HELP ! CPU Usage 100%...

[LONDONJON]

OTL Extras logfile created on: 16/05/2012 20:46:50 - Run 2

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.07% Memory free

4.22 Gb Paging File | 2.91 Gb Available in Paging File | 68.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.36 Gb Total Space | 70.72 Gb Free Space | 15.53% Space Free | Partition Type: NTFS

Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

 

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2284CE7D-7D8C-4A0B-9449-0D6932009733}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{2DFD4752-666D-45A9-A422-C5850F258092}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{33CD07B3-0AE3-4D5B-B525-6BB6C4CF30CC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{3C3F0142-6B1B-42F6-A99E-78C91A55B461}" = protocol=17 | dir=in | app=c:\program files\adawaretb\dtuser.exe |

"{45DEFAC4-4C63-4E56-8548-BBE2FD40F868}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{569BEE8A-8CD3-4E38-829A-5DC7CDEBEC16}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |

"{6259BD51-FC14-4513-938C-04B12F2A784E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{650C3AD4-0186-46EC-B3AF-24DF6EC60E37}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{67494F94-5A5B-4CA1-B75B-7FE331A2B340}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |

"{70B5FAD9-7817-4208-A95D-39904DBF88CB}" = protocol=6 | dir=in | app=c:\program files\adawaretb\dtuser.exe |

"{73928C97-E0E6-4655-92CD-17AF108EC6FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{8F5733B9-03F2-444E-8756-6C79ACD284C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9F06FFCB-34C7-4E74-81FF-150DEDAEC24F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BA1991E9-4922-4070-AEE2-1D20777E0889}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{CACDB922-0977-4CC9-B7C6-2BC894F3E158}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D95BD0C1-2716-427C-BC88-5F9700AE604F}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{E6483A37-CD7C-4C1D-9719-088828893FE5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

"{EFF79DE1-8183-4B47-8A23-180D8058C225}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{F8F0CD10-292A-4C8E-B46A-1D447C57D4AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FBEACA1A-9F82-4835-B466-40DE33060E0B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"TCP Query User{BEA91881-6298-4D3F-9600-C03F60710C5A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F25E3AAD-DC3B-459A-8CCE-55F3565F3938}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{054EC923-4B05-D008-CBEC-7403ED383923}" = CCC Help Danish

"{09AF88A0-1895-E3CE-506A-FBA159EABC90}" = Catalyst Control Center Localization Greek

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0A3A7A33-B6F5-6643-E98D-0AC5DD6493EE}" = CCC Help Thai

"{0D9ABD1F-786F-0D46-C2B4-9766CC22DFB0}" = Catalyst Control Center Graphics Previews Common

"{0FD46238-4C18-5173-D133-B07D93599AC7}" = CCC Help Japanese

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15286CC2-DA82-B166-0D49-3AE8EE35ACD3}" = CCC Help Czech

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1CD383EF-2B28-8384-1F08-437965EEE2AC}" = CCC Help Finnish

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{21B9B213-DE8D-10A6-CC00-7053F449DD9B}" = CCC Help Dutch

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding

"{2ED1D587-9CF4-0216-E314-A7F2D245A051}" = Catalyst Control Center Localization Thai

"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework

"{31787FDD-D9FB-C812-4A61-93A1C6B61568}" = ATI Catalyst Install Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{3530A86D-0151-BADE-7D8B-2BE5E573B7FE}" = Catalyst Control Center Graphics Full New

"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security

"{37F8AD37-33BD-A92F-1C61-F1E3BC257A52}" = CCC Help Korean

"{3CB4DE6B-0063-F6CF-4D5E-C5AC574727DB}" = Catalyst Control Center Localization Czech

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite

"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager

"{4880CDEC-46B5-ECCB-0629-DCC5B59378BD}" = Catalyst Control Center Localization Chinese Traditional

"{4A15E552-7701-9671-4A5F-D2AD5D90BD1F}" = Catalyst Control Center Localization Polish

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{50FF0E66-C30A-66C2-5557-7A7DE87A2A57}" = CCC Help Turkish

"{533A46E3-A450-CD86-E4C2-61CC832149F9}" = Catalyst Control Center Localization Russian

"{537C444C-9FD0-07F4-80BE-292B712FA23E}" = CCC Help Russian

"{54334E35-0C4E-7DDF-C137-7B3009142372}" = Catalyst Control Center Graphics Light

"{5442A47B-0CF1-9928-6B96-98ECED7EC302}" = Skins

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core

"{5840C930-8D3F-797A-42B9-4C3CC4D033FC}" = Catalyst Control Center Localization Korean

"{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series

"{5DDBEECE-4762-4C2B-9D0A-1A43B6F08166}" = SymNet

"{5E32EB1B-4E61-0A50-BEBC-35C856692F26}" = CCC Help Norwegian

"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari

"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center

"{640A46BE-9E3F-F4CC-29E1-BFC86CCFF16B}" = Catalyst Control Center Localization Chinese Standard

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{6CA7D5C7-42EE-4FEF-66E2-403A151CDA83}" = CCC Help Polish

"{71A6311C-8903-7B1D-3D1A-0ACF1065BBAE}" = CCC Help German

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DD1D7EB-4F6B-411F-43A9-BD6BA5FA44D6}" = Catalyst Control Center Localization Finnish

"{7EE104D6-75B0-9AD7-C6EF-16793F6AF206}" = CCC Help Greek

"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware

"{948001BB-99F4-BA2C-9B92-044F16DAA35E}" = CCC Help Hungarian

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{997740A3-61FF-4627-A4E0-80AE0756695F}" = Symantec Real Time Storage Protection Component

"{9CD9BB77-92F7-674F-E2D3-CF6D14C672EF}" = Catalyst Control Center Localization Turkish

"{9D9AE4AE-450D-909B-64F1-6F137CB4CDCC}" = CCC Help Chinese Traditional

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{9DC47B66-E422-EDBF-341C-B544BC3F0D65}" = Catalyst Control Center Graphics Previews Vista

"{9F6C988E-9B1C-5038-A4E1-F8817509DAE8}" = Catalyst Control Center Localization Italian

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A55F99F2-D43E-8731-F7F9-3B3AB133A893}" = ccc-utility

"{A7836FF5-7293-40A4-B86E-E2038F82E8F3}" = AVG 2012

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements

"{B02BBF6C-FB6E-4BA4-7977-3D03D913BD9E}" = CCC Help Spanish

"{B0DE8404-2287-D17A-D483-608CC5D7427F}" = CCC Help Swedish

"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon

"{B37B43B2-05A2-C0E6-C74B-23184780BD4B}" = CCC Help Chinese Standard

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security

"{C4DA680A-657A-E15B-51EE-E71CF527CD80}" = Catalyst Control Center Localization Japanese

"{C4F0D5BE-0A7F-017E-66FC-DE96B6AF8F6F}" = CCC Help Italian

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C926ACAF-84DF-BDFD-6825-BC5669940AD0}" = Catalyst Control Center Localization Dutch

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC3CFFD1-0EEF-C9DD-5731-089CAA05EB30}" = CCC Help Portuguese

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D73EA784-FC47-E0AA-46CD-12486F41C252}" = Catalyst Control Center Localization Spanish

"{D9A5FF9F-7CEA-4075-8F17-1077026CD98B}" = CCC Help French

"{D9ABB34A-C07A-DCE7-21D3-3BB3E343457B}" = ccc-core-static

"{DB6CFD79-2AC7-A10E-CE84-13AAA52AE9C2}" = Catalyst Control Center Localization Norwegian

"{E053E456-5B00-9D0E-9FC8-7FC23326D487}" = Catalyst Control Center Localization French

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E15C3B8B-E6AE-E417-4D8D-0E53424DFFBB}" = Catalyst Control Center Localization Portuguese

"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help

"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1

"{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder

"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)

"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1

"{EC3A1D84-E178-56CB-C615-3E2720DD3959}" = Catalyst Control Center Localization Swedish

"{EF9B6310-F152-23FD-5ECE-1EA8EDC3BAF6}" = Catalyst Control Center Localization Danish

"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F67530B4-606E-4FEF-1555-CB8A5A539C84}" = Catalyst Control Center Graphics Full Existing

"{F84DFE70-2803-7068-EFD5-8F91A648DE87}" = Catalyst Control Center Core Implementation

"{F8CBC264-23A4-E63B-D112-67BFF6A8AED7}" = Catalyst Control Center Localization Hungarian

"{FE46F4D4-CC88-B686-FE10-B2C845FD3BC3}" = CCC Help English

"{FEC2EC4D-D096-F5CA-CE9B-D525AB4573F6}" = Catalyst Control Center Localization German

"adawaretb" = Ad-Aware Security Toolbar

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AOL Toolbar" = AOL Toolbar 5.0

"AVG" = AVG 2012

"AVG Secure Search" = AVG Security Toolbar

"Driving Test Success - Hazard Perception_is1" = Hazard Perception 2007/8

"EPSON Scanner" = EPSON Scan

"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual

"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3

"NVIDIA Drivers" = NVIDIA Drivers

"OfficeTrial" = Microsoft Office Home and Student 60 day trial

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)

"RealPlayer 6.0" = RealPlayer

"Spotify" = Spotify

"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)

"WildTangent hp Master Uninstall" = HP Games

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 09/08/2010 01:17:06 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 09/08/2010 01:22:55 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007

Description =

 

Error - 09/08/2010 01:25:46 | Computer Name = Jon-PC | Source = EventSystem | ID = 4621

Description =

 

Error - 12/08/2010 15:28:51 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007

Description =

 

Error - 12/08/2010 15:28:55 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 13/08/2010 08:32:18 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00180f89, process id 0x15bc, application

start time 0x01cb3abd624d1fbb.

 

Error - 13/08/2010 12:39:56 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1858, application

start time 0x01cb3ae3986fcefb.

 

Error - 15/08/2010 14:08:01 | Computer Name = Jon-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 4fc Start Time: 01cb3abd61d04e9b Termination Time: 2683

 

Error - 20/08/2010 07:23:36 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x370, application

start time 0x01cb4047e26b970b.

 

Error - 20/08/2010 10:23:05 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1b94, application

start time 0x01cb405a2511f29b.

 

[ System Events ]

Error - 09/05/2012 18:04:21 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 09/05/2012 18:22:01 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7011

Description =

 

Error - 14/05/2012 16:28:21 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 14/05/2012 16:28:26 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 15/05/2012 14:50:26 | Computer Name = Jon-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.7 for the Network Card with network

address 001644940345 has been denied by the DHCP server 192.168.0.1 (The DHCP Server

sent a DHCPNACK message).

 

Error - 15/05/2012 14:50:59 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 15/05/2012 14:51:00 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 16/05/2012 14:11:23 | Computer Name = Jon-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

9, function 0. Please contact your system vendor for technical assistance.

 

Error - 16/05/2012 14:13:16 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 16/05/2012 14:13:19 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

 

< End of report >

[LONDONJON]

I see what you mean from your earlier post - they do look the same, at least for the first few lines, these are the only 2 things that come up once the scan completes ?

 

Thanks, Jon

[Starbuck]

Hi Jon,

 

Thanks for the reports.

I see something straight away that isn't helping you.

 

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Norton Internet Security or AVG 2012.

 

Personally i wouldn't use either, but the lesser of the 2 evils would be AVG.

 

If you remove Norton, you should then run the Norton Removal tool. ( as Norton has a habit of leaving loads of files on your system)

Use the uninstaller in the add/remove and then download and run the following.

 

To remove Norton Products:

Go to: Norton Removal Tool

 

Download it to your 'Desktop'.

Then click on the desktop icon to run the removal tool.

 

You also have:

Spybot - Search & Destroy

Ad-Aware

on your system.

As you have MBAM, these really aren't needed and may well conflict.

 

Too much security is sometimes as bad as not enough security.

Keep it clean and keep it mean

 

Note:

Before removing Spybot.

Please disable Spybot S&D’s TeaTimer protection.

• Open Spybot and click on 'Mode' then click 'Advanced Mode'.
  
• Click on 'Tools' in bottom left hand corner.
  
• Click on the 'System Startup' icon.
  Uncheck 'Teatimer' box and/or uncheck 'Resident'.
  
• Then, check next to the computer clock to see if the icon for Spybot is still there.
  If it is, right click it and choose 'exit Spybot-S&D Resident'.

 

Then remove the program.

 

After you complete this:

 

Double click on OTL to run it.

• Under Extra Registry section, select Use SafeList.
  
• Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  
• Click on Run Scan at the top left hand corner.
  
• When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

 

We can clean up any orphan entries.

We'll also then sort out your Java as it's out of date.

[LONDONJON]

Brilliant, thanks Starbuck.

 

I'll next be able to get to my PC on Monday as away this weekend but will be sure to take the actions you recommend and let you know how I get on.

 

Thanks again, Jon

[Starbuck]

No problem Jon,

 

Thanks for letting me know.

[LONDONJON]

Hey Starbuck,

 

Done as you suggested, removed ad-aware, spybot, Norton et al (still running @ 100CPU though:shocked:)

 

Just about to post results of the next scans...

 

Thanks as ever

 

Jon

[LONDONJON]

This is the extras.txt :

 

OTL Extras logfile created on: 21/05/2012 23:40:05 - Run 3

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.95% Memory free

4.22 Gb Paging File | 3.17 Gb Available in Paging File | 75.02% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.36 Gb Total Space | 77.29 Gb Free Space | 16.97% Space Free | Partition Type: NTFS

Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

 

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{33CD07B3-0AE3-4D5B-B525-6BB6C4CF30CC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{6259BD51-FC14-4513-938C-04B12F2A784E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{650C3AD4-0186-46EC-B3AF-24DF6EC60E37}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{691DA1D5-BD94-47D2-A24B-6D3FD3D4E914}" = protocol=6 | dir=in | app=c:\users\jon\appdata\local\temp\7zsd95f.tmp\symnrt.exe |

"{73928C97-E0E6-4655-92CD-17AF108EC6FE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9F06FFCB-34C7-4E74-81FF-150DEDAEC24F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BA1991E9-4922-4070-AEE2-1D20777E0889}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{CACDB922-0977-4CC9-B7C6-2BC894F3E158}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D95BD0C1-2716-427C-BC88-5F9700AE604F}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{EAA4EAEF-69C2-482E-94D9-5C873FF6FF48}" = protocol=17 | dir=in | app=c:\users\jon\appdata\local\temp\7zsd95f.tmp\symnrt.exe |

"{EFF79DE1-8183-4B47-8A23-180D8058C225}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |

"{F8F0CD10-292A-4C8E-B46A-1D447C57D4AE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{FBEACA1A-9F82-4835-B466-40DE33060E0B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"TCP Query User{BEA91881-6298-4D3F-9600-C03F60710C5A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{F25E3AAD-DC3B-459A-8CCE-55F3565F3938}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{054EC923-4B05-D008-CBEC-7403ED383923}" = CCC Help Danish

"{09AF88A0-1895-E3CE-506A-FBA159EABC90}" = Catalyst Control Center Localization Greek

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{0A3A7A33-B6F5-6643-E98D-0AC5DD6493EE}" = CCC Help Thai

"{0D9ABD1F-786F-0D46-C2B4-9766CC22DFB0}" = Catalyst Control Center Graphics Previews Common

"{0FD46238-4C18-5173-D133-B07D93599AC7}" = CCC Help Japanese

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15286CC2-DA82-B166-0D49-3AE8EE35ACD3}" = CCC Help Czech

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1CD383EF-2B28-8384-1F08-437965EEE2AC}" = CCC Help Finnish

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"{21B9B213-DE8D-10A6-CC00-7053F449DD9B}" = CCC Help Dutch

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant

"{2E4609A3-F5AF-4408-B0C4-B8B84BC753DF}" = Catalyst Control Center - Branding

"{2ED1D587-9CF4-0216-E314-A7F2D245A051}" = Catalyst Control Center Localization Thai

"{31787FDD-D9FB-C812-4A61-93A1C6B61568}" = ATI Catalyst Install Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{3530A86D-0151-BADE-7D8B-2BE5E573B7FE}" = Catalyst Control Center Graphics Full New

"{37F8AD37-33BD-A92F-1C61-F1E3BC257A52}" = CCC Help Korean

"{3CB4DE6B-0063-F6CF-4D5E-C5AC574727DB}" = Catalyst Control Center Localization Czech

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite

"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager

"{4880CDEC-46B5-ECCB-0629-DCC5B59378BD}" = Catalyst Control Center Localization Chinese Traditional

"{4A15E552-7701-9671-4A5F-D2AD5D90BD1F}" = Catalyst Control Center Localization Polish

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{4F027497-15AE-4DE5-B3BC-8E721C6127DE}" = ccc-Branding

"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011

"{50FF0E66-C30A-66C2-5557-7A7DE87A2A57}" = CCC Help Turkish

"{533A46E3-A450-CD86-E4C2-61CC832149F9}" = Catalyst Control Center Localization Russian

"{537C444C-9FD0-07F4-80BE-292B712FA23E}" = CCC Help Russian

"{54334E35-0C4E-7DDF-C137-7B3009142372}" = Catalyst Control Center Graphics Light

"{5442A47B-0CF1-9928-6B96-98ECED7EC302}" = Skins

"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In

"{5840C930-8D3F-797A-42B9-4C3CC4D033FC}" = Catalyst Control Center Localization Korean

"{5C638666-B80C-4CD3-AA56-403EF0BC7A6E}" = HP Photosmart A630 Series

"{5E32EB1B-4E61-0A50-BEBC-35C856692F26}" = CCC Help Norwegian

"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari

"{640A46BE-9E3F-F4CC-29E1-BFC86CCFF16B}" = Catalyst Control Center Localization Chinese Standard

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{6CA7D5C7-42EE-4FEF-66E2-403A151CDA83}" = CCC Help Polish

"{71A6311C-8903-7B1D-3D1A-0ACF1065BBAE}" = CCC Help German

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DD1D7EB-4F6B-411F-43A9-BD6BA5FA44D6}" = Catalyst Control Center Localization Finnish

"{7EE104D6-75B0-9AD7-C6EF-16793F6AF206}" = CCC Help Greek

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{948001BB-99F4-BA2C-9B92-044F16DAA35E}" = CCC Help Hungarian

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{9CD9BB77-92F7-674F-E2D3-CF6D14C672EF}" = Catalyst Control Center Localization Turkish

"{9D9AE4AE-450D-909B-64F1-6F137CB4CDCC}" = CCC Help Chinese Traditional

"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback

"{9DC47B66-E422-EDBF-341C-B544BC3F0D65}" = Catalyst Control Center Graphics Previews Vista

"{9F6C988E-9B1C-5038-A4E1-F8817509DAE8}" = Catalyst Control Center Localization Italian

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A55F99F2-D43E-8731-F7F9-3B3AB133A893}" = ccc-utility

"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements

"{B02BBF6C-FB6E-4BA4-7977-3D03D913BD9E}" = CCC Help Spanish

"{B0DE8404-2287-D17A-D483-608CC5D7427F}" = CCC Help Swedish

"{B37B43B2-05A2-C0E6-C74B-23184780BD4B}" = CCC Help Chinese Standard

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{C4DA680A-657A-E15B-51EE-E71CF527CD80}" = Catalyst Control Center Localization Japanese

"{C4F0D5BE-0A7F-017E-66FC-DE96B6AF8F6F}" = CCC Help Italian

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C926ACAF-84DF-BDFD-6825-BC5669940AD0}" = Catalyst Control Center Localization Dutch

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC3CFFD1-0EEF-C9DD-5731-089CAA05EB30}" = CCC Help Portuguese

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D73EA784-FC47-E0AA-46CD-12486F41C252}" = Catalyst Control Center Localization Spanish

"{D9A5FF9F-7CEA-4075-8F17-1077026CD98B}" = CCC Help French

"{D9ABB34A-C07A-DCE7-21D3-3BB3E343457B}" = ccc-core-static

"{DB6CFD79-2AC7-A10E-CE84-13AAA52AE9C2}" = Catalyst Control Center Localization Norwegian

"{E053E456-5B00-9D0E-9FC8-7FC23326D487}" = Catalyst Control Center Localization French

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E15C3B8B-E6AE-E417-4D8D-0E53424DFFBB}" = Catalyst Control Center Localization Portuguese

"{E6CFBFB5-9232-410C-B353-AF6E614B2681}" = LightScribe System Software 1.10.16.1

"{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder

"{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1

"{EC3A1D84-E178-56CB-C615-3E2720DD3959}" = Catalyst Control Center Localization Swedish

"{EF9B6310-F152-23FD-5ECE-1EA8EDC3BAF6}" = Catalyst Control Center Localization Danish

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F67530B4-606E-4FEF-1555-CB8A5A539C84}" = Catalyst Control Center Graphics Full Existing

"{F84DFE70-2803-7068-EFD5-8F91A648DE87}" = Catalyst Control Center Core Implementation

"{F8CBC264-23A4-E63B-D112-67BFF6A8AED7}" = Catalyst Control Center Localization Hungarian

"{FE46F4D4-CC88-B686-FE10-B2C845FD3BC3}" = CCC Help English

"{FEC2EC4D-D096-F5CA-CE9B-D525AB4573F6}" = Catalyst Control Center Localization German

"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AOL Toolbar" = AOL Toolbar 5.0

"AVG Secure Search" = AVG Security Toolbar

"Driving Test Success - Hazard Perception_is1" = Hazard Perception 2007/8

"EPSON Scanner" = EPSON Scan

"EPSON Stylus SX200_SX400_TX200_TX400 User’s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual

"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{E7A02A01-C75A-4490-A168-5CA709A3D862}" = MainConcept for Software Encoder

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.5.3

"NVIDIA Drivers" = NVIDIA Drivers

"OfficeTrial" = Microsoft Office Home and Student 60 day trial

"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator

"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools

"RealPlayer 6.0" = RealPlayer

"Spotify" = Spotify

"WildTangent hp Master Uninstall" = HP Games

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 09/08/2010 01:17:06 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 09/08/2010 01:22:55 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007

Description =

 

Error - 09/08/2010 01:25:46 | Computer Name = Jon-PC | Source = EventSystem | ID = 4621

Description =

 

Error - 12/08/2010 15:28:51 | Computer Name = Jon-PC | Source = WerSvc | ID = 5007

Description =

 

Error - 12/08/2010 15:28:55 | Computer Name = Jon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 13/08/2010 08:32:18 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00180f89, process id 0x15bc, application

start time 0x01cb3abd624d1fbb.

 

Error - 13/08/2010 12:39:56 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1858, application

start time 0x01cb3ae3986fcefb.

 

Error - 15/08/2010 14:08:01 | Computer Name = Jon-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 4fc Start Time: 01cb3abd61d04e9b Termination Time: 2683

 

Error - 20/08/2010 07:23:36 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x370, application

start time 0x01cb4047e26b970b.

 

Error - 20/08/2010 10:23:05 | Computer Name = Jon-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp

0x4b835fec, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,

exception code 0xc0000005, fault offset 0x00231eaa, process id 0x1b94, application

start time 0x01cb405a2511f29b.

 

[ System Events ]

Error - 21/05/2012 18:00:04 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 21/05/2012 18:00:05 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 21/05/2012 18:10:15 | Computer Name = Jon-PC | Source = DCOM | ID = 10010

Description =

 

Error - 21/05/2012 18:11:48 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7043

Description =

 

Error - 21/05/2012 18:15:19 | Computer Name = Jon-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

9, function 0. Please contact your system vendor for technical assistance.

 

Error - 21/05/2012 18:16:02 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 21/05/2012 18:16:02 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 21/05/2012 18:33:01 | Computer Name = Jon-PC | Source = ACPI | ID = 327686

Description = IRQARB: ACPI BIOS does not contain an IRQ for the device in PCI slot

9, function 0. Please contact your system vendor for technical assistance.

 

Error - 21/05/2012 18:35:01 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 21/05/2012 18:35:01 | Computer Name = Jon-PC | Source = Service Control Manager | ID = 7026

Description =

 

 

< End of report >

[LONDONJON]

and this is the 'OTL.txt :

 

OTL logfile created on: 21/05/2012 23:40:05 - Run 3

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 46.95% Memory free

4.22 Gb Paging File | 3.17 Gb Available in Paging File | 75.02% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.36 Gb Total Space | 77.29 Gb Free Space | 16.97% Space Free | Partition Type: NTFS

Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

 

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Jon\Downloads\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()

PRC - C:\Program Files\AVG Secure Search\vprot.exe ()

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

PRC - C:\Windows\System32\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll ()

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- File not found

DRV - (NwlnkFlt) -- File not found

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found

DRV - (IpInIp) -- File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb

IE - HKLM\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb

IE - HKCU\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 20:19:43 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - default_search_provider: AVG Secure Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms}

CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll

CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)

O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-GB\local\search.html ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C682665-40C2-4127-9373-02E2D37B5246}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B3FDED-400C-475D-BEC1-335D36450AB2}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/07 22:30:17 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell - "" = AutoRun

O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell - "" = AutoRun

O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe

O33 - MountPoints2\{a40e2fb7-d2aa-11dd-90f1-001e8c8a4f1e}\Shell\AutoRun\command - "" = K:\WDSetup.exe

O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell - "" = AutoRun

O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/05/09 22:16:10 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes

[2012/05/09 22:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/09 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/09 22:15:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/05/09 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/04/24 20:19:43 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Local\AVG Secure Search

[2012/04/24 20:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search

[2012/04/24 20:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search

[2012/04/24 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search

[2012/04/24 20:13:00 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\FixCleaner

[2012/04/24 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner

[2012/04/24 20:12:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers

 

========== Files - Modified Within 30 Days ==========

 

[2012/05/21 23:34:19 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/21 23:34:18 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/21 23:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/21 23:31:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/05/21 23:28:34 | 000,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/05/21 23:28:34 | 000,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/05/21 23:05:56 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EFAAFC8B-95ED-48A4-B66D-7B949E1599CF}.job

[2012/05/21 23:00:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000UA.job

[2012/05/21 21:02:52 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat

[2012/05/21 21:02:52 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat

[2012/05/21 21:00:02 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000Core.job

[2012/05/15 20:43:11 | 000,001,089 | ---- | M] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk

[2012/05/15 20:35:16 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Desktop\MBR.dat

[2012/05/15 20:18:15 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Documents\MBR.dat

[2012/05/09 22:15:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

 

========== Files Created - No Company Name ==========

 

[2012/05/15 20:42:52 | 000,001,089 | ---- | C] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk

[2012/05/15 20:35:16 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Desktop\MBR.dat

[2012/05/15 20:18:15 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Documents\MBR.dat

[2012/05/09 22:15:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/12 20:28:26 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011/12/12 20:28:26 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011/06/02 13:01:52 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4

 

 

< End of report >

[Starbuck]

Hi Jon.

 

 

Step 1

Please remove Ad-Aware Browsing Protection using the add/remove feature.

 

Step 2

There a few little things we can clean up using OTL, but let's dig a bit deeper first and see if anything is trying to hide from us.

 

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

 

Link 1

Link 2

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

 

 

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

 

This is an example, you may rename ComboFix to anything you want.

 

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
  For more information read:
  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
   
  Then:
   
  Double click on Combo-Fix.exe & follow the prompts.
   
  Vista/Win7 users should right click on the icon and select Run as Administrator.
   
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   
  If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
   
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://img.photobucket.com/albums/v706/ried7/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

 

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[LONDONJON]

Hey Starbuck,

 

having some problems getting Combo fix installed - for example I dont get the screen you show underneath Link 2, I get one thats just asking if I want to run it ? I have done that c ouple of times and then a small box with green writing comes up (it closes down the internet) and then nothing...?

 

I tried right clicking on the link and doing save target as...combo-fix to my desk top and that put an icon on my desktop, when I double click it I just get the same green writing in a small box ?

 

I also get a small box appearing called administrator saying 'combofix attempting to run' and 'attempting to create system restore point'....I'm sure it's user error my end but I'm not getting the same screens as you ?

 

Cheers

 

Jon

[Starbuck]

What browser are you using?

[LONDONJON]

Chrome...

[Starbuck]

Try using Internet Explorer.

 

I've just tried the download with IE and get this at the bottom of the screen:

 

http://img.photobucket.com/albums/v708/starbuck50/ie-1.png

 

I don't use IE much so not sure if you will see the same.

You are using IE8 ..... I'm using IE9

 

But either way you should be able to download CF with IE without a problem.

Have never tried Chrome, so can't suggest why it's happening.

[LONDONJON]

sorry Starbuck I'm afraid I'm proving to be something of a dead loss at this. I've tried it in both Chrome and IE and getting the same. I click Link 1 and a small box appears at the bottom of the screen for combofix - I click it and get the option to either run or cancel. I click run and then a box appears in the middle of the screen with green text in and a load of processes running and a progress bar on top. the detail on the bottom of the box is 12-05-22.02.

This simultaneously closes down any windows that are open and then a blue box appears saying that combofix is seeking a system restore point and thats pretty much it.

[Starbuck]

Ok, not to worry.

Let's try something else for now.

 

I'd like you to do an ESET OnlineScan

 

You may find it beneficial to close your resident AV program before running the scan.

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
   
  
• Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
   
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer.
    Save it to your desktop.
    
  • Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
    

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.

  [*]Accept any security warnings from your browser.

  [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

  [*]Click the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

  [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.

  Include the contents of this report in your next reply.

  [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.

  [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

 

 

Note:

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )

To prevent this happening:

When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

 

Enable Anti-Stealth technology

 

http://img.photobucket.com/albums/v708/starbuck50/eset.png

 

 

Let me have the report in your next reply.

 

Thanks

[LONDONJON]

hey Starbuck,

no threats found (it took quirte a while to run)...

[Starbuck]

Hi Jon,

 

no threats found (it took quite a while to run)

Yes the scan can take awhile to run.... but it is very thorough.

It looks like we can rule out a malware issue.

So that brings us to a possible software conflict.

 

Let me have another OTL report ( just click the scan button)

and i'll see if anything stands out as a possible conflict.

[LONDONJON]

hey there Starbuck, sorry I should have said last wk I was going offline for a few days (I work away so only have access to my PC during the week) - thanks for your continued help, posting below the outputs of that scan you mentioned. Cheers...Jon

----

OTL logfile created on: 28/05/2012 21:31:37 - Run 4

OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jon\Downloads

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18904)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 58.04% Memory free

4.22 Gb Paging File | 3.42 Gb Available in Paging File | 80.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.36 Gb Total Space | 81.84 Gb Free Space | 17.97% Space Free | Partition Type: NTFS

Drive D: | 10.40 Gb Total Space | 1.41 Gb Free Space | 13.59% Space Free | Partition Type: NTFS

 

Computer Name: JON-PC | User Name: Jon | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Jon\Downloads\OTL.scr (OldTimer Tools)

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()

PRC - C:\Program Files\AVG Secure Search\vprot.exe ()

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Windows\System32\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll ()

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avutil-51.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avformat-53.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\avcodec-53.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- File not found

DRV - (NwlnkFlt) -- File not found

DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found

DRV - (IpInIp) -- File not found

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (3xHybrid) -- C:\Windows\System32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb

IE - HKLM\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=81&bd=Pavilion&pf=desktop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{3F94AE4E-9E97-419C-B726-4EE475AA6CD9}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb

IE - HKCU\..\SearchScopes\{43C37699-2F1A-417D-9D84-E65A5052E5D1}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Musicnotes\npsibelius.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/04/24 20:19:43 | 000,000,000 | ---D | M]

 

 

========== Chrome ==========

 

CHR - default_search_provider: AVG Secure Search (Enabled)

CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={DF0F2A03-F5F2-4608-AD68-D3E31804C5C1}&mid=f889035a0cd747d195d1d157ca6ea6ed-9b998b83125186689d46b606103258130b099b96&lang=en&ds=ts025&pr=sa&d=2012-04-24 20:19:06&v=11.0.0.9&sap=dsp&q={searchTerms}

CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll

CHR - plugin: Java Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jon\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll

CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files\eMusic Download Manager\plugin\npemusic.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Jon\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)

O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-GB\local\search.html ()

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/C/A/7/CA7D2024-EA89-4F15-908C-DA65C1666614/msaud.CAB (Reg Error: Key error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C682665-40C2-4127-9373-02E2D37B5246}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61B3FDED-400C-475D-BEC1-335D36450AB2}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\clouds.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/01/07 22:30:17 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell - "" = AutoRun

O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\setup.exe

O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell - "" = AutoRun

O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe

O33 - MountPoints2\{a40e2fb7-d2aa-11dd-90f1-001e8c8a4f1e}\Shell\AutoRun\command - "" = K:\WDSetup.exe

O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell - "" = AutoRun

O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\WDSetup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/05/22 23:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/05/22 20:03:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/05/22 20:03:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/05/22 20:03:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2012/05/22 20:03:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/05/22 20:00:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/05/22 19:58:29 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/05/22 19:56:44 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2012/05/09 22:16:10 | 000,000,000 | ---D | C] -- C:\Users\Jon\AppData\Roaming\Malwarebytes

[2012/05/09 22:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/05/09 22:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/05/09 22:15:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/05/09 22:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

 

========== Files - Modified Within 30 Days ==========

 

[2012/05/28 21:40:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EFAAFC8B-95ED-48A4-B66D-7B949E1599CF}.job

[2012/05/28 21:34:05 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/28 21:34:05 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/28 21:00:15 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000Core.job

[2012/05/28 21:00:13 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1764385604-756805106-2900195214-1000UA.job

[2012/05/28 20:40:13 | 000,622,906 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/05/28 20:40:13 | 000,108,122 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/05/28 20:33:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/23 06:26:25 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012/05/22 23:14:54 | 000,001,682 | ---- | M] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk

[2012/05/21 21:02:52 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat

[2012/05/21 21:02:52 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat

[2012/05/15 20:43:11 | 000,001,089 | ---- | M] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk

[2012/05/15 20:35:16 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Desktop\MBR.dat

[2012/05/15 20:18:15 | 000,000,512 | ---- | M] () -- C:\Users\Jon\Documents\MBR.dat

[2012/05/09 22:15:36 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

 

========== Files Created - No Company Name ==========

 

[2012/05/22 23:14:54 | 000,001,682 | ---- | C] () -- C:\Users\Jon\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk

[2012/05/22 20:03:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/05/22 20:03:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/05/22 20:03:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/05/22 20:03:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/05/22 20:03:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/05/15 20:42:52 | 000,001,089 | ---- | C] () -- C:\Users\Jon\Desktop\OTL - Shortcut.lnk

[2012/05/15 20:35:16 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Desktop\MBR.dat

[2012/05/15 20:18:15 | 000,000,512 | ---- | C] () -- C:\Users\Jon\Documents\MBR.dat

[2012/05/09 22:15:36 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/12/12 20:28:26 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011/12/12 20:28:26 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011/06/02 13:01:52 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

 

 

< End of report >

[Starbuck]

Hi Jon,

 

sorry I should have said last wk I was going offline for a few days

No problem, i'm always here.

 

You just caught me before i hit the sack, i'll go through the report after work tomorrow and reply again tomorrow evening.

[LONDONJON]

thank you mate, much appreciated

[Starbuck]

Hi Jon,

 

To be honest i can't see anything that would cause a significant conflict.

There are a few small things we can address though:

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.36 Gb Total Space | 81.84 Gb Free Space | 17.97% Space Free | Partition Type: NTFS

That really isn't much to play with.

Ideally the amount of free space shouldn't drop below 20%.

The less space you have... the more the system will have to work.

Please try and free up some more space.

Uninstall any programs that you no longer use.

Save a lot of your pics, documents etc to usb sticks.

Music and video files can take up a lot of space.

 

 

I said earlier that i hadn't used 'Chrome'.

The main reason for this is quite evident in your reports and the earlier screenshots you posted.

In the screenshot.... look at how many processes 'Chrome' is running.

 

From your reports......

========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll ()

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Applicati on\16.0.912.75\ppgooglenaclpluginchrome.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Applicati on\16.0.912.75\pdf.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Applicati on\16.0.912.75\avutil-51.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Applicati on\16.0.912.75\avformat-53.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Applicati on\16.0.912.75\avcodec-53.dll ()

MOD - C:\Users\Jon\AppData\Local\Google\Chrome\Applicati on\16.0.912.75\gcswf32.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

This is actually quite normal for 'Chrome'.

Googles take on this is that 'Chrome' will run a separate process for every Tab you have open within the browser.

There are also processes running for 'Chrome' that are separate ... even from these open tabs.

So if you open a lot of tabs.... that's a lot of extra processes running.

Just something to think about.

 

 

As you have AVG and MBAM running in realtime, it's not necessary to run Windows Defender as well.

Please disable Windows Defender... it is known to interfere with our fixes.

Windows Defender can be disabled by following the instructions below.

• Click Start >> Programs >> Windows Defender or launch from the system tray icon.
  
• Click on Tools & Settings >> Options.
  
• Under Real-time protection options, uncheck the "Real-time protection" check box.
  
• Click Save.
  
• Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.

 

Now what we can do to clean up your report:

 

Double click on OTL to run it.

Copy the lines in the codebox below. (make sure that :Otl is on the first line )

:Otl
O4 - HKLM..\Run: [] File not found
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...6614/msaud.CAB (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell - "" = AutoRun
O33 - MountPoints2\{2b2213b1-d19a-11dd-a193-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell - "" = AutoRun
O33 - MountPoints2\{65eaf7a8-7f09-11de-ad64-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\StartClickFreeBackup.exe
O33 - MountPoints2\{a40e2fb7-d2aa-11dd-90f1-001e8c8a4f1e}\Shell\AutoRun\command - "" = K:\WDSetup.exe
O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell - "" = AutoRun
O33 - MountPoints2\{e388ffcc-7a2a-11df-a004-001e8c8a4f1e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\WDSetup.exe
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\WDSetup.exe
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

• Return to OTL,
  
• right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.
   
  http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
   
  
• Click the red Run Fix button.
   
  http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png
   
  
• OTL will reboot your system once the fix has completed.
  
• After the reboot, you may need to double click OTL to launch the program and retrieve the log.

 

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

 

if you lose the report, there will be a copy here:

C:\_OTL\MovedFiles

 

 

 

The system may benefit from a 'Defrag'.

My personal way of doing this is.........

 

Download Puran Disc Defragmenter

Save it to your 'Desktop'.

Run the program.

From the main 'Puran Defrag' screen, click on the 'C' drive to highlight it.

Then click on 'Defrag'.

 

This program is faster than the built in Windows Defrag and is more efficient.

Try not to use the m/c while the defrag is running.

 

You don't need Puran to run at boot time.

 

See if the system runs any faster afterwards.

 

In your next reply, please submit:

OTL fix report

and let me know if there's been any change since following the above advice.

 

Thanks.

Edited May 29, 2012 by Starbuck