1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trouble Uninstalling Spyware RegClean Pro

Discussion in 'Virus & Other Malware Removal' started by jolly1808, Dec 18, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. jolly1808

    jolly1808 Thread Starter

    Joined:
    Mar 25, 2006
    Messages:
    65
    Hello

    Thanks for reading this, hope I can get some help :)

    As the tittle says the program RegClean Pro turned up one day on the PC and im not able to simple uninstall it from RemovePrograms(Windows7)

    I tried malwarebytes and spydoctor but neither was able to pick up a problem.

    AVG antivirus is running and up-to-date

    Ive searched and found some guides to remove the program manually but it looks a bit complicated and im not confident enough to mess around with registry edits by my self

    Would appreciate any help possible or advice what to do next to deal with that

    Many Thanks

    Jolly1808

    ----------------------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:41:39, on 18/12/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
    C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\Vid HD\Vid.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\GamesBar\SearchEngineProtection.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Barbara\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: ALOT Appbar Helper - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll
    O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll
    O3 - Toolbar: ALOT Appbar - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\ALOTHelper.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
    O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
    O4 - HKLM\..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_SC6D.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SearchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.mcafee.com (HKLM)
    O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
    O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
    O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
    O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
    O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://vpn.braemarseascope.com/XTSAC.cab
    O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://vpn.braemarseascope.com/MLWebCacheCleaner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: O?cnao?a Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
    O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe

    --
    End of file - 13452 bytes
     
  2. jolly1808

    jolly1808 Thread Starter

    Joined:
    Mar 25, 2006
    Messages:
    65
    Update: DDS LOG


    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by Barbara at 13:24:37 on 2011-12-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1253.30.1033.18.2999.1674 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\PDF Complete\pdfsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
    C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Logitech\Vid HD\Vid.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\GamesBar\SearchEngineProtection.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\msiexec.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    mDefault_Page_URL = hxxp://www.bing.com
    mStart Page = hxxp://www.bing.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - c:\program files\gamesbar\2.0.1.82\oberontb.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - c:\program files\gamesbar\2.0.1.82\oberontb.dll
    TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [EPSON Stylus D92 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibze.exe /fu "c:\windows\temp\E_SC6D.tmp" /EF "HKCU"
    uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [SearchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
    mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
    mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Starter] c:\program files\driver-soft\drivergenius\StarterW3i.exe
    mRun: [TaskTray] c:\program files\driver-soft\drivergenius\TaskTray.exe
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\barbara\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.82\oberontb.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://vpn.braemarseascope.com/XTSAC.cab
    DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://vpn.braemarseascope.com/MLWebCacheCleaner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F2EB36C9-2A1B-4A0E-877E-99BAF026F073} : DhcpNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-11-7 56208]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-30 214664]
    R1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\34302\RapportCerberus32_34302.sys [2011-12-15 228208]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-1-31 176128]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\hewlett-packard\shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-17 366152]
    R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2010-8-30 635416]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-7 855904]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-1-31 6381056]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-1-31 221696]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-6-30 101392]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [2010-5-14 20704]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-17 22216]
    R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-1-12 257568]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-18 136176]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-10 947528]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 gupdatem;&#933;&#960;&#951;&#961;&#949;&#963;&#943;&#945; Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-18 136176]
    S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\mfeavfk.sys [2010-8-30 79816]
    S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\mfebopk.sys [2010-8-30 35272]
    S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2010-8-30 34248]
    S3 s1029bus;Sony Ericsson Device 1029 driver (WDM);c:\windows\system32\drivers\s1029bus.sys [2010-11-18 90280]
    S3 s1029mdfl;Sony Ericsson Device 1029 USB WMC Modem Filter;c:\windows\system32\drivers\s1029mdfl.sys [2010-11-18 15016]
    S3 s1029mdm;Sony Ericsson Device 1029 USB WMC Modem Driver;c:\windows\system32\drivers\s1029mdm.sys [2010-11-18 122280]
    S3 s1029mgmt;Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1029mgmt.sys [2010-11-18 115880]
    S3 s1029nd5;Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1029nd5.sys [2010-11-18 26024]
    S3 s1029obex;Sony Ericsson Device 1029 USB WMC OBEX Interface;c:\windows\system32\drivers\s1029obex.sys [2010-11-18 111912]
    S3 s1029unic;Sony Ericsson Device 1029 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1029unic.sys [2010-11-18 116904]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-12-19 155344]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-22 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-19 1343400]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== Created Last 30 ================
    .
    2011-12-17 19:43:30 -------- d-----w- c:\users\barbara\appdata\roaming\Malwarebytes
    2011-12-17 19:42:27 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-17 19:42:24 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-17 19:42:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-15 06:26:53 -------- d-----w- c:\programdata\Avanquest
    2011-12-15 06:26:53 -------- d-----w- c:\program files\Avanquest update
    2011-12-14 15:32:19 -------- d-----w- c:\program files\iTunes
    2011-12-14 15:32:19 -------- d-----w- c:\program files\iPod
    2011-12-14 06:58:52 534528 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-14 06:58:48 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-14 06:58:29 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-12-14 06:58:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-14 06:58:25 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-12-14 06:58:25 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-12-11 08:46:04 -------- d-----w- c:\users\barbara\appdata\local\DDMSettings
    2011-12-07 08:47:56 -------- d-----w- c:\programdata\AVG Secure Search
    2011-11-30 17:07:34 -------- d-----w- c:\users\barbara\appdata\roaming\AVG
    2011-11-24 20:11:31 -------- d-----w- c:\users\barbara\appdata\roaming\FreeFileViewer
    2011-11-22 18:22:23 -------- d-----w- c:\users\barbara\appdata\roaming\Systweak
    2011-11-22 18:22:21 17280 ----a-w- c:\windows\system32\roboot.exe
    2011-11-22 18:22:20 -------- d-----w- c:\program files\RegClean Pro
    2011-11-22 18:15:56 -------- d-----w- c:\program files\File Type Assistant
    2011-11-22 18:15:45 -------- d-----w- c:\program files\FreeFileViewer
    2011-11-22 18:13:31 -------- d-----w- c:\program files\Free Offers from Freeze.com
    2011-11-22 18:13:19 -------- d-----w- c:\program files\Driver-Soft
    2011-11-22 18:12:11 -------- d-----w- c:\program files\fliptoast
    .
    ==================== Find3M ====================
    .
    2011-11-11 11:22:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-07 19:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-10-24 12:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 12:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
    2011-10-07 04:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 04:21:28 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-10-03 02:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ============= FINISH: 13:25:38.97 ===============
     

    Attached Files:

  3. jolly1808

    jolly1808 Thread Starter

    Joined:
    Mar 25, 2006
    Messages:
    65
  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Run the following and copy/paste the logs to your reply...

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3
    Link 4
    • Double click on the icon [​IMG] to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top, make sure Stadard output is selected.
    • Select Scan all users
    • Under the Extra Registry section, check Use SafeList
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in:

      Code:
      [B]netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      %systemroot%\*. /mp /s
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      CREATERESTOREPOINT
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs[/B]
      
    • Click the [​IMG] button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Kevin
     
  5. jolly1808

    jolly1808 Thread Starter

    Joined:
    Mar 25, 2006
    Messages:
    65
    HI Kevin

    Thanks for your help and reply

    Here is the Logs:

    OTL.txt

    OTL logfile created on: 24/12/2011 11:38:35 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Barbara\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.31% Memory free
    5.86 Gb Paging File | 3.64 Gb Available in Paging File | 62.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 456.16 Gb Total Space | 384.53 Gb Free Space | 84.30% Space Free | Partition Type: NTFS
    Drive D: | 7.59 Gb Total Space | 0.90 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

    Computer Name: BARBARA-HP | User Name: Barbara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/24 11:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
    PRC - [2011/12/07 10:47:54 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    PRC - [2011/12/07 10:47:53 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/11/11 13:22:04 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/10/21 14:06:26 | 000,433,872 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    PRC - [2011/05/22 15:25:38 | 000,292,208 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
    PRC - [2011/04/26 15:18:20 | 000,075,120 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
    PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/03/03 16:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files\GamesBar\SearchEngineProtection.exe
    PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/31 20:18:03 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/01/31 20:18:03 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/29 22:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
    PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2009/06/18 18:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/07 10:47:53 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/10/19 10:12:26 | 000,204,800 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
    MOD - [2011/10/13 22:16:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2011/10/13 22:16:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
    MOD - [2011/10/13 22:16:13 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
    MOD - [2011/10/13 22:16:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2011/10/13 22:16:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2011/10/13 22:15:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2011/10/13 22:15:52 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2011/10/13 22:15:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/08/07 18:07:47 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
    MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
    MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
    MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
    MOD - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    MOD - [2010/12/13 09:58:50 | 000,047,616 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
    MOD - [2010/11/18 17:44:02 | 000,139,264 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2010/10/29 22:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
    MOD - [2010/10/29 22:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
    MOD - [2010/09/07 20:38:44 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2010/05/14 23:55:48 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
    MOD - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2010/05/07 18:37:50 | 000,290,648 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
    MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2010/04/12 16:59:12 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
    MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
    MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
    MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
    MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
    MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
    MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
    MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
    MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
    MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
    MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/12/07 10:47:54 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
    SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/05/29 22:25:20 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
    SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/03/18 07:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2011/01/31 20:18:03 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/11/19 13:53:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/06/18 18:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/15 21:44:18 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
    DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/08/07 18:07:47 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
    DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 00:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 00:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/07/11 00:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/06/30 08:18:37 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
    DRV - [2011/01/31 20:18:03 | 006,381,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/01/31 20:18:03 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/05/15 00:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
    DRV - [2010/05/15 00:02:48 | 000,066,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
    DRV - [2010/05/15 00:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2010/05/14 23:58:58 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
    DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2010/01/28 07:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
    DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
    DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
    DRV - [2009/09/17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2009/05/25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
    DRV - [2009/05/25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
    DRV - [2009/05/25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
    DRV - [2009/05/25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
    DRV - [2009/05/25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
    DRV - [2009/05/25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
    DRV - [2009/05/25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
    DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2007/04/18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
    IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:56:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/14 19:29:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/07 10:47:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/11 10:41:55 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: AVG Safe Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

    O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
    O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
    O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
    O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
    O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.braemarseascope.com/XTSAC.cab (XTSAC Control)
    O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://vpn.braemarseascope.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2EB36C9-2A1B-4A0E-877E-99BAF026F073}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\Shell - "" = AutoRun
    O33 - MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\Shell\AutoRun\command - "" = L:\Startme.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: ezGOSvc - C:\Windows\System32\ezGOSvc.dll ()
    NetSvcs: 77129222639303 ] ] - File not found
    NetSvcs: [ "http://emp.bbci.co.uk/" - File not found
    NetSvcs: [ "http://ad.doubleclick.net/" - File not found
    NetSvcs: 1.8950007376847426 - File not found
    NetSvcs: "http://news.bbc.co.uk/" - File not found
    NetSvcs: 2.1354112790328075 - File not found
    NetSvcs: "http://news.bbcimg.co.uk/" - File not found
    NetSvcs: 1.8950007376847426 - File not found
    NetSvcs: "http://s0.2mdn.net/" - File not found
    NetSvcs: 2.3758218203808714 - File not found
    NetSvcs: "http://stats.bbc.co.uk/" - File not found
    NetSvcs: 1.8950007376847426 ] ] - File not found
    NetSvcs: [ "http://facebook.com/" - File not found
    NetSvcs: [ "http://www.facebook.com/" - File not found
    NetSvcs: 2.6037003999999997 ] ] - File not found
    NetSvcs: [ "http://fls.doubleclick.net/" - File not found
    NetSvcs: [ "http://ad.doubleclick.net/" - File not found
    NetSvcs: 2.2086 - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/24 11:36:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
    [2011/12/20 13:23:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Barbara\Desktop\dds.com
    [2011/12/18 13:39:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Barbara\Desktop\HijackThis.exe
    [2011/12/17 21:43:30 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Malwarebytes
    [2011/12/17 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/17 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/12/17 21:42:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/12/17 21:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/15 08:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
    [2011/12/15 08:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
    [2011/12/14 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/12/14 17:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/12/14 17:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/12/14 09:43:18 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/12/14 09:43:17 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2011/12/14 09:43:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/12/14 09:43:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/12/14 09:43:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/12/14 09:43:14 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/12/14 08:58:52 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011/12/14 08:58:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/12/14 08:58:29 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/12/14 08:58:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2011/12/14 08:58:25 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/12/14 08:58:25 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/12/11 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\DDMSettings
    [2011/12/07 21:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
    [2011/12/07 10:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2011/11/30 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\AVG
    [2011/11/30 19:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
    [2011/11/24 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\FreeFileViewer
    [2011/11/24 21:19:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/24 11:41:07 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/24 11:41:07 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/24 11:39:48 | 085,062,687 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/12/24 11:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
    [2011/12/24 11:34:23 | 000,001,338 | ---- | M] () -- C:\Users\Barbara\Desktop\Clean Registry for Free!.lnk
    [2011/12/24 11:34:03 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
    [2011/12/24 11:34:02 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/24 11:34:01 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
    [2011/12/24 11:33:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/24 11:33:49 | 2358,595,584 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/23 22:48:00 | 000,001,174 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/23 21:13:17 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
    [2011/12/23 09:56:55 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2011/12/23 09:48:34 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBarbara.job
    [2011/12/22 17:29:04 | 000,228,983 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2011/12/20 13:37:56 | 000,302,592 | ---- | M] () -- C:\Users\Barbara\Desktop\jckge5xl.exe
    [2011/12/20 13:23:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Barbara\Desktop\dds.com
    [2011/12/19 17:54:59 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
    [2011/12/19 14:02:23 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/12/18 18:49:55 | 000,002,292 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/12/18 13:42:17 | 000,509,150 | ---- | M] () -- C:\Users\Barbara\Desktop\HijackPic.png
    [2011/12/18 13:39:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Barbara\Desktop\HijackThis.exe
    [2011/12/18 12:37:49 | 001,467,912 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/12/17 22:51:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/12/17 22:51:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/14 20:22:12 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
    [2011/12/14 17:23:30 | 000,002,503 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/12/14 17:23:30 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011/12/14 17:02:01 | 000,431,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/11 10:46:36 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011/12/11 10:46:36 | 000,001,597 | ---- | M] () -- C:\Users\Barbara\Desktop\DivX Movies.lnk
    [2011/12/11 10:46:27 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011/11/30 19:06:56 | 000,001,165 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
    [2011/11/30 19:06:56 | 000,001,141 | ---- | M] () -- C:\Users\Barbara\Desktop\AVG PC Tuneup 2011.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/24 11:34:23 | 000,001,338 | ---- | C] () -- C:\Users\Barbara\Desktop\Clean Registry for Free!.lnk
    [2011/12/20 13:37:56 | 000,302,592 | ---- | C] () -- C:\Users\Barbara\Desktop\jckge5xl.exe
    [2011/12/19 17:54:59 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
    [2011/12/18 13:42:17 | 000,509,150 | ---- | C] () -- C:\Users\Barbara\Desktop\HijackPic.png
    [2011/12/18 12:37:23 | 001,467,912 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/12/14 17:32:54 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/11/30 19:06:56 | 000,001,165 | ---- | C] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
    [2011/11/30 19:06:56 | 000,001,141 | ---- | C] () -- C:\Users\Barbara\Desktop\AVG PC Tuneup 2011.lnk
    [2011/08/19 16:54:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011/05/30 19:04:08 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
    [2011/05/20 19:08:32 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySavi2mpeg.dat
    [2011/05/20 19:08:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2011/03/24 19:29:31 | 000,004,608 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/31 20:18:12 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/01/31 20:18:12 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011/01/16 18:31:43 | 000,007,604 | ---- | C] () -- C:\Users\Barbara\AppData\Local\Resmon.ResmonCfg
    [2010/12/01 21:12:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2010/12/01 21:12:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2010/12/01 21:12:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2010/12/01 21:12:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2010/12/01 21:12:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2010/12/01 21:12:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2010/12/01 21:12:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2010/12/01 21:12:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2010/12/01 21:12:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2010/12/01 21:12:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2010/12/01 21:12:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2010/12/01 21:12:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2010/12/01 21:12:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2010/12/01 21:12:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2010/12/01 21:12:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2010/12/01 21:12:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2010/12/01 21:12:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2010/12/01 21:12:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2010/12/01 21:12:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2010/12/01 21:11:17 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
    [2010/11/21 13:04:09 | 000,413,696 | ---- | C] () -- C:\Windows\System32\jsound.dll
    [2010/11/21 13:04:09 | 000,380,928 | ---- | C] () -- C:\Windows\System32\jmmpa.dll
    [2010/11/21 13:04:09 | 000,282,624 | ---- | C] () -- C:\Windows\System32\jmh261.dll
    [2010/11/21 13:04:09 | 000,184,320 | ---- | C] () -- C:\Windows\System32\jmvh263.dll
    [2010/11/21 13:04:09 | 000,143,360 | ---- | C] () -- C:\Windows\System32\jmjpeg.dll
    [2010/11/21 13:04:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\jmh263enc.dll
    [2010/11/21 13:04:09 | 000,098,304 | ---- | C] () -- C:\Windows\System32\jmg723.dll
    [2010/11/21 13:04:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\jmmpegv.dll
    [2010/11/21 13:04:09 | 000,073,728 | ---- | C] () -- C:\Windows\System32\jmutil.dll
    [2010/11/21 13:04:09 | 000,057,344 | ---- | C] () -- C:\Windows\System32\jmgsm.dll
    [2010/11/21 13:04:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jmvfw.dll
    [2010/11/21 13:04:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmvcm.dll
    [2010/11/21 13:04:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmgdi.dll
    [2010/11/21 13:04:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmmci.dll
    [2010/11/21 13:04:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\jmam.dll
    [2010/11/21 13:04:08 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmcvid.dll
    [2010/11/21 13:04:08 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmacm.dll
    [2010/11/21 13:04:08 | 000,040,960 | ---- | C] () -- C:\Windows\System32\jmdaud.dll
    [2010/11/21 13:04:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmfjawt.dll
    [2010/11/21 13:04:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmddraw.dll
    [2010/11/21 13:04:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmdaudc.dll
    [2010/11/18 19:31:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/30 07:44:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/05/14 23:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2010/05/14 23:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2010/05/14 23:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2010/05/14 23:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2010/03/10 15:32:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2009/12/03 13:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/09/30 00:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 06:33:53 | 000,431,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/14 00:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
    [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/02/18 11:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
    [2009/02/03 14:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

    ========== LOP Check ==========

    [2011/11/30 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AVG
    [2011/10/18 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AVG2012
    [2011/03/31 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\EPSON
    [2011/11/24 22:14:36 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\FreeFileViewer
    [2011/07/18 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\go
    [2010/12/27 11:01:42 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Leadertech
    [2011/08/18 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Oberon Media
    [2010/11/18 18:50:47 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\OpenOffice.org
    [2010/11/18 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sony
    [2010/11/18 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sony Setup
    [2011/11/25 07:56:27 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Systweak
    [2010/11/18 21:28:55 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Trusteer
    [2010/11/20 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\WinBatch
    [2011/02/23 11:08:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
    [2011/02/23 11:08:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
    [2011/12/24 11:34:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
    [2011/12/24 11:34:01 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
    [2011/12/23 21:13:17 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
    [2011/12/14 20:22:12 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
    [2011/12/23 09:48:34 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: EXPLORER.EXE >
    [2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2010/08/30 08:40:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
    [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2010/08/30 08:39:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2010/08/30 08:39:01 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2010/08/30 08:40:45 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
    [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/08/30 08:40:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2010/08/30 08:40:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
    [2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < %systemroot%\*. /mp /s >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/21 10:33:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 10:33:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/12/07 13:16:29 | 001,047,096 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/04/21 10:33:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/21 10:33:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 10:33:44 | 000,748,336 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-14 07:45:04

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:AA4982C6
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E1A6780D
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >


    Extras.Txt:

    OTL Extras logfile created on: 24/12/2011 11:38:35 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Barbara\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.31% Memory free
    5.86 Gb Paging File | 3.64 Gb Available in Paging File | 62.14% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 456.16 Gb Total Space | 384.53 Gb Free Space | 84.30% Space Free | Partition Type: NTFS
    Drive D: | 7.59 Gb Total Space | 0.90 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

    Computer Name: BARBARA-HP | User Name: Barbara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03FE0283-AF05-E046-7121-AF0D7BCDBC36}" = CCC Help Norwegian
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{09DF00E6-520C-49D5-B7E0-9612165CACA8}" = OpenOffice.org 3.2
    "{0AC481DF-AE1F-9189-579F-DC8AD38DB0A4}" = CCC Help Japanese
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{0FE2DCFC-4AA7-E12F-BC8C-456455BCFCE3}" = CCC Help Polish
    "{12E80513-E131-EEB9-56E1-AAB7850B7151}" = ATI Stream SDK v2 Developer
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1E6219D4-027E-47EE-AB83-DD2F26E31A32}" = HP Setup
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20561129-42C2-2574-8050-C9C389D6F221}" = ccc-core-static
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{256CC41E-43C4-9A19-763D-0EBBC387CBFB}" = CCC Help Thai
    "{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
    "{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{36B971C3-2592-B65B-C23C-787815B22E72}" = CCC Help Swedish
    "{387152C6-1AAF-E4E0-F9E3-363536F52170}" = CCC Help Korean
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CFB0AE9-90F7-5753-15A8-EFBB1AD7DF05}" = CCC Help Chinese Standard
    "{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding
    "{3EAE89BC-C473-57ED-FEDE-8E93BE966A65}" = Catalyst Control Center Graphics Previews Vista
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
    "{47E3EEF6-A987-0E87-04A9-4E473E347E5B}" = CCC Help German
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
    "{55B0255E-3DF4-E9C7-8724-E8B973B4EAE3}" = CCC Help French
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6A12421F-CD12-6A69-8669-D3B8D8B13C68}" = ATI Problem Report Wizard
    "{6E30650C-81B1-9AD2-812E-DBAA19763B8B}" = HydraVision
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7234FAA6-CCFB-0D04-6854-8F4969A078E2}" = ccc-utility
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{91310B50-AB3F-3D8A-3A5B-79EC53321705}" = CCC Help Hungarian
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{94F44DC7-50BF-8C1B-873D-F8B0E2B1D6A2}" = Catalyst Control Center Graphics Previews Common
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{966C6CEF-4CF5-E1B8-4C77-5EBD8CD3FF40}" = CCC Help English
    "{9933FF7C-EF3C-0C8A-6F72-2DC470A3A30E}" = FlipToast
    "{99DC703F-ADB3-0264-268B-C635FD4E34B7}" = CCC Help Finnish
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9FE384DE-1FA2-6EE5-F714-9C219CAE6035}" = ATI Catalyst Install Manager
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB805DDA-181C-B2A5-AB9A-4563770E1D99}" = CCC Help Greek
    "{AB8943A3-4937-8370-930A-E1D2D03C602D}" = CCC Help Czech
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{B94F0C3C-4BB3-1EAE-FED1-6A6422B720EA}" = CCC Help Russian
    "{BC7B086C-1AF2-DCEF-28F0-83120EFF8E5F}" = CCC Help Turkish
    "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
    "{CAF1F932-1B1C-DA4F-ACBA-8628329B0CC0}" = CCC Help Dutch
    "{CDE20BED-564E-4086-0731-BF25873EE22D}" = CCC Help Portuguese
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype&#8482; 5.3
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E171F5DA-6F17-472D-A223-92468142C5E8}" = AVG 2012
    "{E2D13989-3B82-33A2-0F51-1309178B2CD9}" = CCC Help Italian
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E5A45A09-4E51-6FAC-815A-A89940983069}" = CCC Help Danish
    "{E6C2BA8B-F1C3-C50E-9C7B-8B5E6EC24ADF}" = CCC Help Chinese Traditional
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F23E846D-4CFA-2D7B-BA94-FA6FA7D9102A}" = Catalyst Control Center Localization All
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F6C91BE9-7786-922D-716E-BB1613755F00}" = CCC Help Spanish
    "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "alotAppbar" = ALOT Appbar
    "AVG" = AVG 2012
    "com.w3i.FlipToast" = FlipToast
    "DivX Setup" = DivX Setup
    "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
    "EPSON Printer and Utilities" = EPSON Printer Software
    "EPSON Stylus C90_91_D92 User&#8217;s Guide" = EPSON Stylus C90_91_D92 Manual
    "EZ AVI TO MPEG Converter_is1" = EZ AVI TO MPEG Converter 3.00
    "ffdshow_is1" = ffdshow v1.1.3949 [2011-07-25]
    "FreeFileViewer_is1" = Free File Viewer 2011
    "GamesBar" = GamesBar 2.0.1.82
    "Google Chrome" = Google Chrome
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}" = InterVideo WinDVD 8
    "Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Network Play System (Patching)" = Network Play System (Patching)
    "PDF Complete" = PDF Complete Special Edition
    "PKR" = PKR
    "Rapport_msi" = Rapport
    "RegClean Pro_is1" = RegClean Pro
    "StarCraft II" = StarCraft II
    "The Sims" = The Sims
    "Trusted Software Assistant_is1" = File Type Assistant
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 beta 1 (32-bit)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Game Organizer" = EasyBits GO
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 17/12/2011 18:36:02 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8112

    Error - 17/12/2011 18:36:02 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8112

    Error - 17/12/2011 18:36:03 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 17/12/2011 18:36:03 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9126

    Error - 17/12/2011 18:36:03 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9126

    Error - 17/12/2011 18:36:04 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 17/12/2011 18:36:04 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10140

    Error - 17/12/2011 18:36:04 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10140

    Error - 18/12/2011 12:46:17 | Computer Name = Barbara-HP | Source = Bonjour Service | ID = 100
    Description = Client application bug: DNSServiceResolve(28:6a:ba:23:e6:2d@fe80::2a6a:baff:fe23:e62d._apple-mobdev._tcp.local.)
    active for over two minutes. This places considerable burden on the network.

    Error - 18/12/2011 13:00:02 | Computer Name = Barbara-HP | Source = Windows Backup | ID = 4103
    Description =

    [ Hewlett-Packard Events ]
    Error - 21/12/2010 14:10:08 | Computer Name = Barbara-HP | Source = Hewlett-Packard | ID = 0
    Description = el-GR Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    Error - 23/03/2011 13:55:05 | Computer Name = Barbara-HP | Source = Hewlett-Packard | ID = 0
    Description = el-GR Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    Error - 28/03/2011 11:12:11 | Computer Name = Barbara-HP | Source = Hewlett-Packard | ID = 0
    Description = el-GR Could not find file 'C:\Program Files\Hewlett-Packard\HP Support
    Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
    errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
    mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
    bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
    Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
    FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at
    System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
    Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

    at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

    Error - 13/10/2011 09:50:42 | Computer Name = Barbara-HP | Source = hpsa_service.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
    category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

    at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

    at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
    Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
    Object '/59f4275c_f8ac_4b42_a4d4_8335fad22b39/t0cw8wab40hxpueve_t0kt6c_5.rem' has
    been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
    06.00.01.01 Path: C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    Format:
    en-US RAM: 2999 Ram Utilization: 50 TargetSite: Void UpdateDetail(System.String)

    [ System Events ]
    Error - 07/12/2011 13:57:05 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Google
    Software Updater service to connect.

    Error - 08/12/2011 02:59:32 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Peer
    Networking Identity Manager service to connect.

    Error - 08/12/2011 02:59:32 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7000
    Description = The Peer Networking Identity Manager service failed to start due to
    the following error: %%1053

    Error - 08/12/2011 02:59:32 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7001
    Description = The Peer Networking Grouping service depends on the Peer Networking
    Identity Manager service which failed to start because of the following error:
    %%1053

    Error - 08/12/2011 02:59:32 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7001
    Description = The Peer Name Resolution Protocol service depends on the Peer Networking
    Identity Manager service which failed to start because of the following error:
    %%1053

    Error - 13/12/2011 12:48:56 | Computer Name = Barbara-HP | Source = Service Control Manager | ID = 7023
    Description = The Workstation service terminated with the following error: %%14

    Error - 20/12/2011 07:27:28 | Computer Name = Barbara-HP | Source = DCOM | ID = 10016
    Description =

    Error - 20/12/2011 07:27:28 | Computer Name = Barbara-HP | Source = DCOM | ID = 10016
    Description =

    Error - 20/12/2011 09:01:48 | Computer Name = Barbara-HP | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 2:21:35 &#956;&#956; on ?20/?12/?2011 was unexpected.

    Error - 20/12/2011 09:01:48 | Computer Name = BARBARA-HP | Source = BugCheck | ID = 1001
    Description =


    < End of report >


    Merry Xmas :)
     
  6. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.

    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
      IE - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro)
      O2 - BHO: (GamesBarBHO Class) - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
      O3 - HKLM\..\Toolbar: (GamesBar) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\2.0.1.82\oberontb.dll (Oberon Media Ltd.)
      O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro)
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O4 - HKU\S-1-5-21-1858584796-2964893575-1683831881-1002..\Run: [SearchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
      O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
      O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafee.com (http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafee.com (https in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
      O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O33 - MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\Shell - "" = AutoRun
      O33 - MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\Shell\AutoRun\command - "" = L:\Startme.exe
      [2011/12/24 11:34:23 | 000,001,338 | ---- | C] () -- C:\Users\Barbara\Desktop\Clean Registry for Free!.lnk
      [2011/12/24 11:34:03 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
      [2011/12/24 11:34:01 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\PC Optimizer Pro startups.job
      [2011/12/23 21:13:17 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
      [2011/12/14 20:22:12 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
      [2011/12/23 09:48:34 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
      @Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:AA4982C6
      @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
      @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E1A6780D
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMPFC5A2B2
      :System
      mfetdik
      MfeRKDK
      mfehidk
      MfeBOPK
      MfeAVFK
      :Files
      ipconfig /flushdns /c
      C:\Windows\System32\drivers\mfetdik.sys
      C:\Windows\System32\drivers\mferkdk.sys
      C:\Windows\System32\drivers\mfehidk.sys
      C:\Windows\System32\drivers\mfebopk.sys
      C:\Windows\System32\drivers\mfeavfk.sys
      c:\users\barbara\appdata\roaming\Systweak
      c:\windows\system32\roboot.exe
      c:\program files\RegClean Pro
      :Commands
      [emptytemp]
      [CREATERESTOREPOINT]
      [Reboot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done. Let me see the log.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    What i`d like in your reply:

    Log from OTL fix
    Log from OTL quick scan
    Update on issues/concerns...

    Kevin
     
  7. jolly1808

    jolly1808 Thread Starter

    Joined:
    Mar 25, 2006
    Messages:
    65
    Hey Kevin

    Stuff look good, the program no longer runs on start up and seems to be wiped from my pc

    Here is the fix log:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ deleted successfully.
    C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}\ deleted successfully.
    C:\Program Files\GamesBar\2.0.1.82\oberontb.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}\ deleted successfully.
    File C:\Program Files\GamesBar\2.0.1.82\oberontb.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A531D99C-5A22-449b-83DA-872725C6D0ED} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A531D99C-5A22-449b-83DA-872725C6D0ED}\ deleted successfully.
    C:\Program Files\alotappbar\bin\alothelper.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1858584796-2964893575-1683831881-1002\Software\Microsoft\Windows\CurrentVersion\Run\\SearchEngineProtection deleted successfully.
    C:\Program Files\GamesBar\SearchEngineProtection.exe moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4c3a-B38E-9654A7003239}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A93C934-025B-4c3a-B38E-9654A7003239}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//about.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Exclude.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//LanguageSelection.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Message.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryCmd.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyAgttryNag.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//MyNotification.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//NOCLessUpdate.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//quarantine.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//ScanNow.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//strings.vbs/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Template.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//Update.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\//VirFound.htm/\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafee.com\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\betavscan\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\vs\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mcafeeasap.com\www\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17736ee2-f334-11df-a9f5-6c626d56578a}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17736ee2-f334-11df-a9f5-6c626d56578a}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17736ee2-f334-11df-a9f5-6c626d56578a}\ not found.
    File L:\Startme.exe not found.
    C:\Users\Barbara\Desktop\Clean Registry for Free!.lnk moved successfully.
    C:\Windows\Tasks\FreeFileViewerUpdateChecker.job moved successfully.
    C:\Windows\Tasks\PC Optimizer Pro startups.job moved successfully.
    C:\Windows\Tasks\RegClean Pro_DEFAULT.job moved successfully.
    C:\Windows\Tasks\RegClean Pro_UPDATES.job moved successfully.
    File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
    ADS C:\ProgramData\TEMP:AA4982C6 deleted successfully.
    ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
    ADS C:\ProgramData\TEMP:E1A6780D deleted successfully.
    Unable to delete ADS C:\ProgramData\TEMPFC5A2B2 .
    Error: Unable to interpret <:System> in the current context!
    Error: Unable to interpret <mfetdik> in the current context!
    Error: Unable to interpret <MfeRKDK> in the current context!
    Error: Unable to interpret <mfehidk> in the current context!
    Error: Unable to interpret <MfeBOPK> in the current context!
    Error: Unable to interpret <MfeAVFK> in the current context!
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Barbara\Desktop\cmd.bat deleted successfully.
    C:\Users\Barbara\Desktop\cmd.txt deleted successfully.
    C:\Windows\System32\drivers\mfetdik.sys moved successfully.
    C:\Windows\System32\drivers\mferkdk.sys moved successfully.
    C:\Windows\System32\drivers\mfehidk.sys moved successfully.
    C:\Windows\System32\drivers\mfebopk.sys moved successfully.
    C:\Windows\System32\drivers\mfeavfk.sys moved successfully.
    c:\users\barbara\appdata\roaming\Systweak\RegClean Pro\Version 6.1 folder moved successfully.
    c:\users\barbara\appdata\roaming\Systweak\RegClean Pro folder moved successfully.
    c:\users\barbara\appdata\roaming\Systweak folder moved successfully.
    c:\windows\system32\roboot.exe moved successfully.
    c:\program files\RegClean Pro folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Barbara
    ->Temp folder emptied: 75970798 bytes
    ->Temporary Internet Files folder emptied: 1189610856 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 343920490 bytes
    ->Apple Safari cache emptied: 1289216 bytes
    ->Flash cache emptied: 15127 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 56475 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 23085902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,558.00 mb



    OTL by OldTimer - Version 3.2.31.0 log created on 12242011_124350

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
    C:\Users\Barbara\AppData\Local\Temp\VGX449D.tmp moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Barbara\AppData\Local\Trusteer\Rapport\user\logs\koan.5184.log moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T58I0PNU\ads[3].htm moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDXUPQIQ\1031741-trouble-uninstalling-spyware-regclean-pro[1].htm moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7TMK3BA8\ads[4].htm moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

    Registry entries deleted on Reboot...

    And a quick scan:

    OTL logfile created on: 24/12/2011 12:51:45 - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Barbara\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 50.49% Memory free
    5.86 Gb Paging File | 3.66 Gb Available in Paging File | 62.50% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 456.16 Gb Total Space | 389.33 Gb Free Space | 85.35% Space Free | Partition Type: NTFS
    Drive D: | 7.59 Gb Total Space | 0.90 Gb Free Space | 11.79% Space Free | Partition Type: NTFS

    Computer Name: BARBARA-HP | User Name: Barbara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/24 11:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
    PRC - [2011/12/07 10:47:54 | 000,855,904 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
    PRC - [2011/12/07 10:47:53 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2011/11/11 13:22:04 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2011/10/21 14:06:26 | 000,433,872 | ---- | M] (Sony Ericsson) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
    PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    PRC - [2011/10/10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
    PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    PRC - [2011/05/22 15:25:38 | 000,292,208 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
    PRC - [2011/04/26 15:18:20 | 000,075,120 | ---- | M] (Driver-Soft Inc.) -- C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe
    PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/01/31 20:18:03 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/01/31 20:18:03 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/29 22:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
    PRC - [2010/05/21 00:55:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2010/05/21 00:54:56 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2010/05/07 18:35:22 | 000,165,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2009/06/18 18:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
    PRC - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2011/12/07 10:47:53 | 000,827,232 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
    MOD - [2011/10/19 10:12:26 | 000,204,800 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
    MOD - [2011/10/13 22:16:35 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
    MOD - [2011/10/13 22:16:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
    MOD - [2011/10/13 22:16:13 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
    MOD - [2011/10/13 22:16:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
    MOD - [2011/10/13 22:16:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
    MOD - [2011/10/13 22:15:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
    MOD - [2011/10/13 22:15:52 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
    MOD - [2011/10/13 22:15:40 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
    MOD - [2011/08/07 18:07:47 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
    MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
    MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
    MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
    MOD - [2010/12/13 13:52:46 | 000,074,960 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
    MOD - [2010/12/13 09:58:50 | 000,047,616 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\TMonitorAPI.dll
    MOD - [2010/11/18 17:44:02 | 000,139,264 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2010/10/29 22:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
    MOD - [2010/10/29 22:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
    MOD - [2010/09/07 20:38:44 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MOD - [2010/05/14 23:55:48 | 000,181,592 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\SharedBin\LvApi11.dll
    MOD - [2010/05/07 18:43:52 | 000,651,096 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2010/05/07 18:37:50 | 000,290,648 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2010/05/07 18:36:20 | 000,921,944 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtNetwork4.dll
    MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2010/05/07 18:34:58 | 000,168,792 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
    MOD - [2010/04/12 16:59:12 | 000,098,304 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MOD - [2009/04/22 23:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
    MOD - [2009/04/10 01:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
    MOD - [2009/03/04 00:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
    MOD - [2009/03/04 00:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
    MOD - [2009/03/04 00:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
    MOD - [2009/03/04 00:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
    MOD - [2009/03/04 00:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
    MOD - [2009/03/04 00:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
    MOD - [2009/03/04 00:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
    MOD - [2009/03/04 00:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
    MOD - [2009/03/04 00:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/12/07 10:47:54 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
    SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/06/29 14:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
    SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/05/29 22:25:20 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ezGOSvc.dll -- (ezGOSvc)
    SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/03/18 07:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2011/01/31 20:18:03 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/11/19 13:53:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/05/07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/06/18 18:29:12 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
    SRV - [2007/07/24 20:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/01/05 04:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2006/04/18 06:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/15 21:44:18 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
    DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
    DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
    DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\RapportKELL.sys -- (RapportKELL)
    DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2011/10/04 06:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/08/07 18:07:47 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
    DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/07/11 00:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2011/07/11 00:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/07/11 00:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2011/06/30 08:18:37 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
    DRV - [2011/01/31 20:18:03 | 006,381,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2011/01/31 20:18:03 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/05/15 00:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Pro Webcam C910(UVC)
    DRV - [2010/05/15 00:02:48 | 000,066,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)
    DRV - [2010/05/15 00:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2010/05/14 23:58:58 | 000,020,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvbusflt.sys -- (CompFilter)
    DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2010/01/28 07:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2009/09/17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
    DRV - [2009/05/25 14:35:00 | 000,116,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
    DRV - [2009/05/25 14:34:56 | 000,122,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdm.sys -- (s1029mdm)
    DRV - [2009/05/25 14:34:56 | 000,090,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
    DRV - [2009/05/25 14:34:56 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mdfl.sys -- (s1029mdfl)
    DRV - [2009/05/25 14:34:54 | 000,115,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
    DRV - [2009/05/25 14:34:54 | 000,111,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029obex.sys -- (s1029obex)
    DRV - [2009/05/25 14:34:54 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
    DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2007/04/18 05:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files\Sony\Media Go\npmediago.dll (Sony Creative Software Inc)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/23 09:56:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/14 19:29:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/12/07 10:47:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/11 10:41:55 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Media Go Detector (Enabled) = c:\Program Files\Sony\Media Go\npmediago.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
    CHR - Extension: YouTube = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Google Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: AVG Safe Search = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
    CHR - Extension: Gmail = C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

    O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Starter] C:\Program Files\Driver-Soft\DriverGenius\StarterW3i.exe (Driver-Soft Inc.)
    O4 - HKLM..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe (Driver-Soft Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [EPSON Stylus D92 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
    O4 - Startup: C:\Users\Barbara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} https://vpn.braemarseascope.com/XTSAC.cab (XTSAC Control)
    O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} https://vpn.braemarseascope.com/MLWebCacheCleaner.cab (WebCacheCleaner Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2EB36C9-2A1B-4A0E-877E-99BAF026F073}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/24 12:43:50 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/12/24 11:36:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
    [2011/12/20 13:23:45 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Barbara\Desktop\dds.com
    [2011/12/17 21:43:30 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\Malwarebytes
    [2011/12/17 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/17 21:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/12/17 21:42:24 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/12/17 21:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/15 08:26:53 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
    [2011/12/15 08:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avanquest
    [2011/12/14 17:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/12/14 17:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/12/14 17:32:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/12/11 10:46:04 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Local\DDMSettings
    [2011/12/07 21:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
    [2011/12/07 10:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2011/11/30 19:07:34 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\AVG
    [2011/11/30 19:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
    [2011/11/24 22:11:31 | 000,000,000 | ---D | C] -- C:\Users\Barbara\AppData\Roaming\FreeFileViewer
    [2011/11/24 21:19:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi

    ========== Files - Modified Within 30 Days ==========

    [2011/12/24 12:48:51 | 000,001,170 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/24 12:48:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/24 12:48:27 | 2358,595,584 | -HS- | M] () -- C:\hiberfil.sys
    [2011/12/24 12:48:00 | 000,001,174 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/24 12:47:46 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/24 12:47:46 | 000,015,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/24 11:39:48 | 085,062,687 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/12/24 11:36:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Barbara\Desktop\OTL.exe
    [2011/12/23 09:56:55 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2011/12/23 09:48:34 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBarbara.job
    [2011/12/22 17:29:04 | 000,228,983 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2011/12/20 13:23:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Barbara\Desktop\dds.com
    [2011/12/19 17:54:59 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
    [2011/12/19 14:02:23 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/12/18 18:49:55 | 000,002,292 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/12/18 12:37:49 | 001,467,912 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/12/17 22:51:15 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/12/17 22:51:15 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/14 17:23:30 | 000,002,503 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/12/14 17:23:30 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011/12/14 17:02:01 | 000,431,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/11 10:46:36 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
    [2011/12/11 10:46:36 | 000,001,597 | ---- | M] () -- C:\Users\Barbara\Desktop\DivX Movies.lnk
    [2011/12/11 10:46:27 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
    [2011/11/30 19:06:56 | 000,001,165 | ---- | M] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
    [2011/11/30 19:06:56 | 000,001,141 | ---- | M] () -- C:\Users\Barbara\Desktop\AVG PC Tuneup 2011.lnk

    ========== Files Created - No Company Name ==========

    [2011/12/19 17:54:59 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
    [2011/12/18 12:37:23 | 001,467,912 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/12/14 17:32:54 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/11/30 19:06:56 | 000,001,165 | ---- | C] () -- C:\Users\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
    [2011/11/30 19:06:56 | 000,001,141 | ---- | C] () -- C:\Users\Barbara\Desktop\AVG PC Tuneup 2011.lnk
    [2011/08/19 16:54:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011/05/30 19:04:08 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
    [2011/05/20 19:08:32 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySavi2mpeg.dat
    [2011/05/20 19:08:27 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2011/03/24 19:29:31 | 000,004,608 | ---- | C] () -- C:\Users\Barbara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/31 20:18:12 | 000,219,348 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2011/01/31 20:18:12 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat
    [2011/01/16 18:31:43 | 000,007,604 | ---- | C] () -- C:\Users\Barbara\AppData\Local\Resmon.ResmonCfg
    [2010/12/01 21:12:57 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
    [2010/12/01 21:12:57 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
    [2010/12/01 21:12:57 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
    [2010/12/01 21:12:57 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
    [2010/12/01 21:12:57 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
    [2010/12/01 21:12:57 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
    [2010/12/01 21:12:57 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
    [2010/12/01 21:12:57 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
    [2010/12/01 21:12:57 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
    [2010/12/01 21:12:57 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
    [2010/12/01 21:12:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
    [2010/12/01 21:12:57 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
    [2010/12/01 21:12:57 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
    [2010/12/01 21:12:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
    [2010/12/01 21:12:57 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
    [2010/12/01 21:12:57 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
    [2010/12/01 21:12:57 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
    [2010/12/01 21:12:57 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
    [2010/12/01 21:12:57 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
    [2010/12/01 21:11:17 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
    [2010/11/21 13:04:09 | 000,413,696 | ---- | C] () -- C:\Windows\System32\jsound.dll
    [2010/11/21 13:04:09 | 000,380,928 | ---- | C] () -- C:\Windows\System32\jmmpa.dll
    [2010/11/21 13:04:09 | 000,282,624 | ---- | C] () -- C:\Windows\System32\jmh261.dll
    [2010/11/21 13:04:09 | 000,184,320 | ---- | C] () -- C:\Windows\System32\jmvh263.dll
    [2010/11/21 13:04:09 | 000,143,360 | ---- | C] () -- C:\Windows\System32\jmjpeg.dll
    [2010/11/21 13:04:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\jmh263enc.dll
    [2010/11/21 13:04:09 | 000,098,304 | ---- | C] () -- C:\Windows\System32\jmg723.dll
    [2010/11/21 13:04:09 | 000,077,824 | ---- | C] () -- C:\Windows\System32\jmmpegv.dll
    [2010/11/21 13:04:09 | 000,073,728 | ---- | C] () -- C:\Windows\System32\jmutil.dll
    [2010/11/21 13:04:09 | 000,057,344 | ---- | C] () -- C:\Windows\System32\jmgsm.dll
    [2010/11/21 13:04:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\jmvfw.dll
    [2010/11/21 13:04:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmvcm.dll
    [2010/11/21 13:04:09 | 000,036,864 | ---- | C] () -- C:\Windows\System32\jmgdi.dll
    [2010/11/21 13:04:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmmci.dll
    [2010/11/21 13:04:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\jmam.dll
    [2010/11/21 13:04:08 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmcvid.dll
    [2010/11/21 13:04:08 | 000,049,152 | ---- | C] () -- C:\Windows\System32\jmacm.dll
    [2010/11/21 13:04:08 | 000,040,960 | ---- | C] () -- C:\Windows\System32\jmdaud.dll
    [2010/11/21 13:04:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmfjawt.dll
    [2010/11/21 13:04:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\jmddraw.dll
    [2010/11/21 13:04:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\jmdaudc.dll
    [2010/11/18 19:31:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/08/30 07:44:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/05/14 23:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2010/05/14 23:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2010/05/14 23:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2010/05/14 23:47:00 | 000,090,071 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2010/05/07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
    [2010/03/10 15:32:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
    [2009/12/03 13:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/09/30 00:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
    [2009/07/14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 06:33:53 | 000,431,528 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/14 04:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/14 04:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/07/14 00:09:19 | 001,498,564 | ---- | C] () -- C:\Windows\System32\igkrng400.bin
    [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/02/18 11:55:22 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
    [2009/02/03 14:52:04 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe

    ========== LOP Check ==========

    [2011/11/30 19:07:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AVG
    [2011/10/18 20:58:49 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\AVG2012
    [2011/03/31 15:16:06 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\EPSON
    [2011/11/24 22:14:36 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\FreeFileViewer
    [2011/07/18 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\go
    [2010/12/27 11:01:42 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Leadertech
    [2011/08/18 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Oberon Media
    [2010/11/18 18:50:47 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\OpenOffice.org
    [2010/11/18 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sony
    [2010/11/18 20:02:52 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Sony Setup
    [2010/11/18 21:28:55 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\Trusteer
    [2010/11/20 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\Barbara\AppData\Roaming\WinBatch
    [2011/12/23 09:48:34 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >


    Looks good ?
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Ok, do the following:

    Step 1

    [​IMG] Please download Malwarebytes Anti-Malware and save it to your desktop.
    Alernative D/L mirror
    Alternative D/L mirror

    Double Click mbam-setup.exe to install the application. If already installed just update and run as below...

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    Step 2

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Let me see the two logs....
     
  9. jolly1808

    jolly1808 Thread Starter

    Joined:
    Mar 25, 2006
    Messages:
    65
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 911122502

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    25/12/2011 14:13:47
    mbam-log-2011-12-25 (14-13-47).txt

    Scan type: Quick scan
    Objects scanned: 168949
    Time elapsed: 2 minute(s), 34 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Results of screen317's Security Check version 0.99.30
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    AVG 2012
    AVG PC Tuneup 2011
    AVG 2012
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    AVG PC Tuneup 2011
    Java Media Framework 2.1.1e
    Java(TM) 6 Update 20
    Java(TM) 6 Update 29
    Java version out of date!
    Adobe Reader X (10.1.1)
    Mozilla Firefox (for..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````


    Guess ill update Java :)
     
  10. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    OK, couple of things still to do:

    Step 1

    Re-Run [​IMG] by double left click, Vista and Widows 7 users right click and select Run as Administrator.
    • Under the [​IMG] box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      mfetdik
      MfeRKDK
      mfehidk
      MfeBOPK
      MfeAVFK
      :Files
      
      :commands
      [EmptyTemp]
      [ClearAllRestorePoints]
      [ReBoot]
      
    • Then click [​IMG] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Save the log it produces as we will continue and clean up

    Step 2

    • Re-open [​IMG] to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
    • Click on the [​IMG] button.
    • Click Yes to begin the cleanup process and remove tools, including this application
    • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

    Step 3

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 30.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer

    Select > Start > Control Panel > Uninstall a Program, make sure old versions of Java are removed...

    Let me see the log from OTL, let me know if all steps completed OK

    Kevin....
     
  11. jolly1808

    jolly1808 Thread Starter

    Joined:
    Mar 25, 2006
    Messages:
    65
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    Service mfetdik stopped successfully!
    Service mfetdik deleted successfully!
    Service MfeRKDK stopped successfully!
    Service MfeRKDK deleted successfully!
    Service mfehidk stopped successfully!
    Service mfehidk deleted successfully!
    Service MfeBOPK stopped successfully!
    Service MfeBOPK deleted successfully!
    Service MfeAVFK stopped successfully!
    Service MfeAVFK deleted successfully!
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Barbara
    ->Temp folder emptied: 67172201 bytes
    ->Temporary Internet Files folder emptied: 110343397 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 6980539 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 2724 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2544549 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 178.00 mb



    OTL by OldTimer - Version 3.2.31.0 log created on 12262011_120605

    Files\Folders moved on Reboot...
    C:\Users\Barbara\AppData\Local\Temp\VGXD326.tmp moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Barbara\AppData\Local\Trusteer\Rapport\user\logs\koan.5576.log moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTAE0GEM\ads[10].htm moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTAE0GEM\ads[9].htm moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VUB08OI3\si[2].htm moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GN9D9T9J\1031741-trouble-uninstalling-spyware-regclean-pro[1].htm moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Barbara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

    Registry entries deleted on Reboot...

    On Step 2, I ran the Clean Up and when the pc rebooted there was no log and the OTL program was removed from my computer. Is that ok ?

    Step 3: Done ! Removed old java versions and installed new
     
  12. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    Excellent! if no more issues here are some tips to reduce the potential for malware infection in the future:
    Make proper use of your antivirus and firewall

    Antivirus and Firewall programs are integral to your computer security. However, just having them installed is
    n't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

    You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

    Install and use WinPatrol This will inform you of any attempted unauthorized changes to your system.

    WinPatrol features explained Here

    You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here Before clicking the Start scan button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing.... [​IMG]
    ...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

    Use a safer web browser

    Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

    Firefox,

    Opera, and

    Chrome.

    All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

    These browser add-ons will help to make your browser safer:

    Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

    Available for Firefox and Internet Explorer.

    Green to go,
    Yellow for caution, and
    Red to stop.


    Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

    These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

    Here a couple of links by two security experts that will give some excellent tips and advice.

    So how did I get infected in the first place by Tony Klein

    How to prevent Malware by Miekiemoes

    Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

    Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

    If no remaining issues hit the “Mark Solved” tab at the top of the thread,

    Take care,

    Kevin
     
  13. jolly1808

    jolly1808 Thread Starter

    Joined:
    Mar 25, 2006
    Messages:
    65
    Solved!
    Many thanks for your help
    Regards
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,161
    You`re welcome......:)
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1031741