16 Gb Total Space | 389.33 Gb Free Space | 85.35% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 0.90 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

Computer Name: BARBARA-HP | User Name: Barbara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 11:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
PRC - [2011/12/07 10:47:54 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/07 10:47:53 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/11 13:22:04 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/21 14:06:26 | 000,433,872 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2011/05/22 15:25:38 | 000,292,208 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
PRC - [2011/04/26 15:18:20 | 000,075,120 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/31 20:18:03 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/01/31 20:18:03 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/29 22:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2009/06/18 18:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


========== Modules (No Company Name) ==========

MOD - [2011/12/07 10:47:53 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/19 10:12:26 | 000,204,800 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
MOD - [2011/10/13 22:16:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e4 24a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 22:16:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b262208 0e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 22:16:13 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d4 9244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/13 22:16:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a2 7eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 22:16:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca 933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 22:15:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbe b9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 22:15:52 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0 fcc9649c379\System.ni.dll
MOD - [2011/10/13 22:15:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27 ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/07 18:07:47 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
MOD - [2010/12/13 09:58:50 | 000,047,616 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
MOD - [2010/11/18 17:44:02 | 000,139,264 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/10/29 22:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 22:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
MOD - [2010/09/07 20:38:44 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2010/05/14 23:55:48 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2010/05/07 18:37:50 | 000,290,648 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/04/12 16:59:12 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/07 10:47:54 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 22:25:20 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/18 07:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/01/31 20:18:03 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/11/19 13:53:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/18 18:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - [2011/12/15 21:44:18 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCer berus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/07 18:07:47 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 00:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/06/30 08:18:37 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/01/31 20:18:03 | 006,381,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/01/31 20:18:03 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/05/15 00:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
DRV - [2010/05/15 00:02:48 | 000,066,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2010/05/15 00:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 23:58:58 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/01/28 07:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/05/25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV - [2009/05/25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
DRV - [2009/05/25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV - [2009/05/25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
DRV - [2009/05/25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV - [2009/05/25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
DRV - [2009/05/25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/04/18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:56:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/14 19:29:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/07 10:47:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/11 10:41:55 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googlerigi nalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plug ins/avgnpss.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: AVG Safe Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.braemarseascope.com/XTSAC.cab (XTSAC Control)
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://vpn.braemarseascope.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pu...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2EB36C9-2A1B-4A0E-877E-99BAF026F073}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/24 12:43:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/24 11:36:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2011/12/20 13:23:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Barbara\Desktop\dds.com
[2011/12/17 21:43:30 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Malwarebytes
[2011/12/17 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/17 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/17 21:42:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/17 21:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/15 08:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2011/12/15 08:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
[2011/12/14 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/14 17:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/14 17:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/11 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\DDMSettings
[2011/12/07 21:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2011/12/07 10:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/11/30 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\AVG
[2011/11/30 19:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/11/24 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\FreeFileViewer
[2011/11/24 21:19:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2011/12/24 12:48:51 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/24 12:48:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/24 12:48:27 | 2358,595,584 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/24 12:48:00 | 000,001,174 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/24 12:47:46 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/24 12:47:46 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/24 11:39:48 | 085,062,687 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/24 11:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
[2011/12/23 09:56:55 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/12/23 09:48:34 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBarbara.job
[2011/12/22 17:29:04 | 000,228,983 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/20 13:23:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Barbara\Desktop\dds.com
[2011/12/19 17:54:59 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/12/19 14:02:23 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/18 18:49:55 | 000,002,292 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/18 12:37:49 | 001,467,912 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/17 22:51:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/17 22:51:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/14 17:23:30 | 000,002,503 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/14 17:23:30 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/14 17:02:01 | 000,431,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/11 10:46:36 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2011/12/11 10:46:36 | 000,001,597 | ---- | M] () -- C:\Users\Barbara\Desktop\DivX Movies.lnk
[2011/12/11 10:46:27 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2011/11/30 19:06:56 | 000,001,165 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/30 19:06:56 | 000,001,141 | ---- | M] () -- C:\Users\Barbara\Desktop\AVG PC Tuneup 2011.lnk

========== Files Created - No Company Name ==========

[2011/12/19 17:54:59 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/12/18 12:37:23 | 001,467,912 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/14 17:32:54 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/30 19:06:56 | 000,001,165 | ---- | C] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2011/11/30 19:06:56 | 000,001,141 | ---- | C] () -- C:\Users\Barbara\Desktop\AVG PC Tuneup 2011.lnk
[2011/08/19 16:54:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/30 19:04:08 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2011/05/20 19:08:32 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySavi2mpeg.dat
[2011/05/20 19:08:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2011/03/24 19:29:31 | 000,004,608 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/31 20:18:12 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/01/31 20:18:12 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/01/16 18:31:43 | 000,007,604 | ---- | C] () -- C:\Users\Barbara\AppData\Local\Resmon.ResmonCfg
[2010/12/01 21:12:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010/12/01 21:12:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010/12/01 21:12:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010/12/01 21:12:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010/12/01 21:12:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010/12/01 21:12:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010/12/01 21:12:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010/12/01 21:12:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010/12/01 21:12:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010/12/01 21:12:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010/12/01 21:12:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010/12/01 21:12:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010/12/01 21:12:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010/12/01 21:12:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010/12/01 21:12:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010/12/01 21:12:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010/12/01 21:12:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010/12/01 21:12:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010/12/01 21:12:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010/12/01 21:11:17 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
[2010/11/21 13:04:09 | 000,413,696 | ---- | C] () -- C:\Windows\System32\jsound.dll
[2010/11/21 13:04:09 | 000,380,928 | ---- | C] () -- C:\Windows\System32\jmmpa.dll
[2010/11/21 13:04:09 | 000,282,624 | ---- | C] () -- C:\Windows\System32\jmh261.dll
[2010/11/21 13:04:09 | 000,184,320 | ---- | C] () -- C:\Windows\System32\jmvh263.dll
[2010/11/21 13:04:09 | 000,143,360 | ---- | C] () -- C:\Windows\System32\jmjpeg.dll
[2010/11/21 13:04:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\jmh263enc.dll
[2010/11/21 13:04:09 | 000,098,304 | ---- | C] () -- C:\Windows\System32\jmg723.dll
[2010/11/21 13:04:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\jmmpegv.dll
[2010/11/21 13:04:09 | 000,073,728 | ---- | C] () -- C:\Windows\System32\jmutil.dll
[2010/11/21 13:04:09 | 000,057,344 | ---- | C] () -- C:\Windows\System32\jmgsm.dll
[2010/11/21 13:04:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jmvfw.dll
[2010/11/21 13:04:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmvcm.dll
[2010/11/21 13:04:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmgdi.dll
[2010/11/21 13:04:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmmci.dll
[2010/11/21 13:04:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\jmam.dll
[2010/11/21 13:04:08 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmcvid.dll
[2010/11/21 13:04:08 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmacm.dll
[2010/11/21 13:04:08 | 000,040,960 | ---- | C] () -- C:\Windows\System32\jmdaud.dll
[2010/11/21 13:04:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmfjawt.dll
[2010/11/21 13:04:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmddraw.dll
[2010/11/21 13:04:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmdaudc.dll
[2010/11/18 19:31:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/30 07:44:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/14 23:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010/05/14 23:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010/05/14 23:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010/05/14 23:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2010/03/10 15:32:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/12/03 13:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/30 00:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 06:33:53 | 000,431,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/02/18 11:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 14:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

========== LOP Check ==========

[2011/11/30 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AVG
[2011/10/18 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AVG2012
[2011/03/31 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\EPSON
[2011/11/24 22:14:36 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\FreeFileViewer
[2011/07/18 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\go
[2010/12/27 11:01:42 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Leadertech
[2011/08/18 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Oberon Media
[2010/11/18 18:50:47 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\OpenOffice.org
[2010/11/18 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sony
[2010/11/18 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sony Setup
[2010/11/18 21:28:55 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Trusteer
[2010/11/20 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\WinBatch
[2011/12/23 09:48:34 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPFC5A2B2

< End of report >


Looks good ?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,538 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
24-Dec-2011, 07:01 AM #8
Ok, do the following:

Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application. If already installed just update and run as below...
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see the two logs....
jolly1808's Avatar
jolly1808 jolly1808 is offline
Member with 65 posts.
THREAD STARTER
 
Join Date: Mar 2006
25-Dec-2011, 12:00 PM #9
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122502

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

25/12/2011 14:13:47
mbam-log-2011-12-25 (14-13-47).txt

Scan type: Quick scan
Objects scanned: 168949
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Results of screen317's Security Check version 0.99.30
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup 2011
AVG 2012
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
AVG PC Tuneup 2011
Java Media Framework 2.1.1e
Java(TM) 6 Update 20
Java(TM) 6 Update 29
Java version out of date!
Adobe Reader X (10.1.1)
Mozilla Firefox (for..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


Guess ill update Java
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,538 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
25-Dec-2011, 04:09 PM #10
OK, couple of things still to do:

Step 1

Re-Run by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the box at the bottom, paste in the following

    Code:
    :OTL
    
    :Services
    mfetdik
    MfeRKDK
    mfehidk
    MfeBOPK
    MfeAVFK
    :Files
    
    :commands
    [EmptyTemp]
    [ClearAllRestorePoints]
    [ReBoot]
  • Then click button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Save the log it produces as we will continue and clean up

Step 2
  • Re-open to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
  • Click on the button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Step 3

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 30.
  • Go to Sun Java
  • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer

Select > Start > Control Panel > Uninstall a Program, make sure old versions of Java are removed...

Let me see the log from OTL, let me know if all steps completed OK

Kevin....
jolly1808's Avatar
jolly1808 jolly1808 is offline
Member with 65 posts.
THREAD STARTER
 
Join Date: Mar 2006
26-Dec-2011, 06:09 AM #11
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
Service mfetdik stopped successfully!
Service mfetdik deleted successfully!
Service MfeRKDK stopped successfully!
Service MfeRKDK deleted successfully!
Service mfehidk stopped successfully!
Service mfehidk deleted successfully!
Service MfeBOPK stopped successfully!
Service MfeBOPK deleted successfully!
Service MfeAVFK stopped successfully!
Service MfeAVFK deleted successfully!
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Barbara
->Temp folder emptied: 67172201 bytes
->Temporary Internet Files folder emptied: 110343397 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6980539 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2724 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2544549 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 178.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 12262011_120605

Files\Folders moved on Reboot...
C:\Users\Barbara\AppData\Local\Temp\VGXD326.tmp moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Barbara\AppData\Local\Trusteer\Rapport\user\logs\ koan.5576.log moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTAE0GEM\ads[10].htm moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTAE0GEM\ads[9].htm moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUB08OI3\si[2].htm moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GN9D9T9J\1031741-trouble-uninstalling-spyware-regclean-pro[1].htm moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

On Step 2, I ran the Clean Up and when the pc rebooted there was no log and the OTL program was removed from my computer. Is that ok ?

Step 3: Done ! Removed old java versions and installed new

Last edited by jolly1808; 26-Dec-2011 at 06:15 AM..
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,538 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
26-Dec-2011, 07:06 AM #12
Excellent! if no more issues here are some tips to reduce the potential for malware infection in the future:
Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed is
n't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained Here

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

Firefox,

Opera, and

Chrome.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the “Mark Solved” tab at the top of the thread,

Take care,

Kevin
jolly1808's Avatar
jolly1808 jolly1808 is offline
Member with 65 posts.
THREAD STARTER
 
Join Date: Mar 2006
26-Dec-2011, 08:32 AM #13
Solved!
Many thanks for your help
Regards
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,538 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
26-Dec-2011, 11:44 AM #14
You`re welcome......
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑