Jump to content

LONDONJON

Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

Tech Info

  • Experience
    some_experience
  • System: windows_xp_home

LONDONJON's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. LONDONJON
    thank you mate, much appreciated
  2. LONDONJON
    hey there Starbuck, sorry I should have said last wk I was going offline for a few days (I work away so only have access to my PC during the week) - thanks for your continued help, posting below the outputs of that scan you mentioned. Cheers...Jon ---- OTL logfile created on: 28/05/2012 21:31:37 - Run 4 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.04% Memory free 4.22 Gb Paging File | 3.42 Gb Available in Paging File | 80.94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.36 Gb Total Space | 81.84 Gb Free Space | 17.97% Space Free | Partition Type: NTFS Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS Computer Name: JON-PC | User Name: Jon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jon\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe () PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll () MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\System32\atitmmxx.dll () ========== Win32 Services (SafeList) ========== SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe () SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- File not found DRV - (NwlnkFlt) -- File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb IE - HKLM\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb IE - HKCU\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 20:19:43 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION) O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-GB\local\search.html () O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C682665-40C2-4127-9373-02E2D37B5246}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B3FDED-400C-475D-BEC1-335D36450AB2}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/07 22:30:17 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell - "" = AutoRun O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell - "" = AutoRun O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe O33 - MountPoints2\{a40e2fb7-d2aa-11dd-90f1-001e8c8a4f1e}\Shell\AutoRun\command - "" = K:\WDSetup.exe O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell - "" = AutoRun O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\WDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/22 23:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/05/22 20:03:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/05/22 20:03:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/05/22 20:03:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2012/05/22 20:03:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/05/22 20:00:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/22 19:58:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/22 19:56:44 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/05/09 22:16:10 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes [2012/05/09 22:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/09 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/09 22:15:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/05/09 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2012/05/28 21:40:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EFAAFC8B-95ED-48A4-B66D-7B949E1599CF}.job [2012/05/28 21:34:05 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/28 21:34:05 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/28 21:00:15 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000Core.job [2012/05/28 21:00:13 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000UA.job [2012/05/28 20:40:13 | 000,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/28 20:40:13 | 000,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/28 20:33:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/23 06:26:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/05/22 23:14:54 | 000,001,682 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk [2012/05/21 21:02:52 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2012/05/21 21:02:52 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2012/05/15 20:43:11 | 000,001,089 | ---- | M] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk [2012/05/15 20:35:16 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Desktop\MBR.dat [2012/05/15 20:18:15 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Documents\MBR.dat [2012/05/09 22:15:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ========== Files Created - No Company Name ========== [2012/05/22 23:14:54 | 000,001,682 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk [2012/05/22 20:03:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/05/22 20:03:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/05/22 20:03:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/05/22 20:03:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/05/22 20:03:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/05/15 20:42:52 | 000,001,089 | ---- | C] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk [2012/05/15 20:35:16 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Desktop\MBR.dat [2012/05/15 20:18:15 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Documents\MBR.dat [2012/05/09 22:15:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/12 20:28:26 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/12/12 20:28:26 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/06/02 13:01:52 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report >
  3. LONDONJON
    hey Starbuck, no threats found (it took quirte a while to run)...
  4. LONDONJON
    sorry Starbuck I'm afraid I'm proving to be something of a dead loss at this. I've tried it in both Chrome and IE and getting the same. I click Link 1 and a small box appears at the bottom of the screen for combofix - I click it and get the option to either run or cancel. I click run and then a box appears in the middle of the screen with green text in and a load of processes running and a progress bar on top. the detail on the bottom of the box is 12-05-22.02. This simultaneously closes down any windows that are open and then a blue box appears saying that combofix is seeking a system restore point and thats pretty much it.
  5. LONDONJON
    Chrome...
  6. LONDONJON
    Hey Starbuck, having some problems getting Combo fix installed - for example I dont get the screen you show underneath Link 2, I get one thats just asking if I want to run it ? I have done that c ouple of times and then a small box with green writing comes up (it closes down the internet) and then nothing...? I tried right clicking on the link and doing save target as...combo-fix to my desk top and that put an icon on my desktop, when I double click it I just get the same green writing in a small box ? I also get a small box appearing called administrator saying 'combofix attempting to run' and 'attempting to create system restore point'....I'm sure it's user error my end but I'm not getting the same screens as you ? Cheers Jon
  7. LONDONJON
    and this is the 'OTL.txt : OTL logfile created on: 21/05/2012 23:40:05 - Run 3 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.95% Memory free 4.22 Gb Paging File | 3.17 Gb Available in Paging File | 75.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.36 Gb Total Space | 77.29 Gb Free Space | 16.97% Space Free | Partition Type: NTFS Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS Computer Name: JON-PC | User Name: Jon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jon\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe () PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Windows\System32\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll () MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll () MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\System32\atitmmxx.dll () ========== Win32 Services (SafeList) ========== SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe () SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- File not found DRV - (NwlnkFlt) -- File not found DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found DRV - (IpInIp) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb IE - HKLM\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb IE - HKCU\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 20:19:43 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION) O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-GB\local\search.html () O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C682665-40C2-4127-9373-02E2D37B5246}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B3FDED-400C-475D-BEC1-335D36450AB2}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/07 22:30:17 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell - "" = AutoRun O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell - "" = AutoRun O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe O33 - MountPoints2\{a40e2fb7-d2aa-11dd-90f1-001e8c8a4f1e}\Shell\AutoRun\command - "" = K:\WDSetup.exe O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell - "" = AutoRun O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\WDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/05/09 22:16:10 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes [2012/05/09 22:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/09 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/09 22:15:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/05/09 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/24 20:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\AVG Secure Search [2012/04/24 20:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/04/24 20:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/04/24 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012/04/24 20:13:00 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\FixCleaner [2012/04/24 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner [2012/04/24 20:12:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers ========== Files - Modified Within 30 Days ========== [2012/05/21 23:34:19 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/21 23:34:18 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/21 23:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/21 23:31:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/05/21 23:28:34 | 000,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/21 23:28:34 | 000,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/21 23:05:56 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EFAAFC8B-95ED-48A4-B66D-7B949E1599CF}.job [2012/05/21 23:00:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000UA.job [2012/05/21 21:02:52 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2012/05/21 21:02:52 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2012/05/21 21:00:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000Core.job [2012/05/15 20:43:11 | 000,001,089 | ---- | M] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk [2012/05/15 20:35:16 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Desktop\MBR.dat [2012/05/15 20:18:15 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Documents\MBR.dat [2012/05/09 22:15:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ========== Files Created - No Company Name ========== [2012/05/15 20:42:52 | 000,001,089 | ---- | C] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk [2012/05/15 20:35:16 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Desktop\MBR.dat [2012/05/15 20:18:15 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Documents\MBR.dat [2012/05/09 22:15:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/12 20:28:26 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/12/12 20:28:26 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/06/02 13:01:52 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report >
  8. LONDONJON
    This is the extras.txt : OTL Extras logfile created on: 21/05/2012 23:40:05 - Run 3 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.95% Memory free 4.22 Gb Paging File | 3.17 Gb Available in Paging File | 75.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.36 Gb Total Space | 77.29 Gb Free Space | 16.97% Space Free | Partition Type: NTFS Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS Computer Name: JON-PC | User Name: Jon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{33CD07B3-0AE3-4D5B-B525-6BB6C4CF30CC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{6259BD51-FC14-4513-938C-04B12F2A784E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{650C3AD4-0186-46EC-B3AF-24DF6EC60E37}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{691DA1D5-BD94-47D2-A24B-6D3FD3D4E914}" = protocol=6 | dir=in | app=c:\users\jon\appdata\local\temp\7zsd95f.tmp\symnrt.exe | "{73928C97-E0E6-4655-92CD-17AF108EC6FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{9F06FFCB-34C7-4E74-81FF-150DEDAEC24F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BA1991E9-4922-4070-AEE2-1D20777E0889}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CACDB922-0977-4CC9-B7C6-2BC894F3E158}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D95BD0C1-2716-427C-BC88-5F9700AE604F}" = dir=in | app=c:\program files\itunes\itunes.exe | "{EAA4EAEF-69C2-482E-94D9-5C873FF6FF48}" = protocol=17 | dir=in | app=c:\users\jon\appdata\local\temp\7zsd95f.tmp\symnrt.exe | "{EFF79DE1-8183-4B47-8A23-180D8058C225}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{F8F0CD10-292A-4C8E-B46A-1D447C57D4AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FBEACA1A-9F82-4835-B466-40DE33060E0B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{BEA91881-6298-4D3F-9600-C03F60710C5A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F25E3AAD-DC3B-459A-8CCE-55F3565F3938}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EC923-4B05-D008-CBEC-7403ED383923}" = CCC Help Danish "{09AF88A0-1895-E3CE-506A-FBA159EABC90}" = Catalyst Control Center Localization Greek "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0A3A7A33-B6F5-6643-E98D-0AC5DD6493EE}" = CCC Help Thai "{0D9ABD1F-786F-0D46-C2B4-9766CC22DFB0}" = Catalyst Control Center Graphics Previews Common "{0FD46238-4C18-5173-D133-B07D93599AC7}" = CCC Help Japanese "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{15286CC2-DA82-B166-0D49-3AE8EE35ACD3}" = CCC Help Czech "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CD383EF-2B28-8384-1F08-437965EEE2AC}" = CCC Help Finnish "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{21B9B213-DE8D-10A6-CC00-7053F449DD9B}" = CCC Help Dutch "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding "{2ED1D587-9CF4-0216-E314-A7F2D245A051}" = Catalyst Control Center Localization Thai "{31787FDD-D9FB-C812-4A61-93A1C6B61568}" = ATI Catalyst Install Manager "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{3530A86D-0151-BADE-7D8B-2BE5E573B7FE}" = Catalyst Control Center Graphics Full New "{37F8AD37-33BD-A92F-1C61-F1E3BC257A52}" = CCC Help Korean "{3CB4DE6B-0063-F6CF-4D5E-C5AC574727DB}" = Catalyst Control Center Localization Czech "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager "{4880CDEC-46B5-ECCB-0629-DCC5B59378BD}" = Catalyst Control Center Localization Chinese Traditional "{4A15E552-7701-9671-4A5F-D2AD5D90BD1F}" = Catalyst Control Center Localization Polish "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{50FF0E66-C30A-66C2-5557-7A7DE87A2A57}" = CCC Help Turkish "{533A46E3-A450-CD86-E4C2-61CC832149F9}" = Catalyst Control Center Localization Russian "{537C444C-9FD0-07F4-80BE-292B712FA23E}" = CCC Help Russian "{54334E35-0C4E-7DDF-C137-7B3009142372}" = Catalyst Control Center Graphics Light "{5442A47B-0CF1-9928-6B96-98ECED7EC302}" = Skins "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{5840C930-8D3F-797A-42B9-4C3CC4D033FC}" = Catalyst Control Center Localization Korean "{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series "{5E32EB1B-4E61-0A50-BEBC-35C856692F26}" = CCC Help Norwegian "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari "{640A46BE-9E3F-F4CC-29E1-BFC86CCFF16B}" = Catalyst Control Center Localization Chinese Standard "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{6CA7D5C7-42EE-4FEF-66E2-403A151CDA83}" = CCC Help Polish "{71A6311C-8903-7B1D-3D1A-0ACF1065BBAE}" = CCC Help German "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DD1D7EB-4F6B-411F-43A9-BD6BA5FA44D6}" = Catalyst Control Center Localization Finnish "{7EE104D6-75B0-9AD7-C6EF-16793F6AF206}" = CCC Help Greek "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{948001BB-99F4-BA2C-9B92-044F16DAA35E}" = CCC Help Hungarian "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9CD9BB77-92F7-674F-E2D3-CF6D14C672EF}" = Catalyst Control Center Localization Turkish "{9D9AE4AE-450D-909B-64F1-6F137CB4CDCC}" = CCC Help Chinese Traditional "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9DC47B66-E422-EDBF-341C-B544BC3F0D65}" = Catalyst Control Center Graphics Previews Vista "{9F6C988E-9B1C-5038-A4E1-F8817509DAE8}" = Catalyst Control Center Localization Italian "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A55F99F2-D43E-8731-F7F9-3B3AB133A893}" = ccc-utility "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements "{B02BBF6C-FB6E-4BA4-7977-3D03D913BD9E}" = CCC Help Spanish "{B0DE8404-2287-D17A-D483-608CC5D7427F}" = CCC Help Swedish "{B37B43B2-05A2-C0E6-C74B-23184780BD4B}" = CCC Help Chinese Standard "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C4DA680A-657A-E15B-51EE-E71CF527CD80}" = Catalyst Control Center Localization Japanese "{C4F0D5BE-0A7F-017E-66FC-DE96B6AF8F6F}" = CCC Help Italian "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C926ACAF-84DF-BDFD-6825-BC5669940AD0}" = Catalyst Control Center Localization Dutch "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC3CFFD1-0EEF-C9DD-5731-089CAA05EB30}" = CCC Help Portuguese "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D73EA784-FC47-E0AA-46CD-12486F41C252}" = Catalyst Control Center Localization Spanish "{D9A5FF9F-7CEA-4075-8F17-1077026CD98B}" = CCC Help French "{D9ABB34A-C07A-DCE7-21D3-3BB3E343457B}" = ccc-core-static "{DB6CFD79-2AC7-A10E-CE84-13AAA52AE9C2}" = Catalyst Control Center Localization Norwegian "{E053E456-5B00-9D0E-9FC8-7FC23326D487}" = Catalyst Control Center Localization French "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E15C3B8B-E6AE-E417-4D8D-0E53424DFFBB}" = Catalyst Control Center Localization Portuguese "{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1 "{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder "{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1 "{EC3A1D84-E178-56CB-C615-3E2720DD3959}" = Catalyst Control Center Localization Swedish "{EF9B6310-F152-23FD-5ECE-1EA8EDC3BAF6}" = Catalyst Control Center Localization Danish "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F67530B4-606E-4FEF-1555-CB8A5A539C84}" = Catalyst Control Center Graphics Full Existing "{F84DFE70-2803-7068-EFD5-8F91A648DE87}" = Catalyst Control Center Core Implementation "{F8CBC264-23A4-E63B-D112-67BFF6A8AED7}" = Catalyst Control Center Localization Hungarian "{FE46F4D4-CC88-B686-FE10-B2C845FD3BC3}" = CCC Help English "{FEC2EC4D-D096-F5CA-CE9B-D525AB4573F6}" = Catalyst Control Center Localization German "Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AOL Toolbar" = AOL Toolbar 5.0 "AVG Secure Search" = AVG Security Toolbar "Driving Test Success - Hazard Perception_is1" = Hazard Perception 2007/8 "EPSON Scanner" = EPSON Scan "EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual "EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3 "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Microsoft Office Home and Student 60 day trial "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "RealPlayer 6.0" = RealPlayer "Spotify" = Spotify "WildTangent hp Master Uninstall" = HP Games ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09/08/2010 01:17:06 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09/08/2010 01:22:55 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007 Description = Error - 09/08/2010 01:25:46 | Computer Name = Jon-PC | Source = EventSystem | ID = 4621 Description = Error - 12/08/2010 15:28:51 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007 Description = Error - 12/08/2010 15:28:55 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 13/08/2010 08:32:18 | Computer Name = Jon-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x00180f89, process id 0x15bc, application start time 0x01cb3abd624d1fbb. Error - 13/08/2010 12:39:56 | Computer Name = Jon-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1858, application start time 0x01cb3ae3986fcefb. Error - 15/08/2010 14:08:01 | Computer Name = Jon-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 4fc Start Time: 01cb3abd61d04e9b Termination Time: 2683 Error - 20/08/2010 07:23:36 | Computer Name = Jon-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x00231eaa, process id 0x370, application start time 0x01cb4047e26b970b. Error - 20/08/2010 10:23:05 | Computer Name = Jon-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1b94, application start time 0x01cb405a2511f29b. [ System Events ] Error - 21/05/2012 18:00:04 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21/05/2012 18:00:05 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026 Description = Error - 21/05/2012 18:10:15 | Computer Name = Jon-PC | Source = DCOM | ID = 10010 Description = Error - 21/05/2012 18:11:48 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7043 Description = Error - 21/05/2012 18:15:19 | Computer Name = Jon-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0. Please contact your system vendor for technical assistance. Error - 21/05/2012 18:16:02 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21/05/2012 18:16:02 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026 Description = Error - 21/05/2012 18:33:01 | Computer Name = Jon-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0. Please contact your system vendor for technical assistance. Error - 21/05/2012 18:35:01 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 21/05/2012 18:35:01 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >
  9. LONDONJON
    Hey Starbuck, Done as you suggested, removed ad-aware, spybot, Norton et al (still running @ 100CPU though:shocked:) Just about to post results of the next scans... Thanks as ever Jon
  10. LONDONJON
    Brilliant, thanks Starbuck. I'll next be able to get to my PC on Monday as away this weekend but will be sure to take the actions you recommend and let you know how I get on. Thanks again, Jon
  11. LONDONJON
    I see what you mean from your earlier post - they do look the same, at least for the first few lines, these are the only 2 things that come up once the scan completes ? Thanks, Jon
  12. LONDONJON
    OTL Extras logfile created on: 16/05/2012 20:46:50 - Run 2 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.07% Memory free 4.22 Gb Paging File | 2.91 Gb Available in Paging File | 68.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.36 Gb Total Space | 70.72 Gb Free Space | 15.53% Space Free | Partition Type: NTFS Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS Computer Name: JON-PC | User Name: Jon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2284CE7D-7D8C-4A0B-9449-0D6932009733}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{2DFD4752-666D-45A9-A422-C5850F258092}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{33CD07B3-0AE3-4D5B-B525-6BB6C4CF30CC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{3C3F0142-6B1B-42F6-A99E-78C91A55B461}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe | "{45DEFAC4-4C63-4E56-8548-BBE2FD40F868}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{569BEE8A-8CD3-4E38-829A-5DC7CDEBEC16}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{6259BD51-FC14-4513-938C-04B12F2A784E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{650C3AD4-0186-46EC-B3AF-24DF6EC60E37}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{67494F94-5A5B-4CA1-B75B-7FE331A2B340}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{70B5FAD9-7817-4208-A95D-39904DBF88CB}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe | "{73928C97-E0E6-4655-92CD-17AF108EC6FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{8F5733B9-03F2-444E-8756-6C79ACD284C5}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{9F06FFCB-34C7-4E74-81FF-150DEDAEC24F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BA1991E9-4922-4070-AEE2-1D20777E0889}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CACDB922-0977-4CC9-B7C6-2BC894F3E158}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D95BD0C1-2716-427C-BC88-5F9700AE604F}" = dir=in | app=c:\program files\itunes\itunes.exe | "{E6483A37-CD7C-4C1D-9719-088828893FE5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{EFF79DE1-8183-4B47-8A23-180D8058C225}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{F8F0CD10-292A-4C8E-B46A-1D447C57D4AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FBEACA1A-9F82-4835-B466-40DE33060E0B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "TCP Query User{BEA91881-6298-4D3F-9600-C03F60710C5A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F25E3AAD-DC3B-459A-8CCE-55F3565F3938}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{054EC923-4B05-D008-CBEC-7403ED383923}" = CCC Help Danish "{09AF88A0-1895-E3CE-506A-FBA159EABC90}" = Catalyst Control Center Localization Greek "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{0A3A7A33-B6F5-6643-E98D-0AC5DD6493EE}" = CCC Help Thai "{0D9ABD1F-786F-0D46-C2B4-9766CC22DFB0}" = Catalyst Control Center Graphics Previews Common "{0FD46238-4C18-5173-D133-B07D93599AC7}" = CCC Help Japanese "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{15286CC2-DA82-B166-0D49-3AE8EE35ACD3}" = CCC Help Czech "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1CD383EF-2B28-8384-1F08-437965EEE2AC}" = CCC Help Finnish "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{21B9B213-DE8D-10A6-CC00-7053F449DD9B}" = CCC Help Dutch "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding "{2ED1D587-9CF4-0216-E314-A7F2D245A051}" = Catalyst Control Center Localization Thai "{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework "{31787FDD-D9FB-C812-4A61-93A1C6B61568}" = ATI Catalyst Install Manager "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{3530A86D-0151-BADE-7D8B-2BE5E573B7FE}" = Catalyst Control Center Graphics Full New "{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security "{37F8AD37-33BD-A92F-1C61-F1E3BC257A52}" = CCC Help Korean "{3CB4DE6B-0063-F6CF-4D5E-C5AC574727DB}" = Catalyst Control Center Localization Czech "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager "{4880CDEC-46B5-ECCB-0629-DCC5B59378BD}" = Catalyst Control Center Localization Chinese Traditional "{4A15E552-7701-9671-4A5F-D2AD5D90BD1F}" = Catalyst Control Center Localization Polish "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011 "{50FF0E66-C30A-66C2-5557-7A7DE87A2A57}" = CCC Help Turkish "{533A46E3-A450-CD86-E4C2-61CC832149F9}" = Catalyst Control Center Localization Russian "{537C444C-9FD0-07F4-80BE-292B712FA23E}" = CCC Help Russian "{54334E35-0C4E-7DDF-C137-7B3009142372}" = Catalyst Control Center Graphics Light "{5442A47B-0CF1-9928-6B96-98ECED7EC302}" = Skins "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core "{5840C930-8D3F-797A-42B9-4C3CC4D033FC}" = Catalyst Control Center Localization Korean "{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series "{5DDBEECE-4762-4C2B-9D0A-1A43B6F08166}" = SymNet "{5E32EB1B-4E61-0A50-BEBC-35C856692F26}" = CCC Help Norwegian "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari "{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center "{640A46BE-9E3F-F4CC-29E1-BFC86CCFF16B}" = Catalyst Control Center Localization Chinese Standard "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{6CA7D5C7-42EE-4FEF-66E2-403A151CDA83}" = CCC Help Polish "{71A6311C-8903-7B1D-3D1A-0ACF1065BBAE}" = CCC Help German "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7DD1D7EB-4F6B-411F-43A9-BD6BA5FA44D6}" = Catalyst Control Center Localization Finnish "{7EE104D6-75B0-9AD7-C6EF-16793F6AF206}" = CCC Help Greek "{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware "{948001BB-99F4-BA2C-9B92-044F16DAA35E}" = CCC Help Hungarian "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{997740A3-61FF-4627-A4E0-80AE0756695F}" = Symantec Real Time Storage Protection Component "{9CD9BB77-92F7-674F-E2D3-CF6D14C672EF}" = Catalyst Control Center Localization Turkish "{9D9AE4AE-450D-909B-64F1-6F137CB4CDCC}" = CCC Help Chinese Traditional "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{9DC47B66-E422-EDBF-341C-B544BC3F0D65}" = Catalyst Control Center Graphics Previews Vista "{9F6C988E-9B1C-5038-A4E1-F8817509DAE8}" = Catalyst Control Center Localization Italian "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A55F99F2-D43E-8731-F7F9-3B3AB133A893}" = ccc-utility "{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012 "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements "{B02BBF6C-FB6E-4BA4-7977-3D03D913BD9E}" = CCC Help Spanish "{B0DE8404-2287-D17A-D483-608CC5D7427F}" = CCC Help Swedish "{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon "{B37B43B2-05A2-C0E6-C74B-23184780BD4B}" = CCC Help Chinese Standard "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security "{C4DA680A-657A-E15B-51EE-E71CF527CD80}" = Catalyst Control Center Localization Japanese "{C4F0D5BE-0A7F-017E-66FC-DE96B6AF8F6F}" = CCC Help Italian "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C926ACAF-84DF-BDFD-6825-BC5669940AD0}" = Catalyst Control Center Localization Dutch "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CC3CFFD1-0EEF-C9DD-5731-089CAA05EB30}" = CCC Help Portuguese "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D73EA784-FC47-E0AA-46CD-12486F41C252}" = Catalyst Control Center Localization Spanish "{D9A5FF9F-7CEA-4075-8F17-1077026CD98B}" = CCC Help French "{D9ABB34A-C07A-DCE7-21D3-3BB3E343457B}" = ccc-core-static "{DB6CFD79-2AC7-A10E-CE84-13AAA52AE9C2}" = Catalyst Control Center Localization Norwegian "{E053E456-5B00-9D0E-9FC8-7FC23326D487}" = Catalyst Control Center Localization French "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E15C3B8B-E6AE-E417-4D8D-0E53424DFFBB}" = Catalyst Control Center Localization Portuguese "{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help "{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1 "{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1 "{EC3A1D84-E178-56CB-C615-3E2720DD3959}" = Catalyst Control Center Localization Swedish "{EF9B6310-F152-23FD-5ECE-1EA8EDC3BAF6}" = Catalyst Control Center Localization Danish "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F67530B4-606E-4FEF-1555-CB8A5A539C84}" = Catalyst Control Center Graphics Full Existing "{F84DFE70-2803-7068-EFD5-8F91A648DE87}" = Catalyst Control Center Core Implementation "{F8CBC264-23A4-E63B-D112-67BFF6A8AED7}" = Catalyst Control Center Localization Hungarian "{FE46F4D4-CC88-B686-FE10-B2C845FD3BC3}" = CCC Help English "{FEC2EC4D-D096-F5CA-CE9B-D525AB4573F6}" = Catalyst Control Center Localization German "adawaretb" = Ad-Aware Security Toolbar "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AOL Toolbar" = AOL Toolbar 5.0 "AVG" = AVG 2012 "AVG Secure Search" = AVG Security Toolbar "Driving Test Success - Hazard Perception_is1" = Hazard Perception 2007/8 "EPSON Scanner" = EPSON Scan "EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual "EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3 "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Microsoft Office Home and Student 60 day trial "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "RealPlayer 6.0" = RealPlayer "Spotify" = Spotify "SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation) "WildTangent hp Master Uninstall" = HP Games ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 09/08/2010 01:17:06 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 09/08/2010 01:22:55 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007 Description = Error - 09/08/2010 01:25:46 | Computer Name = Jon-PC | Source = EventSystem | ID = 4621 Description = Error - 12/08/2010 15:28:51 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007 Description = Error - 12/08/2010 15:28:55 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 13/08/2010 08:32:18 | Computer Name = Jon-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x00180f89, process id 0x15bc, application start time 0x01cb3abd624d1fbb. Error - 13/08/2010 12:39:56 | Computer Name = Jon-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1858, application start time 0x01cb3ae3986fcefb. Error - 15/08/2010 14:08:01 | Computer Name = Jon-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 4fc Start Time: 01cb3abd61d04e9b Termination Time: 2683 Error - 20/08/2010 07:23:36 | Computer Name = Jon-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x00231eaa, process id 0x370, application start time 0x01cb4047e26b970b. Error - 20/08/2010 10:23:05 | Computer Name = Jon-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp 0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79, exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1b94, application start time 0x01cb405a2511f29b. [ System Events ] Error - 09/05/2012 18:04:21 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026 Description = Error - 09/05/2012 18:22:01 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7011 Description = Error - 14/05/2012 16:28:21 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 14/05/2012 16:28:26 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026 Description = Error - 15/05/2012 14:50:26 | Computer Name = Jon-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.7 for the Network Card with network address 001644940345 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Error - 15/05/2012 14:50:59 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 15/05/2012 14:51:00 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026 Description = Error - 16/05/2012 14:11:23 | Computer Name = Jon-PC | Source = ACPI | ID = 327686 Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot 9, function 0. Please contact your system vendor for technical assistance. Error - 16/05/2012 14:13:16 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000 Description = Error - 16/05/2012 14:13:19 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >
  13. LONDONJON
    OTL logfile created on: 16/05/2012 20:46:49 - Run 2 OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18904) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.07% Memory free 4.22 Gb Paging File | 2.91 Gb Available in Paging File | 68.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.36 Gb Total Space | 70.72 Gb Free Space | 15.53% Space Free | Partition Type: NTFS Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS Computer Name: JON-PC | User Name: Jon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Jon\Downloads\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe () PRC - C:\Program Files\AVG Secure Search\vprot.exe () PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) PRC - C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe (Lavasoft Limited ) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\System32\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - c:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll () MOD - C:\Program Files\AVG Secure Search\vprot.exe () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll () ========== Win32 Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe () SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited) SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe () SRV - (LiveUpdate Notice) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (comHost) -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found DRV - (NwlnkFwd) -- File not found DRV - (NwlnkFlt) -- File not found DRV - (IpInIp) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (Lbd) -- C:\Windows\System32\drivers\Lbd.sys (Lavasoft AB) DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111115.002\NAVEX15.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111115.002\NAVENG.SYS (Symantec Corporation) DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20111103.001\IDSvix86.sys (Symantec Corporation) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSEH) -- C:\Windows\System32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation) DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation) DRV - (SYMNDISV) -- C:\Windows\System32\drivers\symndisv.sys (Symantec Corporation) DRV - (SYMTDI) -- C:\Windows\System32\drivers\symtdi.sys (Symantec Corporation) DRV - (SYMFW) -- C:\Windows\System32\drivers\symfw.sys (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\drivers\symredrv.sys (Symantec Corporation) DRV - (SYMDNS) -- C:\Windows\System32\drivers\symdns.sys (Symantec Corporation) DRV - (COH_Mon) -- C:\Windows\System32\drivers\COH_Mon.sys (Symantec Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (CO_Mon) -- C:\Windows\System32\drivers\CO_Mon.sys (Symantec Corporation) DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb IE - HKLM\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb IE - HKCU\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/29 22:18:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 20:19:43 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: AVG Secure Search (Enabled) CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms} CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AVG Safe Search = C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1857_0\ O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-GB\local\search.html () O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C682665-40C2-4127-9373-02E2D37B5246}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B3FDED-400C-475D-BEC1-335D36450AB2}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/01/07 22:30:17 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell - "" = AutoRun O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell - "" = AutoRun O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe O33 - MountPoints2\{a40e2fb7-d2aa-11dd-90f1-001e8c8a4f1e}\Shell\AutoRun\command - "" = K:\WDSetup.exe O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell - "" = AutoRun O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\WDSetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - State: "bootini" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/05/09 22:16:10 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes [2012/05/09 22:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/05/09 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/09 22:15:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/05/09 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/04/24 20:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\AVG Secure Search [2012/04/24 20:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2012/04/24 20:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search [2012/04/24 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search [2012/04/24 20:13:00 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\FixCleaner [2012/04/24 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner [2012/04/24 20:12:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers ========== Files - Modified Within 30 Days ========== [2012/05/16 21:00:43 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EFAAFC8B-95ED-48A4-B66D-7B949E1599CF}.job [2012/05/16 21:00:23 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000UA.job [2012/05/16 21:00:17 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000Core.job [2012/05/16 20:29:52 | 098,325,467 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012/05/16 20:12:44 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 20:12:44 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 19:20:40 | 000,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/05/16 19:20:40 | 000,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/05/16 19:12:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/15 23:00:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012/05/15 20:43:11 | 000,001,089 | ---- | M] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk [2012/05/15 20:35:16 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Desktop\MBR.dat [2012/05/15 20:18:15 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Documents\MBR.dat [2012/05/14 21:28:45 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat [2012/05/14 21:28:45 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat [2012/05/09 22:15:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/02 17:33:42 | 000,016,632 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012/04/16 22:45:09 | 000,000,542 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Jon.job ========== Files Created - No Company Name ========== [2012/05/15 20:42:52 | 000,001,089 | ---- | C] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk [2012/05/15 20:35:16 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Desktop\MBR.dat [2012/05/15 20:18:15 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Documents\MBR.dat [2012/05/09 22:15:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/12/12 20:28:26 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat [2011/12/12 20:28:26 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat [2011/06/02 13:01:52 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2008/01/07 22:30:17 | 000,000,074 | ---- | M] () -- C:\autoexec.bat [2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr [2008/01/07 21:34:41 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2008/10/31 11:12:03 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2008/10/31 11:12:03 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2012/05/16 19:12:30 | 2459,893,760 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\msonpppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/12/18 12:31:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/01/05 10:48:46 | 001,047,024 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2010/02/23 05:55:24 | 000,173,056 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/09/27 14:47:02 | 002,388,848 | ---- | M] (Apple Inc.) ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report >
  14. LONDONJON
    Hi Starbuck, Thanks - I have re-run OTL and once done I get 2 outputs...'OTL.txt' and 'Extras.txt', I will paste them both now -
  15. LONDONJON
    Hi Starbuck, I have looked there but can't see it - not sure which piece of info I'm missing, could you take a snip of your initial email and highlight the relevant part and I'll do it straight away. Thanks
×
×
  • Create New...