# computer sending emails out by itself



## waydown72 (Jan 16, 2011)

Hi, I wonder if you can help me.
My computer has been sending emails out by itself. Not sure how.
it has also stared in safe mode a couple of times
When i tried an avg scan earlier it froze for about 20 mins then continued to finish saying no threats found. 
Please help.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz, Intel64 Family 6 Model 23 Stepping 10
Processor Count: 1
RAM: 1978 Mb
Graphics Card: Mobile Intel(R) 4 Series Express Chipset Family, 797 Mb
Hard Drives: C: Total - 223879 MB, Free - 171498 MB; D: Total - 14290 MB, Free - 2355 MB; E: Total - 99 MB, Free - 95 MB; G: Total - 238472 MB, Free - 118755 MB;
Motherboard: Hewlett-Packard, 1484
Antivirus: Norton Internet Security, Disabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 04:48:19, on 07/02/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\desktop\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spotify] "C:\Users\wayne\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Launcher.lnk = C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll 
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: OrangeMobileBroadband_Service - Unknown owner - C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12932 bytes

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421
Run by wayne at 4:55:22 on 2012-02-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.733 [GMT 0:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.0.0.136\InstStub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\DllHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Spotify] "C:\Users\wayne\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>] 
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
StartupFolder: C:\Users\wayne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\wayne\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launcher.lnk - C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2254E0A9-0D93-4F95-B582-FF7FD032CE0E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{797F4521-A23C-4937-99E5-6705B2879883} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{797F4521-A23C-4937-99E5-6705B2879883}\244524573796E6563737845726D2430333 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{797F4521-A23C-4937-99E5-6705B2879883}\244524573796E6563737845726D2834363 : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll 
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~2\WI3C8A~1\Datamngr\BROWSE~1.DLL
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)] 
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
AppInit_DLLs-X64: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll 
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-7-22 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]
R2 HPWMISVC;HPWMISVC;C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-1-18 20480]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe [2010-11-11 126392]
R2 OrangeMobileBroadband_Service;OrangeMobileBroadband_Service;C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [2011-9-8 334792]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-19 869216]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\system32\DRIVERS\rtl8192se.sys --> C:\Windows\system32\DRIVERS\rtl8192se.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2011-9-8 117248]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2011-9-8 91136]
S3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2011-9-8 85504]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-11 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-02-07 04:45:36	388096	----a-r-	C:\Users\wayne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-07 04:45:36	--------	d-----w-	C:\desktop
2012-02-06 14:30:29	--------	d-----w-	C:\Users\wayne\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
2012-02-06 14:29:47	--------	d-----w-	C:\Users\wayne\AppData\Local\{E84053AD-F3E9-4C75-A7C6-4A4B3F2EC791}
2012-02-06 14:29:35	--------	d-----w-	C:\Users\wayne\AppData\Local\{C305A6C7-EAF6-4D93-81FC-D27F371FE6D1}
2012-02-06 03:38:41	--------	d-----w-	C:\Users\wayne\AppData\Local\Htc
2012-02-06 03:38:19	--------	d-----w-	C:\Users\wayne\AppData\Roaming\HTC
2012-02-06 03:36:29	--------	d-----w-	C:\Users\wayne\AppData\Local\Downloaded Installations
2012-02-06 03:35:57	--------	d-----w-	C:\Program Files (x86)\Spirent Communications
2012-02-06 03:35:32	--------	d-----w-	C:\Program Files (x86)\HTC
2012-02-06 03:34:49	--------	d-----w-	C:\Program Files (x86)\MSXML 4.0
2012-02-05 22:12:54	--------	d-----w-	C:\Users\wayne\AppData\Local\{3A94912B-F3B5-4335-9DA7-72CCCDA7417D}
2012-02-05 04:17:46	--------	d-----w-	C:\Users\wayne\AppData\Local\{5D71B834-B33A-4C57-80DC-EED831280D9A}
2012-02-05 04:17:35	--------	d-----w-	C:\Users\wayne\AppData\Local\{7E6DEC0B-1D85-4E88-8C70-2F6A4176A135}
2012-02-04 16:17:12	--------	d-----w-	C:\Users\wayne\AppData\Local\{521A254C-2B12-4699-9F36-651514587B37}
2012-02-04 04:16:45	--------	d-----w-	C:\Users\wayne\AppData\Local\{D627E77E-69A6-4468-A74F-DB969FC11AEC}
2012-02-04 04:16:34	--------	d-----w-	C:\Users\wayne\AppData\Local\{3E33F701-E117-477B-8786-E7A517FE7AAE}
2012-02-03 16:14:32	--------	d-----w-	C:\Users\wayne\AppData\Local\{915302D6-B51C-4B77-928C-F257C439C1A7}
2012-02-03 04:14:06	--------	d-----w-	C:\Users\wayne\AppData\Local\{12F8C0F3-E624-4DDD-B2E0-209450455214}
2012-02-03 04:13:55	--------	d-----w-	C:\Users\wayne\AppData\Local\{33AA2C1F-0A07-40D8-9238-C02B1AA51BEC}
2012-02-02 16:13:11	--------	d-----w-	C:\Users\wayne\AppData\Local\{BCF06F97-4B6F-40BA-ACF5-FAAF1AE7B38D}
2012-02-02 02:54:07	--------	d-----w-	C:\Users\wayne\AppData\Local\{FB969428-A393-42ED-A58B-711726BD4E17}
2012-02-01 14:53:42	--------	d-----w-	C:\Users\wayne\AppData\Local\{5E7644A2-E32E-43F9-A2DE-5B30F73296DB}
2012-02-01 02:53:16	--------	d-----w-	C:\Users\wayne\AppData\Local\{F882AFF9-471F-46C8-B025-EC02840A844E}
2012-01-31 14:52:45	--------	d-----w-	C:\Users\wayne\AppData\Local\{F3442817-84AD-46D7-B63D-A0E6FA210264}
2012-01-31 03:29:24	--------	d-----w-	C:\Program Files (x86)\LightScribe
2012-01-31 02:52:21	--------	d-----w-	C:\Users\wayne\AppData\Local\{F778F4A2-E8A5-4B9B-9DD1-A654609E94A7}
2012-01-30 14:51:53	--------	d-----w-	C:\Users\wayne\AppData\Local\{2633D4B8-FB4F-472D-B206-F2E22DA4FAD0}
2012-01-30 14:51:42	--------	d-----w-	C:\Users\wayne\AppData\Local\{078316C9-0EAF-4036-803B-182883E531C3}
2012-01-29 23:26:20	1572864	----a-w-	C:\Windows\System32\quartz.dll
2012-01-29 23:26:20	1328128	----a-w-	C:\Windows\SysWow64\quartz.dll
2012-01-29 23:26:19	514560	----a-w-	C:\Windows\SysWow64\qdvd.dll
2012-01-29 23:26:19	366592	----a-w-	C:\Windows\System32\qdvd.dll
2012-01-29 23:25:48	1731920	----a-w-	C:\Windows\System32\ntdll.dll
2012-01-29 23:25:48	1292080	----a-w-	C:\Windows\SysWow64\ntdll.dll
2012-01-29 23:18:15	--------	d-----w-	C:\Users\wayne\AppData\Local\{2CA1AF83-9619-48AF-BB5E-D8A9318DEFFE}
2012-01-29 23:18:04	--------	d-----w-	C:\Users\wayne\AppData\Local\{ACAC6FE5-3DCC-49A7-A5B7-324CEE057E5C}
2012-01-29 20:52:55	--------	d-----w-	C:\Users\wayne\AppData\Local\{C1D1EF70-9BC2-4765-9BDF-5F836CF1F606}
2012-01-29 20:49:27	--------	d-----w-	C:\Users\wayne\AppData\Local\{503FA1EE-319F-4701-AB5D-85A0F419BB54}
2012-01-29 04:58:17	--------	d-----w-	C:\Users\wayne\AppData\Local\{3740E539-318B-4CA3-BADB-84688B1B0861}
2012-01-29 04:58:04	--------	d-----w-	C:\Users\wayne\AppData\Local\{1F64D4D9-8FE0-4BAC-96FB-C53CD19A12A0}
2012-01-28 16:56:18	--------	d-----w-	C:\Users\wayne\AppData\Local\{06682C79-E43B-4380-86D2-64EF1A977AA7}
2012-01-28 04:55:23	--------	d-----w-	C:\Users\wayne\AppData\Local\{4AFC35F5-BD58-4F69-ACD8-024F8ACC1FC4}
2012-01-28 04:55:10	--------	d-----w-	C:\Users\wayne\AppData\Local\{186C8477-4DB4-41F9-8826-7D77AEE4B978}
2012-01-27 16:43:50	--------	d-----w-	C:\Users\wayne\AppData\Local\{CE448047-A405-4553-BA0C-6CDFAB51B310}
2012-01-27 04:43:09	--------	d-----w-	C:\Users\wayne\AppData\Local\{CA88D56D-CFEB-4699-944C-C93835F56733}
2012-01-26 16:42:42	--------	d-----w-	C:\Users\wayne\AppData\Local\{212FEE27-3ED1-4EC8-8100-1A625C857F5A}
2012-01-26 16:42:19	--------	d-----w-	C:\Users\wayne\AppData\Local\{B6EF899F-75F6-4F1E-BF08-F3E1E6559CA2}
2012-01-26 02:48:43	--------	d-----w-	C:\Users\wayne\AppData\Local\{89E08E25-42D2-4CA9-845D-36B416BBEBCD}
2012-01-25 14:47:58	--------	d-----w-	C:\Users\wayne\AppData\Local\{12BCC6B0-FE61-4787-A34C-C7ED954DECE8}
2012-01-25 01:08:08	--------	d-----w-	C:\Users\wayne\AppData\Local\{85C1EF2E-A855-41C2-9EFB-A25EF9F1896B}
2012-01-24 13:07:39	--------	d-----w-	C:\Users\wayne\AppData\Local\{D2CCD4D4-4BC3-47BA-A6A1-00733755B8FF}
2012-01-24 13:07:27	--------	d-----w-	C:\Users\wayne\AppData\Local\{43773920-BC0F-41E1-9E18-35C01A9140CC}
2012-01-23 23:04:35	--------	d-----w-	C:\Users\wayne\AppData\Local\{B9A75849-EECC-4E2C-85BB-8CF37E8CC9A3}
2012-01-23 23:04:23	--------	d-----w-	C:\Users\wayne\AppData\Local\{88FE27EE-07C7-4152-86FB-043689F1A98C}
2012-01-16 20:59:14	--------	d-----w-	C:\Users\wayne\AppData\Local\{7876936C-67F7-4A17-BE21-FED59764F164}
2012-01-16 20:59:01	--------	d-----w-	C:\Users\wayne\AppData\Local\{67D07EEA-58F0-4E3D-9085-DCBBC56BF107}
2012-01-16 08:58:29	--------	d-----w-	C:\Users\wayne\AppData\Local\{E2BECBF2-005E-4311-86E3-D057DAEAA0E0}
2012-01-16 08:58:16	--------	d-----w-	C:\Users\wayne\AppData\Local\{03F83BCE-CC3F-4B91-94BF-B9F0E160EBE9}
2012-01-15 20:57:45	--------	d-----w-	C:\Users\wayne\AppData\Local\{D4DAAD63-68C7-47E6-9795-CD61A9F98CAE}
2012-01-15 20:57:33	--------	d-----w-	C:\Users\wayne\AppData\Local\{C43657D6-073D-40C4-9A10-08B064F438BF}
2012-01-15 04:02:45	--------	d-----w-	C:\Users\wayne\AppData\Local\{7CF98B25-C4D0-4989-8BE3-50A7D7E63F4F}
2012-01-15 04:02:21	--------	d-----w-	C:\Users\wayne\AppData\Local\{ECDD0044-C8BA-43AA-8342-BE5461F3DB10}
2012-01-14 15:44:13	--------	d-----w-	C:\Users\wayne\AppData\Local\{733D6F99-FB1D-4A66-BDDA-DCD8396742D9}
2012-01-14 15:43:52	--------	d-----w-	C:\Users\wayne\AppData\Local\{68F85F1F-A76E-4A68-8367-C25E7A5AB48E}
2012-01-14 03:33:50	--------	d-----w-	C:\Users\wayne\AppData\Local\{4C8A1282-0728-4A18-AD60-761260C55587}
2012-01-14 03:33:39	--------	d-----w-	C:\Users\wayne\AppData\Local\{23B92FED-2991-4692-937B-AA0DE4819B86}
2012-01-13 17:07:37	--------	d-----w-	C:\Program Files (x86)\Amazon
2012-01-13 15:33:13	--------	d-----w-	C:\Users\wayne\AppData\Local\{E1E548D2-BE96-4D41-8420-0CE615DFC6AE}
2012-01-13 15:33:01	--------	d-----w-	C:\Users\wayne\AppData\Local\{99CE1243-5BFC-449B-A4FD-462A1B4DB651}
2012-01-13 03:32:47	--------	d-----w-	C:\Users\wayne\AppData\Local\{DB605EEE-8511-430B-BA66-AFFD37D94594}
2012-01-13 03:32:36	--------	d-----w-	C:\Users\wayne\AppData\Local\{49C7BFD9-F604-458A-A782-47C0182640C0}
2012-01-12 14:58:00	--------	d-----w-	C:\Users\wayne\AppData\Local\{37234EEE-81ED-4BAD-9AD3-9FCF57FD4DAB}
2012-01-12 14:57:48	--------	d-----w-	C:\Users\wayne\AppData\Local\{3004EC6E-E49D-4D54-8727-EDC05F89235C}
2012-01-12 02:57:34	--------	d-----w-	C:\Users\wayne\AppData\Local\{9FC74787-96D7-4DC1-988E-1ACF87BBDFA3}
2012-01-12 02:57:22	--------	d-----w-	C:\Users\wayne\AppData\Local\{7CE3204B-CC09-454E-B642-0B084D487089}
2012-01-11 14:56:53	--------	d-----w-	C:\Users\wayne\AppData\Local\{3F74215C-E071-4B7A-956A-45235CEA1869}
2012-01-11 14:56:38	--------	d-----w-	C:\Users\wayne\AppData\Local\{D57EE211-4D7E-41F8-82E0-13E2C9635842}
2012-01-10 16:12:25	--------	d-----w-	C:\Users\wayne\AppData\Local\{3A57F86F-DE2C-47AF-9530-3747A17B3A79}
2012-01-10 16:12:14	--------	d-----w-	C:\Users\wayne\AppData\Local\{FACCE7B0-0D8C-4FB6-B8B5-D84181C04818}
2012-01-10 04:11:59	--------	d-----w-	C:\Users\wayne\AppData\Local\{034FEA1B-3A3C-4FB3-85C2-9DF0D148ECCD}
2012-01-10 04:11:48	--------	d-----w-	C:\Users\wayne\AppData\Local\{449265D4-BD1B-428E-A68B-58832B2ECC06}
2012-01-09 09:27:09	--------	d-----w-	C:\Users\wayne\AppData\Local\{7AA47A98-6079-4C7D-8757-D0001F126094}
2012-01-09 09:26:55	--------	d-----w-	C:\Users\wayne\AppData\Local\{8F48BAC4-94C1-4DBB-A675-A5E45E115A81}
2012-01-08 21:26:41	--------	d-----w-	C:\Users\wayne\AppData\Local\{A993C36D-4A52-4929-BA9D-1C101D3D5BB0}
2012-01-08 21:26:30	--------	d-----w-	C:\Users\wayne\AppData\Local\{88FEC390-B611-49B3-97C9-85E0801EFEAF}
2012-01-08 20:19:00	--------	d-----w-	C:\Users\wayne\AppData\Local\{386458F5-577A-4841-B68E-4DA95751B155}
2012-01-08 20:18:07	--------	d-----w-	C:\Users\wayne\AppData\Local\{5C3826E1-33AE-4E78-AD84-BF8BE2B5A785}
.
==================== Find3M ====================
.
2011-12-20 23:49:54	472808	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2011-12-08 02:09:49	414368	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52:09	3145216	----a-w-	C:\Windows\System32\win32k.sys
2011-11-19 14:58:00	77312	----a-w-	C:\Windows\System32\packager.dll
2011-11-19 14:01:00	67072	----a-w-	C:\Windows\SysWow64\packager.dll
2011-11-17 06:49:14	95600	----a-w-	C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 06:49:14	152432	----a-w-	C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 06:44:43	459232	----a-w-	C:\Windows\System32\drivers\cng.sys
2011-11-17 06:35:28	395776	----a-w-	C:\Windows\System32\webio.dll
2011-11-17 06:35:26	29184	----a-w-	C:\Windows\System32\sspisrv.dll
2011-11-17 06:35:26	136192	----a-w-	C:\Windows\System32\sspicli.dll
2011-11-17 06:35:25	340992	----a-w-	C:\Windows\System32\schannel.dll
2011-11-17 06:35:25	28160	----a-w-	C:\Windows\System32\secur32.dll
2011-11-17 06:35:19	1447936	----a-w-	C:\Windows\System32\lsasrv.dll
2011-11-17 06:33:55	31232	----a-w-	C:\Windows\System32\lsass.exe
2011-11-17 05:35:02	314880	----a-w-	C:\Windows\SysWow64\webio.dll
2011-11-17 05:34:52	224768	----a-w-	C:\Windows\SysWow64\schannel.dll
2011-11-17 05:34:52	22016	----a-w-	C:\Windows\SysWow64\secur32.dll
2011-11-17 05:28:48	96768	----a-w-	C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 4:56:30.67 ===============

The gmer did not produce a log report. but a window opened saying there was no modifications made.

hope this helps.


----------



## kevinf80 (Mar 21, 2006)

You have two Security systems installed, AVG and Norton. You MUST remove one of them, two AV programs will clash and make your system very unstable. Your choice, but one has to go:

Download and install the Norton removal tool from *Here*

*Alternative link*

Install and run the tool, follow any prompts that are given.

To remove AVG go *Here* select the correct version and follow the prompts.

Tell me which one you have removed, if any remnants remain; i`ll move them.

Next,

Download *RogueKiller* (by tigzy) and save direct toyour Desktop.


Quit all programs
Start RogueKiller.exe








Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad










Next,

Download







*OTL* from any of the following links and save to your Desktop:

*Link 1*
*Link 2*
*Link 3*
*Link 4*

 Double click on the icon







to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
 When the window appears, underneath *Output* at the top, make sure *Stadard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Under the Custom Scan box paste this in:


```
[B]netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs[/B]
```

 Click the







button. Do not change any settings unless otherwise told to do so. The scan wont take long.
 When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
 Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Let me see the following in your reply :-


 RogueKiller log
 OTL scan log
 Extras log

Kevin


----------



## waydown72 (Jan 16, 2011)

RogueKiller V7.0.3 [02/06/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: wayne [Admin rights]
Mode: Scan -- Date : 02/07/2012 13:06:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Spotify ("C:\Users\wayne\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1590070460-992186472-1229105783-1002[...]\Run : Spotify ("C:\Users\wayne\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2556GSY +++++
--- User ---
[MBR] 463d58f6a55da8ec13e19c9de09bf8e0
[BSP] a903f09efe732ec6f97a2d567a53b929 : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 223880 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 458915840 | Size: 14291 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 488183808 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDT725025VLAT80 USB Device +++++
--- User ---
[MBR] 1c763764687cdedc46cdbe96fe618b81
[BSP] 31e84215f84e7ee2d149b138a08c5086 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

OTL logfile created on: 2/7/2012 1:17:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\wayne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.99% Memory free
3.87 Gb Paging File | 2.10 Gb Available in Paging File | 54.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.63 Gb Total Space | 168.68 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.30 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.09 Mb Free Space | 95.88% Space Free | Partition Type: FAT32
Drive G: | 232.88 Gb Total Space | 115.97 Gb Free Space | 49.80% Space Free | Partition Type: NTFS

Computer Name: WAYNE-LAPTOP | User Name: wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 13:12:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\wayne\Desktop\OTL.exe
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/12/19 14:42:20 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/19 14:42:18 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/12/06 10:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2011/11/01 23:26:24 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/02 00:40:49 | 000,334,792 | ---- | M] () -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
PRC - [2011/06/02 00:40:28 | 000,510,920 | ---- | M] () -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/01/17 18:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

========== Modules (No Company Name) ==========

MOD - [2011/12/20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/12/19 14:42:18 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011/10/13 11:40:04 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/10/13 11:38:27 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 11:38:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 11:38:18 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 11:37:06 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/19 20:23:12 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/24 21:56:14 | 000,223,520 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
MOD - [2011/06/02 00:40:28 | 000,510,920 | ---- | M] () -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/22 19:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 19:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 19:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2010/06/24 14:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:*64bit:* - [2010/01/18 23:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:*64bit:* - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:*64bit:* - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/19 14:42:20 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/02 00:40:49 | 000,334,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe -- (OrangeMobileBroadband_Service)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 18:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 19:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:*64bit:* - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:*64bit:* - [2011/09/08 13:15:08 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:*64bit:* - [2011/09/08 13:15:08 | 000,091,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:*64bit:* - [2011/09/08 13:15:08 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:*64bit:* - [2011/09/08 00:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:*64bit:* - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:*64bit:* - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:*64bit:* - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:*64bit:* - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:*64bit:* - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:*64bit:* - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/04/01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:*64bit:* - [2011/04/01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2010/08/02 11:14:48 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:*64bit:* - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:*64bit:* - [2010/05/27 21:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2010/04/13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/03/05 19:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:*64bit:* - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:*64bit:* - [2009/09/23 01:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:*64bit:* - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:*64bit:* - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:*64bit:* - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:*64bit:* - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/08 13:15:08 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/09/08 13:15:08 | 000,091,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/09/08 13:15:08 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2009/09/23 01:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
IE - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.hotmail.co.uk/"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e224a9f&v=7.008.031.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 0

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/03 02:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\9.0.0.22\ [2011/12/19 14:42:25 | 000,000,000 | ---D | M]

[2011/07/15 02:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wayne\AppData\Roaming\Mozilla\Extensions
[2011/10/18 03:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\extensions
[2011/09/22 14:34:45 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/13 00:56:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\extensions\[email protected]
[2011/09/27 14:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/19 20:20:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/19 18:53:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/09/16 11:11:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
() (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I47DLX98.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:*64bit:* - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:*64bit:* - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3:*64bit:* - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1590070460-992186472-1229105783-1002..\Run: [Spotify] "C:\Users\wayne\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254E0A9-0D93-4F95-B582-FF7FD032CE0E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797F4521-A23C-4937-99E5-6705B2879883}: DhcpNameServer = 192.168.0.1
O18:*64bit:* - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-itss - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20:*64bit:* - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:*64bit:* - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) -C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) -C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{df35d6ee-da19-11e0-8afc-3c4a9250d60c}\Shell - "" = AutoRun
O33 - MountPoints2\{df35d6ee-da19-11e0-8afc-3c4a9250d60c}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/07 13:12:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\wayne\Desktop\OTL.exe
[2012/02/07 13:03:04 | 000,000,000 | ---D | C] -- C:\Users\wayne\Desktop\RK_Quarantine
[2012/02/07 12:51:55 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3D523CDE-6FF4-4077-9ADE-D9C2B09AC68F}
[2012/02/07 12:51:43 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{6BAF5448-9108-439E-A279-5A3555130253}
[2012/02/07 05:46:38 | 000,509,440 | ---- | C] (Tech Support Guy System) -- C:\Users\wayne\Desktop\SysInfo.exe
[2012/02/07 04:45:36 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/02/07 04:45:36 | 000,000,000 | ---D | C] -- C:\desktop
[2012/02/06 14:37:35 | 000,000,000 | ---D | C] -- C:\Users\wayne\Documents\My Photos
[2012/02/06 14:37:35 | 000,000,000 | ---D | C] -- C:\Users\wayne\Documents\My Documents
[2012/02/06 14:30:29 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/02/06 14:29:47 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{E84053AD-F3E9-4C75-A7C6-4A4B3F2EC791}
[2012/02/06 14:29:35 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{C305A6C7-EAF6-4D93-81FC-D27F371FE6D1}
[2012/02/06 03:38:41 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\Htc
[2012/02/06 03:38:19 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Roaming\HTC
[2012/02/06 03:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2012/02/06 03:36:29 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\Downloaded Installations
[2012/02/06 03:36:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/02/06 03:35:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012/02/06 03:35:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012/02/06 03:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/02/05 22:12:54 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3A94912B-F3B5-4335-9DA7-72CCCDA7417D}
[2012/02/05 04:17:46 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{5D71B834-B33A-4C57-80DC-EED831280D9A}
[2012/02/05 04:17:35 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{7E6DEC0B-1D85-4E88-8C70-2F6A4176A135}
[2012/02/04 16:17:12 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{521A254C-2B12-4699-9F36-651514587B37}
[2012/02/04 04:16:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D627E77E-69A6-4468-A74F-DB969FC11AEC}
[2012/02/04 04:16:34 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3E33F701-E117-477B-8786-E7A517FE7AAE}
[2012/02/03 16:14:32 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{915302D6-B51C-4B77-928C-F257C439C1A7}
[2012/02/03 04:14:06 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{12F8C0F3-E624-4DDD-B2E0-209450455214}
[2012/02/03 04:13:55 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{33AA2C1F-0A07-40D8-9238-C02B1AA51BEC}
[2012/02/02 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{BCF06F97-4B6F-40BA-ACF5-FAAF1AE7B38D}
[2012/02/02 02:54:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{FB969428-A393-42ED-A58B-711726BD4E17}
[2012/02/01 14:53:42 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{5E7644A2-E32E-43F9-A2DE-5B30F73296DB}
[2012/02/01 02:53:16 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{F882AFF9-471F-46C8-B025-EC02840A844E}
[2012/01/31 14:52:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{F3442817-84AD-46D7-B63D-A0E6FA210264}
[2012/01/31 03:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe
[2012/01/31 02:52:21 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{F778F4A2-E8A5-4B9B-9DD1-A654609E94A7}
[2012/01/30 14:51:53 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{2633D4B8-FB4F-472D-B206-F2E22DA4FAD0}
[2012/01/30 14:51:42 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{078316C9-0EAF-4036-803B-182883E531C3}
[2012/01/29 23:26:20 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/01/29 23:26:20 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/01/29 23:26:19 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/01/29 23:26:19 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/01/29 23:25:48 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/01/29 23:23:55 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/01/29 23:23:55 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/01/29 23:23:54 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/01/29 23:23:54 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/01/29 23:23:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/01/29 23:23:53 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/01/29 23:23:21 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/01/29 23:23:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/01/29 23:18:15 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{2CA1AF83-9619-48AF-BB5E-D8A9318DEFFE}
[2012/01/29 23:18:04 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{ACAC6FE5-3DCC-49A7-A5B7-324CEE057E5C}
[2012/01/29 20:52:55 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{C1D1EF70-9BC2-4765-9BDF-5F836CF1F606}
[2012/01/29 20:49:27 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{503FA1EE-319F-4701-AB5D-85A0F419BB54}
[2012/01/29 04:58:17 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3740E539-318B-4CA3-BADB-84688B1B0861}
[2012/01/29 04:58:04 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{1F64D4D9-8FE0-4BAC-96FB-C53CD19A12A0}
[2012/01/28 16:56:18 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{06682C79-E43B-4380-86D2-64EF1A977AA7}
[2012/01/28 04:55:23 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4AFC35F5-BD58-4F69-ACD8-024F8ACC1FC4}
[2012/01/28 04:55:10 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{186C8477-4DB4-41F9-8826-7D77AEE4B978}
[2012/01/27 16:43:50 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{CE448047-A405-4553-BA0C-6CDFAB51B310}
[2012/01/27 04:43:09 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{CA88D56D-CFEB-4699-944C-C93835F56733}
[2012/01/26 16:42:42 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{212FEE27-3ED1-4EC8-8100-1A625C857F5A}
[2012/01/26 16:42:19 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{B6EF899F-75F6-4F1E-BF08-F3E1E6559CA2}
[2012/01/26 02:48:43 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{89E08E25-42D2-4CA9-845D-36B416BBEBCD}
[2012/01/25 14:47:58 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{12BCC6B0-FE61-4787-A34C-C7ED954DECE8}
[2012/01/25 01:08:08 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{85C1EF2E-A855-41C2-9EFB-A25EF9F1896B}
[2012/01/24 13:07:39 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D2CCD4D4-4BC3-47BA-A6A1-00733755B8FF}
[2012/01/24 13:07:27 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{43773920-BC0F-41E1-9E18-35C01A9140CC}
[2012/01/23 23:04:35 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{B9A75849-EECC-4E2C-85BB-8CF37E8CC9A3}
[2012/01/23 23:04:23 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{88FE27EE-07C7-4152-86FB-043689F1A98C}
[2012/01/16 20:59:14 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{7876936C-67F7-4A17-BE21-FED59764F164}
[2012/01/16 20:59:01 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{67D07EEA-58F0-4E3D-9085-DCBBC56BF107}
[2012/01/16 08:58:29 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{E2BECBF2-005E-4311-86E3-D057DAEAA0E0}
[2012/01/16 08:58:16 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{03F83BCE-CC3F-4B91-94BF-B9F0E160EBE9}
[2012/01/15 20:57:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D4DAAD63-68C7-47E6-9795-CD61A9F98CAE}
[2012/01/15 20:57:33 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{C43657D6-073D-40C4-9A10-08B064F438BF}
[2012/01/15 04:02:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{7CF98B25-C4D0-4989-8BE3-50A7D7E63F4F}
[2012/01/15 04:02:21 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{ECDD0044-C8BA-43AA-8342-BE5461F3DB10}
[2012/01/14 15:44:13 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{733D6F99-FB1D-4A66-BDDA-DCD8396742D9}
[2012/01/14 15:43:52 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{68F85F1F-A76E-4A68-8367-C25E7A5AB48E}
[2012/01/14 03:33:50 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4C8A1282-0728-4A18-AD60-761260C55587}
[2012/01/14 03:33:39 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{23B92FED-2991-4692-937B-AA0DE4819B86}
[2012/01/13 17:08:29 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Roaming\Amazon
[2012/01/13 17:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/01/13 15:33:13 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{E1E548D2-BE96-4D41-8420-0CE615DFC6AE}
[2012/01/13 15:33:01 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{99CE1243-5BFC-449B-A4FD-462A1B4DB651}
[2012/01/13 03:32:47 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{DB605EEE-8511-430B-BA66-AFFD37D94594}
[2012/01/13 03:32:36 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{49C7BFD9-F604-458A-A782-47C0182640C0}
[2012/01/12 14:58:00 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{37234EEE-81ED-4BAD-9AD3-9FCF57FD4DAB}
[2012/01/12 14:57:48 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3004EC6E-E49D-4D54-8727-EDC05F89235C}
[2012/01/12 02:57:34 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{9FC74787-96D7-4DC1-988E-1ACF87BBDFA3}
[2012/01/12 02:57:22 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{7CE3204B-CC09-454E-B642-0B084D487089}
[2012/01/11 14:56:53 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3F74215C-E071-4B7A-956A-45235CEA1869}
[2012/01/11 14:56:38 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D57EE211-4D7E-41F8-82E0-13E2C9635842}
[2012/01/10 16:12:25 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3A57F86F-DE2C-47AF-9530-3747A17B3A79}
[2012/01/10 16:12:14 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{FACCE7B0-0D8C-4FB6-B8B5-D84181C04818}
[2012/01/10 04:11:59 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{034FEA1B-3A3C-4FB3-85C2-9DF0D148ECCD}
[2012/01/10 04:11:48 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{449265D4-BD1B-428E-A68B-58832B2ECC06}
[2012/01/09 09:27:09 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{7AA47A98-6079-4C7D-8757-D0001F126094}
[2012/01/09 09:26:55 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{8F48BAC4-94C1-4DBB-A675-A5E45E115A81}
[2012/01/08 21:26:41 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{A993C36D-4A52-4929-BA9D-1C101D3D5BB0}
[2012/01/08 21:26:30 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{88FEC390-B611-49B3-97C9-85E0801EFEAF}
[2012/01/08 20:19:00 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{386458F5-577A-4841-B68E-4DA95751B155}
[2012/01/08 20:18:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{5C3826E1-33AE-4E78-AD84-BF8BE2B5A785}
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/07 13:12:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\wayne\Desktop\OTL.exe
[2012/02/07 13:02:42 | 001,203,200 | ---- | M] () -- C:\Users\wayne\Desktop\RogueKiller.exe
[2012/02/07 12:57:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 12:57:41 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/07 12:50:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/07 12:50:21 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/07 12:49:25 | 088,404,981 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm.prepare
[2012/02/07 12:22:53 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/07 12:22:53 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/07 12:22:53 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/07 05:46:41 | 000,509,440 | ---- | M] (Tech Support Guy System) -- C:\Users\wayne\Desktop\SysInfo.exe
[2012/02/07 05:11:32 | 000,001,416 | ---- | M] () -- C:\Users\wayne\Desktop\dds - Shortcut.lnk
[2012/02/07 05:11:20 | 000,001,463 | ---- | M] () -- C:\Users\wayne\Desktop\grngg81v - Shortcut.lnk
[2012/02/07 04:45:36 | 000,002,951 | ---- | M] () -- C:\Users\wayne\Desktop\HiJackThis.lnk
[2012/02/06 03:41:23 | 088,282,867 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/02/06 03:40:25 | 000,257,114 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/02/06 03:38:11 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012/02/05 02:45:41 | 088,181,301 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm.old
[2012/02/03 21:33:33 | 000,063,060 | ---- | M] () -- C:\Users\wayne\Documents\feb2012.mmp
[2012/02/03 02:04:21 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/02/02 21:44:52 | 000,026,977 | ---- | M] () -- C:\Users\wayne\Desktop\rota new 2012.pdf
[2012/02/02 19:24:02 | 000,009,591 | ---- | M] () -- C:\Users\wayne\Documents\rota new 2012.ods
[2012/01/14 01:52:27 | 000,081,480 | ---- | M] () -- C:\Users\wayne\Documents\jan2012.mmp
[9 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/07 13:02:40 | 001,203,200 | ---- | C] () -- C:\Users\wayne\Desktop\RogueKiller.exe
[2012/02/07 05:11:32 | 000,001,416 | ---- | C] () -- C:\Users\wayne\Desktop\dds - Shortcut.lnk
[2012/02/07 05:11:20 | 000,001,463 | ---- | C] () -- C:\Users\wayne\Desktop\grngg81v - Shortcut.lnk
[2012/02/07 04:45:36 | 000,002,951 | ---- | C] () -- C:\Users\wayne\Desktop\HiJackThis.lnk
[2012/02/06 03:38:11 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012/02/02 21:44:51 | 000,026,977 | ---- | C] () -- C:\Users\wayne\Desktop\rota new 2012.pdf
[2012/02/02 19:12:21 | 000,009,591 | ---- | C] () -- C:\Users\wayne\Documents\rota new 2012.ods
[2012/02/02 04:21:13 | 000,063,060 | ---- | C] () -- C:\Users\wayne\Documents\feb2012.mmp
[2011/11/23 01:09:06 | 000,005,632 | ---- | C] () -- C:\Users\wayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:05:44 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/17 14:05:44 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011/07/17 13:57:07 | 000,000,118 | ---- | C] () -- C:\Users\wayne\AppData\Roaming\wklnhst.dat
[2011/07/15 02:47:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/11/11 08:32:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/11/11 08:29:20 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/11 08:29:20 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/27 02:41:38 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/03/05 19:57:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/03/05 19:57:02 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/03/05 19:56:58 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/09/29 22:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 21:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004/06/06 11:53:42 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2004/06/05 11:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2004/01/27 12:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2001/09/17 12:20:02 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll

========== LOP Check ==========

[2012/01/13 17:08:29 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Amazon
[2011/10/18 03:12:46 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\AVG2012
[2011/09/13 00:56:28 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Babylon
[2011/07/18 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/01 15:40:47 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\DVDVideoSoft
[2012/02/06 03:38:54 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\HTC
[2012/02/06 14:30:29 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/07/25 01:37:20 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Leadertech
[2011/07/16 12:20:25 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\NCH Swift Sound
[2011/07/19 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\OpenOffice.org
[2011/10/28 15:30:00 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\OrangeMobileBroadband
[2011/07/14 16:32:39 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Serif
[2011/07/17 13:57:25 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Template
[2012/02/06 03:39:50 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\uTorrent
[2011/09/08 13:29:49 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\WildTangent
[2011/08/01 17:46:54 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Windows Live Writer
[2011/07/15 02:46:57 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\_MDLogs
[2011/12/30 16:40:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/03/27 01:36:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 06:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/03/27 01:36:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/03/27 01:36:02 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/03/27 01:34:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/03/27 01:36:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/03/27 01:34:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/03/27 01:36:56 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/03/27 01:34:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/03/27 01:36:56 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/03/27 01:36:02 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 06:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/03/27 01:34:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/03/27 01:36:02 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/03/27 01:36:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/03/27 01:36:56 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/22 15:53:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/22 15:53:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/22 15:53:00 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/07/22 15:53:12 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2011/07/22 15:53:12 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/22 15:52:36 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/22 15:52:36 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/22 15:52:36 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/07/22 15:53:12 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2011/07/22 15:53:12 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/11/10 17:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extras logfile created on: 2/7/2012 1:17:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\wayne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 44.99% Memory free
3.87 Gb Paging File | 2.10 Gb Available in Paging File | 54.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.63 Gb Total Space | 168.68 Gb Free Space | 77.15% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.30 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.09 Mb Free Space | 95.88% Space Free | Partition Type: FAT32
Drive G: | 232.88 Gb Total Space | 115.97 Gb Free Space | 49.80% Space Free | Partition Type: NTFS

Computer Name: WAYNE-LAPTOP | User Name: wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BCC0AD-0699-48B6-9900-3C53BBCD4DAC}" = AVG 2011
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2393F144-F88F-4FB3-8B57-9D6F8B4E8F9E}" = AVG 2011
"{34C5BC15-2401-4980-9D95-ABD2CE8DD08A}" = AVG 2011
"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012
"{42B40185-E134-43FD-9381-69F92B317417}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5349A735-7482-406F-9FE4-3BB24608479D}" = AVG 2012
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65510247-DAA8-4161-9898-42C78EAF1BC5}" = AVG 2012
"{7BE6B345-6BD9-492E-A440-A32D12AB2EF3}" = AVG 2012
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88381CA0-AB27-45B5-8BB8-E68987822AF8}" = AVG 2012
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BEC69493-1732-4F85-B559-CC99CB30665C}" = AVG 2012
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA109F0F-122E-4D48-9DBF-14DC02EE85E4}" = AVG 2011
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901F0D4C-009D-1112-8DE4-03599E7B0C5C}" = REALTEK Wireless LAN Software
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"EasyBits Magic Desktop" = Magic Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.27 Full
"mmexpresssetup_is1" = MixMeister Express 7.0.9
"My HP Game Console" = HP Game Console
"OrangeMobileBroadband" = Orange Mobile Broadband
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WildTangent hp Master Uninstall" = HP Games
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinLiveSuite" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082439" = Bus Driver
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082463" = Zuma's Revenge
"WT083484" = Escape Rosecliff Island
"WT083492" = Agatha Christie - Death on the Nile

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/24/2011 4:20:15 PM | Computer Name = wayne-laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 12/24/2011 4:20:16 PM | Computer Name = wayne-laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 12/24/2011 4:20:18 PM | Computer Name = wayne-laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 12/24/2011 4:20:19 PM | Computer Name = wayne-laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 12/28/2011 10:37:41 AM | Computer Name = wayne-laptop | Source = Application Hang | ID = 1002
Description = The program Safari.exe version 5.34.52.7 stopped interacting with 
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d04 Start
Time: 01ccc4f926b52210 Termination Time: 190 Application Path: C:\Program Files (x86)\Safari\Safari.exe

Report
Id: 6332aafc-3161-11e1-94af-3c4a9250d60c

Error - 12/30/2011 11:13:33 AM | Computer Name = wayne-laptop | Source = Application Hang | ID = 1002
Description = The program Safari.exe version 5.34.52.7 stopped interacting with 
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1070 Start
Time: 01ccc6311bc2c575 Termination Time: 209 Application Path: C:\Program Files (x86)\Safari\Safari.exe

Report
Id: ca55881c-32f8-11e1-b749-3c4a9250d60c

Error - 1/2/2012 11:18:38 AM | Computer Name = wayne-laptop | Source = Application Hang | ID = 1002
Description = The program Safari.exe version 5.34.52.7 stopped interacting with 
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1160 Start
Time: 01ccc7df040c8565 Termination Time: 568 Application Path: C:\Program Files (x86)\Safari\Safari.exe

Report
Id: fd6beefb-3554-11e1-b20a-3c4a9250d60c

Error - 1/2/2012 7:32:12 PM | Computer Name = wayne-laptop | Source = Application Error | ID = 1000
Description = Faulting application name: vlc.exe, version: 0.8.6.0, time stamp: 
0x47f2ba07 Faulting module name: libvlc.dll, version: 0.0.0.0, time stamp: 0x47f2ba07
Exception
code: 0xc0000005 Fault offset: 0x0001b82a Faulting process id: 0x900 Faulting application
start time: 0x01ccc9a5d667f4d1 Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting
module path: C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll Report Id: fe867d18-3599-11e1-bd24-3c4a9250d60c

Error - 1/3/2012 1:13:57 PM | Computer Name = wayne-laptop | Source = MsiInstaller | ID = 1013
Description =

Error - 1/3/2012 8:01:28 PM | Computer Name = wayne-laptop | Source = MsiInstaller | ID = 1013
Description =

[ Media Center Events ]
Error - 1/13/2012 5:04:22 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 21:04:21 - Error connecting to the internet. 21:04:21 - Unable 
to contact server..

Error - 1/13/2012 5:04:33 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 21:04:27 - Error connecting to the internet. 21:04:27 - Unable 
to contact server..

Error - 1/13/2012 6:08:31 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 22:08:31 - Error connecting to the internet. 22:08:31 - Unable 
to contact server..

Error - 1/13/2012 6:08:41 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 22:08:36 - Error connecting to the internet. 22:08:36 - Unable 
to contact server..

Error - 1/13/2012 7:12:23 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 23:12:23 - Error connecting to the internet. 23:12:23 - Unable 
to contact server..

Error - 1/13/2012 7:12:30 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 23:12:28 - Error connecting to the internet. 23:12:28 - Unable 
to contact server..

Error - 1/13/2012 8:12:39 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 00:12:39 - Error connecting to the internet. 00:12:39 - Unable 
to contact server..

Error - 1/13/2012 8:12:50 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 00:12:44 - Error connecting to the internet. 00:12:44 - Unable 
to contact server..

Error - 1/17/2012 4:22:43 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 20:22:37 - Error connecting to the internet. 20:22:42 - Unable 
to contact server..

Error - 1/17/2012 4:23:28 PM | Computer Name = wayne-laptop | Source = MCUpdate | ID = 0
Description = 20:22:58 - Error connecting to the internet. 20:22:58 - Unable 
to contact server..

[ OSession Events ]
Error - 8/16/2011 10:09:38 AM | Computer Name = wayne-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 933
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/14/2011 11:18:23 AM | Computer Name = wayne-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 302
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/14/2011 11:26:27 AM | Computer Name = wayne-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 466
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/16/2011 11:52:38 AM | Computer Name = wayne-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6611.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 142
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/22/2011 12:23:28 PM | Computer Name = wayne-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 9590
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/20/2011 9:15:56 PM | Computer Name = wayne-laptop | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.2
with the system having network hardware address E8-5B-5B-13-0B-95. Network operations
on this system may be disrupted as a result.

Error - 12/20/2011 11:18:28 PM | Computer Name = wayne-laptop | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 12/21/2011 9:36:45 AM | Computer Name = wayne-laptop | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.2
with the system having network hardware address C4-17-FE-01-4F-ED. Network operations
on this system may be disrupted as a result.

Error - 12/22/2011 5:36:21 AM | Computer Name = wayne-laptop | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.3
with the system having network hardware address C4-17-FE-01-4F-ED. Network operations
on this system may be disrupted as a result.

Error - 12/22/2011 6:58:21 AM | Computer Name = wayne-laptop | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 12/23/2011 8:33:47 PM | Computer Name = wayne-laptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/24/2011 2:51:53 AM | Computer Name = wayne-laptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/24/2011 2:51:53 AM | Computer Name = wayne-laptop | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/24/2011 12:05:43 PM | Computer Name = wayne-laptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NIS service.

Error - 12/24/2011 4:17:24 PM | Computer Name = wayne-laptop | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

< End of report >

Hope these log reports are ok.


----------



## waydown72 (Jan 16, 2011)

Sorry by the way i removed the norton security.
Many thanks.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the logs, do the following:

*Step 1*

Re-Run







by double left click, Vista and Widows 7 users right click and select Run as Administrator.


Under the







box at the bottom, paste in the following


```
:OTL
PRC - [2011/12/06 10:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
IE - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
[2011/09/22 14:34:45 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\ex tensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/13 00:56:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\ex tensions\[email protected]
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1590070460-992186472-1229105783-1002\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKU\S-1-5-21-1590070460-992186472-1229105783-1002..\Run: [Spotify] "C:\Users\wayne\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) -C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) -C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Files
ipconfig /flushdns /c
C:\Users\wayne\AppData\Local\{3D523CDE-6FF4-4077-9ADE-D9C2B09AC68F}
C:\Users\wayne\AppData\Local\{6BAF5448-9108-439E-A279-5A3555130253}
C:\Users\wayne\AppData\Local\{E84053AD-F3E9-4C75-A7C6-4A4B3F2EC791}
C:\Users\wayne\AppData\Local\{C305A6C7-EAF6-4D93-81FC-D27F371FE6D1}
C:\Users\wayne\AppData\Local\{3A94912B-F3B5-4335-9DA7-72CCCDA7417D}
C:\Users\wayne\AppData\Local\{5D71B834-B33A-4C57-80DC-EED831280D9A}
C:\Users\wayne\AppData\Local\{7E6DEC0B-1D85-4E88-8C70-2F6A4176A135}
C:\Users\wayne\AppData\Local\{521A254C-2B12-4699-9F36-651514587B37}
C:\Users\wayne\AppData\Local\{D627E77E-69A6-4468-A74F-DB969FC11AEC}
C:\Users\wayne\AppData\Local\{3E33F701-E117-477B-8786-E7A517FE7AAE}
C:\Users\wayne\AppData\Local\{915302D6-B51C-4B77-928C-F257C439C1A7}
C:\Users\wayne\AppData\Local\{12F8C0F3-E624-4DDD-B2E0-209450455214}
C:\Users\wayne\AppData\Local\{33AA2C1F-0A07-40D8-9238-C02B1AA51BEC}
C:\Users\wayne\AppData\Local\{BCF06F97-4B6F-40BA-ACF5-FAAF1AE7B38D}
C:\Users\wayne\AppData\Local\{FB969428-A393-42ED-A58B-711726BD4E17}
C:\Users\wayne\AppData\Local\{5E7644A2-E32E-43F9-A2DE-5B30F73296DB}
C:\Users\wayne\AppData\Local\{F882AFF9-471F-46C8-B025-EC02840A844E}
C:\Users\wayne\AppData\Local\{F3442817-84AD-46D7-B63D-A0E6FA210264}
C:\Users\wayne\AppData\Local\{F778F4A2-E8A5-4B9B-9DD1-A654609E94A7}
C:\Users\wayne\AppData\Local\{2633D4B8-FB4F-472D-B206-F2E22DA4FAD0}
C:\Users\wayne\AppData\Local\{078316C9-0EAF-4036-803B-182883E531C3}
C:\Users\wayne\AppData\Local\{2CA1AF83-9619-48AF-BB5E-D8A9318DEFFE}
C:\Users\wayne\AppData\Local\{ACAC6FE5-3DCC-49A7-A5B7-324CEE057E5C}
C:\Users\wayne\AppData\Local\{C1D1EF70-9BC2-4765-9BDF-5F836CF1F606}
C:\Users\wayne\AppData\Local\{503FA1EE-319F-4701-AB5D-85A0F419BB54}
C:\Users\wayne\AppData\Local\{3740E539-318B-4CA3-BADB-84688B1B0861}
C:\Users\wayne\AppData\Local\{1F64D4D9-8FE0-4BAC-96FB-C53CD19A12A0}
C:\Users\wayne\AppData\Local\{06682C79-E43B-4380-86D2-64EF1A977AA7}
C:\Users\wayne\AppData\Local\{4AFC35F5-BD58-4F69-ACD8-024F8ACC1FC4}
C:\Users\wayne\AppData\Local\{186C8477-4DB4-41F9-8826-7D77AEE4B978}
C:\Users\wayne\AppData\Local\{CE448047-A405-4553-BA0C-6CDFAB51B310}
C:\Users\wayne\AppData\Local\{CA88D56D-CFEB-4699-944C-C93835F56733}
C:\Users\wayne\AppData\Local\{212FEE27-3ED1-4EC8-8100-1A625C857F5A}
C:\Users\wayne\AppData\Local\{B6EF899F-75F6-4F1E-BF08-F3E1E6559CA2}
C:\Users\wayne\AppData\Local\{89E08E25-42D2-4CA9-845D-36B416BBEBCD}
C:\Users\wayne\AppData\Local\{12BCC6B0-FE61-4787-A34C-C7ED954DECE8}
C:\Users\wayne\AppData\Local\{85C1EF2E-A855-41C2-9EFB-A25EF9F1896B}
C:\Users\wayne\AppData\Local\{D2CCD4D4-4BC3-47BA-A6A1-00733755B8FF}
C:\Users\wayne\AppData\Local\{43773920-BC0F-41E1-9E18-35C01A9140CC}
C:\Users\wayne\AppData\Local\{B9A75849-EECC-4E2C-85BB-8CF37E8CC9A3}
C:\Users\wayne\AppData\Local\{88FE27EE-07C7-4152-86FB-043689F1A98C}
C:\Users\wayne\AppData\Local\{7876936C-67F7-4A17-BE21-FED59764F164}
C:\Users\wayne\AppData\Local\{67D07EEA-58F0-4E3D-9085-DCBBC56BF107}
C:\Users\wayne\AppData\Local\{E2BECBF2-005E-4311-86E3-D057DAEAA0E0}
C:\Users\wayne\AppData\Local\{03F83BCE-CC3F-4B91-94BF-B9F0E160EBE9}
C:\Users\wayne\AppData\Local\{D4DAAD63-68C7-47E6-9795-CD61A9F98CAE}
C:\Users\wayne\AppData\Local\{C43657D6-073D-40C4-9A10-08B064F438BF}
C:\Users\wayne\AppData\Local\{7CF98B25-C4D0-4989-8BE3-50A7D7E63F4F}
C:\Users\wayne\AppData\Local\{ECDD0044-C8BA-43AA-8342-BE5461F3DB10}
C:\Users\wayne\AppData\Local\{733D6F99-FB1D-4A66-BDDA-DCD8396742D9}
C:\Users\wayne\AppData\Local\{68F85F1F-A76E-4A68-8367-C25E7A5AB48E}
C:\Users\wayne\AppData\Local\{4C8A1282-0728-4A18-AD60-761260C55587}
C:\Users\wayne\AppData\Local\{23B92FED-2991-4692-937B-AA0DE4819B86}
C:\Users\wayne\AppData\Local\{E1E548D2-BE96-4D41-8420-0CE615DFC6AE}
C:\Users\wayne\AppData\Local\{99CE1243-5BFC-449B-A4FD-462A1B4DB651}
C:\Users\wayne\AppData\Local\{DB605EEE-8511-430B-BA66-AFFD37D94594}
C:\Users\wayne\AppData\Local\{49C7BFD9-F604-458A-A782-47C0182640C0}
C:\Users\wayne\AppData\Local\{37234EEE-81ED-4BAD-9AD3-9FCF57FD4DAB}
C:\Users\wayne\AppData\Local\{3004EC6E-E49D-4D54-8727-EDC05F89235C}
C:\Users\wayne\AppData\Local\{9FC74787-96D7-4DC1-988E-1ACF87BBDFA3}
C:\Users\wayne\AppData\Local\{7CE3204B-CC09-454E-B642-0B084D487089}
C:\Users\wayne\AppData\Local\{3F74215C-E071-4B7A-956A-45235CEA1869}
C:\Users\wayne\AppData\Local\{D57EE211-4D7E-41F8-82E0-13E2C9635842}
C:\Users\wayne\AppData\Local\{3A57F86F-DE2C-47AF-9530-3747A17B3A79}
C:\Users\wayne\AppData\Local\{FACCE7B0-0D8C-4FB6-B8B5-D84181C04818}
C:\Users\wayne\AppData\Local\{034FEA1B-3A3C-4FB3-85C2-9DF0D148ECCD}
C:\Users\wayne\AppData\Local\{449265D4-BD1B-428E-A68B-58832B2ECC06}
C:\Users\wayne\AppData\Local\{7AA47A98-6079-4C7D-8757-D0001F126094}
C:\Users\wayne\AppData\Local\{8F48BAC4-94C1-4DBB-A675-A5E45E115A81}
C:\Users\wayne\AppData\Local\{A993C36D-4A52-4929-BA9D-1C101D3D5BB0}
C:\Users\wayne\AppData\Local\{88FEC390-B611-49B3-97C9-85E0801EFEAF}
C:\Users\wayne\AppData\Local\{386458F5-577A-4841-B68E-4DA95751B155}
C:\Users\wayne\AppData\Local\{5C3826E1-33AE-4E78-AD84-BF8BE2B5A785}
C:\Users\wayne\AppData\Roaming\Babylon
:Commands
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply.

*Step 2*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post the logs from OTL fix and Malwarebytes in next reply...

Kevin


----------



## waydown72 (Jan 16, 2011)

========== OTL ==========
Process datamngrUI.exe killed successfully!
HKU\S-1-5-21-1590070460-992186472-1229105783-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Folder C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\ex tensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Folder C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\ex tensions\[email protected]\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Spotify deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) -C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) -C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\wayne\Desktop\cmd.bat deleted successfully.
C:\Users\wayne\Desktop\cmd.txt deleted successfully.
C:\Users\wayne\AppData\Local\{3D523CDE-6FF4-4077-9ADE-D9C2B09AC68F} folder moved successfully.
C:\Users\wayne\AppData\Local\{6BAF5448-9108-439E-A279-5A3555130253} folder moved successfully.
C:\Users\wayne\AppData\Local\{E84053AD-F3E9-4C75-A7C6-4A4B3F2EC791} folder moved successfully.
C:\Users\wayne\AppData\Local\{C305A6C7-EAF6-4D93-81FC-D27F371FE6D1} folder moved successfully.
C:\Users\wayne\AppData\Local\{3A94912B-F3B5-4335-9DA7-72CCCDA7417D} folder moved successfully.
C:\Users\wayne\AppData\Local\{5D71B834-B33A-4C57-80DC-EED831280D9A} folder moved successfully.
C:\Users\wayne\AppData\Local\{7E6DEC0B-1D85-4E88-8C70-2F6A4176A135} folder moved successfully.
C:\Users\wayne\AppData\Local\{521A254C-2B12-4699-9F36-651514587B37} folder moved successfully.
C:\Users\wayne\AppData\Local\{D627E77E-69A6-4468-A74F-DB969FC11AEC} folder moved successfully.
C:\Users\wayne\AppData\Local\{3E33F701-E117-477B-8786-E7A517FE7AAE} folder moved successfully.
C:\Users\wayne\AppData\Local\{915302D6-B51C-4B77-928C-F257C439C1A7} folder moved successfully.
C:\Users\wayne\AppData\Local\{12F8C0F3-E624-4DDD-B2E0-209450455214} folder moved successfully.
C:\Users\wayne\AppData\Local\{33AA2C1F-0A07-40D8-9238-C02B1AA51BEC} folder moved successfully.
C:\Users\wayne\AppData\Local\{BCF06F97-4B6F-40BA-ACF5-FAAF1AE7B38D} folder moved successfully.
C:\Users\wayne\AppData\Local\{FB969428-A393-42ED-A58B-711726BD4E17} folder moved successfully.
C:\Users\wayne\AppData\Local\{5E7644A2-E32E-43F9-A2DE-5B30F73296DB} folder moved successfully.
C:\Users\wayne\AppData\Local\{F882AFF9-471F-46C8-B025-EC02840A844E} folder moved successfully.
C:\Users\wayne\AppData\Local\{F3442817-84AD-46D7-B63D-A0E6FA210264} folder moved successfully.
C:\Users\wayne\AppData\Local\{F778F4A2-E8A5-4B9B-9DD1-A654609E94A7} folder moved successfully.
C:\Users\wayne\AppData\Local\{2633D4B8-FB4F-472D-B206-F2E22DA4FAD0} folder moved successfully.
C:\Users\wayne\AppData\Local\{078316C9-0EAF-4036-803B-182883E531C3} folder moved successfully.
C:\Users\wayne\AppData\Local\{2CA1AF83-9619-48AF-BB5E-D8A9318DEFFE} folder moved successfully.
C:\Users\wayne\AppData\Local\{ACAC6FE5-3DCC-49A7-A5B7-324CEE057E5C} folder moved successfully.
C:\Users\wayne\AppData\Local\{C1D1EF70-9BC2-4765-9BDF-5F836CF1F606} folder moved successfully.
C:\Users\wayne\AppData\Local\{503FA1EE-319F-4701-AB5D-85A0F419BB54} folder moved successfully.
C:\Users\wayne\AppData\Local\{3740E539-318B-4CA3-BADB-84688B1B0861} folder moved successfully.
C:\Users\wayne\AppData\Local\{1F64D4D9-8FE0-4BAC-96FB-C53CD19A12A0} folder moved successfully.
C:\Users\wayne\AppData\Local\{06682C79-E43B-4380-86D2-64EF1A977AA7} folder moved successfully.
C:\Users\wayne\AppData\Local\{4AFC35F5-BD58-4F69-ACD8-024F8ACC1FC4} folder moved successfully.
C:\Users\wayne\AppData\Local\{186C8477-4DB4-41F9-8826-7D77AEE4B978} folder moved successfully.
C:\Users\wayne\AppData\Local\{CE448047-A405-4553-BA0C-6CDFAB51B310} folder moved successfully.
C:\Users\wayne\AppData\Local\{CA88D56D-CFEB-4699-944C-C93835F56733} folder moved successfully.
C:\Users\wayne\AppData\Local\{212FEE27-3ED1-4EC8-8100-1A625C857F5A} folder moved successfully.
C:\Users\wayne\AppData\Local\{B6EF899F-75F6-4F1E-BF08-F3E1E6559CA2} folder moved successfully.
C:\Users\wayne\AppData\Local\{89E08E25-42D2-4CA9-845D-36B416BBEBCD} folder moved successfully.
C:\Users\wayne\AppData\Local\{12BCC6B0-FE61-4787-A34C-C7ED954DECE8} folder moved successfully.
C:\Users\wayne\AppData\Local\{85C1EF2E-A855-41C2-9EFB-A25EF9F1896B} folder moved successfully.
C:\Users\wayne\AppData\Local\{D2CCD4D4-4BC3-47BA-A6A1-00733755B8FF} folder moved successfully.
C:\Users\wayne\AppData\Local\{43773920-BC0F-41E1-9E18-35C01A9140CC} folder moved successfully.
C:\Users\wayne\AppData\Local\{B9A75849-EECC-4E2C-85BB-8CF37E8CC9A3} folder moved successfully.
C:\Users\wayne\AppData\Local\{88FE27EE-07C7-4152-86FB-043689F1A98C} folder moved successfully.
C:\Users\wayne\AppData\Local\{7876936C-67F7-4A17-BE21-FED59764F164} folder moved successfully.
C:\Users\wayne\AppData\Local\{67D07EEA-58F0-4E3D-9085-DCBBC56BF107} folder moved successfully.
C:\Users\wayne\AppData\Local\{E2BECBF2-005E-4311-86E3-D057DAEAA0E0} folder moved successfully.
C:\Users\wayne\AppData\Local\{03F83BCE-CC3F-4B91-94BF-B9F0E160EBE9} folder moved successfully.
C:\Users\wayne\AppData\Local\{D4DAAD63-68C7-47E6-9795-CD61A9F98CAE} folder moved successfully.
C:\Users\wayne\AppData\Local\{C43657D6-073D-40C4-9A10-08B064F438BF} folder moved successfully.
C:\Users\wayne\AppData\Local\{7CF98B25-C4D0-4989-8BE3-50A7D7E63F4F} folder moved successfully.
C:\Users\wayne\AppData\Local\{ECDD0044-C8BA-43AA-8342-BE5461F3DB10} folder moved successfully.
C:\Users\wayne\AppData\Local\{733D6F99-FB1D-4A66-BDDA-DCD8396742D9} folder moved successfully.
C:\Users\wayne\AppData\Local\{68F85F1F-A76E-4A68-8367-C25E7A5AB48E} folder moved successfully.
C:\Users\wayne\AppData\Local\{4C8A1282-0728-4A18-AD60-761260C55587} folder moved successfully.
C:\Users\wayne\AppData\Local\{23B92FED-2991-4692-937B-AA0DE4819B86} folder moved successfully.
C:\Users\wayne\AppData\Local\{E1E548D2-BE96-4D41-8420-0CE615DFC6AE} folder moved successfully.
C:\Users\wayne\AppData\Local\{99CE1243-5BFC-449B-A4FD-462A1B4DB651} folder moved successfully.
C:\Users\wayne\AppData\Local\{DB605EEE-8511-430B-BA66-AFFD37D94594} folder moved successfully.
C:\Users\wayne\AppData\Local\{49C7BFD9-F604-458A-A782-47C0182640C0} folder moved successfully.
C:\Users\wayne\AppData\Local\{37234EEE-81ED-4BAD-9AD3-9FCF57FD4DAB} folder moved successfully.
C:\Users\wayne\AppData\Local\{3004EC6E-E49D-4D54-8727-EDC05F89235C} folder moved successfully.
C:\Users\wayne\AppData\Local\{9FC74787-96D7-4DC1-988E-1ACF87BBDFA3} folder moved successfully.
C:\Users\wayne\AppData\Local\{7CE3204B-CC09-454E-B642-0B084D487089} folder moved successfully.
C:\Users\wayne\AppData\Local\{3F74215C-E071-4B7A-956A-45235CEA1869} folder moved successfully.
C:\Users\wayne\AppData\Local\{D57EE211-4D7E-41F8-82E0-13E2C9635842} folder moved successfully.
C:\Users\wayne\AppData\Local\{3A57F86F-DE2C-47AF-9530-3747A17B3A79} folder moved successfully.
C:\Users\wayne\AppData\Local\{FACCE7B0-0D8C-4FB6-B8B5-D84181C04818} folder moved successfully.
C:\Users\wayne\AppData\Local\{034FEA1B-3A3C-4FB3-85C2-9DF0D148ECCD} folder moved successfully.
C:\Users\wayne\AppData\Local\{449265D4-BD1B-428E-A68B-58832B2ECC06} folder moved successfully.
C:\Users\wayne\AppData\Local\{7AA47A98-6079-4C7D-8757-D0001F126094} folder moved successfully.
C:\Users\wayne\AppData\Local\{8F48BAC4-94C1-4DBB-A675-A5E45E115A81} folder moved successfully.
C:\Users\wayne\AppData\Local\{A993C36D-4A52-4929-BA9D-1C101D3D5BB0} folder moved successfully.
C:\Users\wayne\AppData\Local\{88FEC390-B611-49B3-97C9-85E0801EFEAF} folder moved successfully.
C:\Users\wayne\AppData\Local\{386458F5-577A-4841-B68E-4DA95751B155} folder moved successfully.
C:\Users\wayne\AppData\Local\{5C3826E1-33AE-4E78-AD84-BF8BE2B5A785} folder moved successfully.
C:\Users\wayne\AppData\Roaming\Babylon folder moved successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 02072012_213016


----------



## kevinf80 (Mar 21, 2006)

You got the log from Malwarebytes?


----------



## waydown72 (Jan 16, 2011)

Here it is.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.07.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
wayne :: WAYNE-LAPTOP [administrator]

07/02/2012 22:00:07
mbam-log-2012-02-07 (22-00-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 181083
Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## kevinf80 (Mar 21, 2006)

You mentioned your PC sending emails, they will have come from your account, not your PC. Your email is web based so only the needs to be hacked. you should change passwords regularary and make them as complex as possible.

Read here http://www.microsoft.com/en-gb/security/online-privacy/passwords-create.aspx for information on how to set and use password safely.

How is your system responding, any issues or concerns. Run the following;

Download Security Check by screen317 from *HERE* or *HERE*.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Kevin


----------



## waydown72 (Jan 16, 2011)

Sorry for delay 
Here is the text as requested.

Results of screen317's Security Check version 0.99.30 
Windows 7 x64 (UAC is enabled) 
Internet Explorer 9 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
AVG Security Toolbar 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Java(TM) 6 Update 30 
Adobe Reader X (10.1.2) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
AVG avgwdsvc.exe 
AVG avgtray.exe 
*``````````End of Log````````````*

Hope that helps.
generaly running ok except for when it goes to sleep and i press a key to wake it up hours later it does freeze most the time. so i attempt task manager that can take a while for that to open so when it does i stop all tasks and then shutdown and reboot.


----------



## kevinf80 (Mar 21, 2006)

Run the following online AV scan, be aware this can take several hours to complete.

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Kevin


----------



## waydown72 (Jan 16, 2011)

Hi
I had problems with ESET, I ran it when i went to work and when i came back it had frozen at 31 percent, Showed the running time as 6 and half hours. With 3 threats found.
As follows - Scan stops at 31 percent and freezes.
says 3 infected files, 
win32/toolbar.searchsuite application
win32/toolbar.searchsuite application
win32/toolbar.searchsuite application


C;\Programfiles(x86)Windows ilivid toolbar Datamngr\datamngr.dll
C;\Programfiles(x86)Windows ilivid toolbar Datamngr\DnsBHO.dll
C;\Programfiles(x86)Windows ilivid toolbar Datamngr\IEBHO.dll

i had to turn my computer off by the power button.


----------



## kevinf80 (Mar 21, 2006)

OK do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

*Link 1*
*Link 2*


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available *Here* if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available *Here* if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read *Here* why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## waydown72 (Jan 16, 2011)

do i keep everything else that i have downloaded cause i have quite a few programs that you have asked me to download to desktop previously.

Wayne


----------



## kevinf80 (Mar 21, 2006)

Leave all tools exactly as they are, we`ll clean up at the end when we know all is OK.. Run CF and let me see the log..


----------



## waydown72 (Jan 16, 2011)

Hi Kevin,
I'm using AVG 2012 which is not listed. 
are there any differnces please.
Wayne


----------



## waydown72 (Jan 16, 2011)

thats the free AVG 2012 by the way. 
thanks
Wayne.


----------



## kevinf80 (Mar 21, 2006)

If you are having difficulty turning AVG OFF, UNinstall it until CF rhas completed. Use this to remove it:

Download *AppRemover* and save to your Desktop.

Double click the








icon to run the application. Vista or Windows 7 user right click and select Run as Administrator

Click Next >>










Ensure "Remove Security Application" is selected and click Next >>










AppRemover will scan all the security applications on your PC










Select Any AVG entries from the applications offered and click Next >> twice.










Follow any further on-screen instructions. If asked to reboot, please do so.

When Complete run Combofix as instructed.Let me see the log. When CF completes do this:

To keep safe when online you need a good *Antivirus/Antspyware/Antimalware/Anti-Rootkit* combination application. *Microsoft Security Essentials* covers all of those bases, but better still it is free. Go *Here* and hit the "Download free" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen.

Let me know if MSE finds anything..

Kevin


----------



## waydown72 (Jan 16, 2011)

ComboFix 12-03-04.02 - wayne 05/03/2012 20:45:07.2.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1979.1140 [GMT 0:00]
Running from: c:\users\wayne\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\windows\SysWow64\is-4F179.tmp
c:\windows\SysWow64\is-6AE7T.tmp
c:\windows\SysWow64\is-6C0H1.tmp
c:\windows\SysWow64\is-9NHAI.tmp
c:\windows\SysWow64\is-GLSQU.tmp
c:\windows\SysWow64\is-NG0AH.tmp
c:\windows\SysWow64\is-NPA8D.tmp
c:\windows\SysWow64\is-Q8FQ2.tmp
c:\windows\SysWow64\is-ROQKU.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 21:29 . 2012-03-05 21:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-28 03:23 . 2012-02-28 03:23	--------	d-----w-	c:\program files (x86)\Yontoo
2012-02-28 03:23 . 2012-02-28 03:23	237	----a-w-	C:\user.js
2012-02-28 03:23 . 2012-02-28 03:23	--------	d-----w-	c:\program files (x86)\BabylonToolbar
2012-02-28 03:22 . 2012-02-28 03:22	--------	d-----w-	c:\users\wayne\AppData\Roaming\Babylon
2012-02-28 03:22 . 2012-02-28 03:24	--------	d-----w-	c:\program files (x86)\1ClickDownload
2012-02-20 23:53 . 2012-02-20 23:53	--------	d-----w-	c:\program files (x86)\ESET
2012-02-15 15:16 . 2011-12-28 03:59	498688	----a-w-	c:\windows\system32\drivers\afd.sys
2012-02-15 15:16 . 2012-01-14 04:06	3145728	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 15:16 . 2011-12-30 06:26	515584	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 15:16 . 2011-12-30 05:27	478720	----a-w-	c:\windows\SysWow64\timedate.cpl
2012-02-15 15:16 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 15:16 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-02-15 15:16 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 15:16 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-02-07 21:59 . 2012-02-07 21:59	--------	d-----w-	c:\users\wayne\AppData\Roaming\Malwarebytes
2012-02-07 21:58 . 2012-02-07 21:58	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-07 21:58 . 2011-12-10 15:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-07 21:30 . 2012-02-07 21:30	--------	d-----w-	C:\_OTL
2012-02-07 04:45 . 2012-02-07 21:58	--------	d-----w-	C:\desktop
2012-02-07 04:45 . 2012-02-07 04:45	388096	----a-r-	c:\users\wayne\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-06 03:38 . 2012-03-05 20:36	--------	d-----w-	c:\users\wayne\AppData\Local\Htc
2012-02-06 03:38 . 2012-02-06 03:38	--------	d-----w-	c:\users\wayne\AppData\Roaming\HTC
2012-02-06 03:36 . 2012-02-06 03:36	--------	d-----w-	c:\users\wayne\AppData\Local\Downloaded Installations
2012-02-06 03:35 . 2012-02-06 03:35	--------	d-----w-	c:\program files (x86)\Spirent Communications
2012-02-06 03:35 . 2012-02-06 03:38	--------	d-----w-	c:\program files (x86)\HTC
2012-02-06 03:34 . 2012-02-06 03:34	--------	d-----w-	c:\program files (x86)\MSXML 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 03:33 . 2011-07-15 10:33	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 02:10 . 2011-07-16 04:13	2301208	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-02-17 02:09 . 2011-07-16 04:12	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-02-17 02:09 . 2011-08-14 06:02	710992	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-07 20:37 . 2011-08-14 06:02	2301208	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-07 20:37 . 2011-08-14 06:02	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-28 20:20 . 2011-07-16 04:12	710992	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-20 23:49 . 2011-07-19 18:53	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-12-19 14:42	1574240	----a-w-	c:\program files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll" [2011-12-19 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-29 600936]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 60464]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2011-12-19 892768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
.
c:\users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe [2011-9-8 510920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-09-08 117248]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S2 OrangeMobileBroadband_Service;OrangeMobileBroadband_Service;c:\program files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe [2011-06-02 334792]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [2011-12-19 869216]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-08 91136]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-08 85504]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 19:38	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-12 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-06 6489704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=109217&babsrc=HP_ss&mntrId=861e3a0c0000000000001c659d81fd5f
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11b_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-03-05 21:38:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 21:38
.
Pre-Run: 183,329,333,248 bytes free
Post-Run: 183,297,769,472 bytes free
.
- - End Of File - - 226902A7AE5924A2A4FE8D102A3750A5

hope this is ok.
Wayne.


----------



## kevinf80 (Mar 21, 2006)

Thanks for the log, do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
KillAll::
ClearJavaCache::

File::
C:\user.js
Folder::
c:\program files (x86)\Yontoo
c:\program files (x86)\BabylonToolbar
c:\users\wayne\AppData\Roaming\Babylon
RegLock::
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\ UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserC hoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\User Choice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariext z\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\Use rChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchiv e\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserC hoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\Use rChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-1590070460-992186472-1229105783-1002)
"Progid"="SafariHTML"
[HKEY_USERS\S-1-5-21-1590070460-992186472-1229105783-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserC hoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Next,

If you already have Malwarebytes just update and run as per instructions, no need to re-download...








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me see the logs from Combofix and Malwarebytes, also give an update on issues or concerns....

Kevin


----------



## waydown72 (Jan 16, 2011)

Hi,
I copied the text code CFScript.txt to notepad then draged it onto combofix it scanned but did not produce a log report.
I disabled the antivirus program. Should i have turned off my windows firewall aswell. 
Many thanks,
Wayne.


----------



## kevinf80 (Mar 21, 2006)

The log will be here *C:\Combofix.txt* Navaigate start > computer > C:\ > scroll down and look for *C:\Combofix.txt*

Also run Malwarebytes and post that log too...


----------



## waydown72 (Jan 16, 2011)

Says windows cant find C:\Combofix.txt
doing malwarebytes now


----------



## kevinf80 (Mar 21, 2006)

OK let me see the log from Malwarebytes when you`re ready, also run this:

Please download *OTM by OldTimer*.
*Alternative Mirror 1*
*Alternative Mirror 2* 
Save it to your desktop. 
Double click *OTM.exe* to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....

*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Files
ipconfig /flushdns /c
C:\user.js
c:\program files (x86)\Yontoo
c:\program files (x86)\BabylonToolbar
c:\users\wayne\AppData\Roaming\Babylon
:Commands
[EmptyTemp]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see that log....


----------



## waydown72 (Jan 16, 2011)

Heres the malwarebytes log

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.06.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
wayne :: WAYNE-LAPTOP [administrator]

06/03/2012 21:50:39
mbam-log-2012-03-06 (21-50-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189672
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


----------



## waydown72 (Jan 16, 2011)

OTM log.

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\wayne\Desktop\cmd.bat deleted successfully.
C:\Users\wayne\Desktop\cmd.txt deleted successfully.
File/Folder C:\user.js not found.
File/Folder c:\program files (x86)\Yontoo not found.
File/Folder c:\program files (x86)\BabylonToolbar not found.
File/Folder c:\users\wayne\AppData\Roaming\Babylon not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: wayne
->Temp folder emptied: 22560 bytes
->Temporary Internet Files folder emptied: 57230212 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 386359803 bytes
->Google Chrome cache emptied: 6433121 bytes
->Apple Safari cache emptied: 182413312 bytes
->Flash cache emptied: 134877 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1635553 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 605.00 mb

OTM by OldTimer - Version 3.1.19.0 log created on 03072012_001302

Files moved on Reboot...
C:\Users\wayne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...


----------



## kevinf80 (Mar 21, 2006)

OTM log suggests that Combofix script run was successful, not sure why it did not produce a log for us. 

How is your system responding, any issues, concerns or general questions....

Kevin


----------



## waydown72 (Jan 16, 2011)

It still freezes on on the odd occasion, so i have to turn it off via holding down the power button and when that happens it starts in safe mode.


----------



## kevinf80 (Mar 21, 2006)

OK, try this online Quickscan by BitDefender, available here http://quickscan.bitdefender.com/# hit the Scan Now tab, when finished there is an option to "view report" do that, copy and paste to next reply....

Kevin


----------



## waydown72 (Jan 16, 2011)

It says that. "QuickScan is not compatible with your device."


----------



## kevinf80 (Mar 21, 2006)

Run this:

Download *OTL* to your desktop.
*Alternative Link 1*
*Alternative Link 2*
*Alternative Link3*

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
•	Please check the box next to "LOP check" and "Purtiy check"
•	Click *Run Scan* and let the program run uninterrupted.
•	When the scan is complete, two text files will be created on your Desktop.
•	*OTL.Txt* <- this one will be opened
•	*Extras.txt* <- this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.


----------



## waydown72 (Jan 16, 2011)

otl text report.-

OTL logfile created on: 3/19/2012 10:34:59 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\wayne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.93% Memory free
3.87 Gb Paging File | 2.28 Gb Available in Paging File | 58.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.63 Gb Total Space | 176.17 Gb Free Space | 80.58% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.30 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.09 Mb Free Space | 95.88% Space Free | Partition Type: FAT32

Computer Name: WAYNE-LAPTOP | User Name: wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 13:06:02 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 13:06:00 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2012/03/07 19:15:46 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2012/02/07 13:12:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\wayne\Desktop\OTL.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/06/02 00:40:49 | 000,334,792 | ---- | M] () -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
PRC - [2011/06/02 00:40:28 | 000,510,920 | ---- | M] () -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/01/17 18:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

========== Modules (No Company Name) ==========

MOD - [2012/03/12 13:06:00 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/03/07 19:15:56 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
MOD - [2012/03/07 19:15:36 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
MOD - [2012/03/07 19:15:36 | 000,224,104 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxslt.dll
MOD - [2012/02/18 03:33:41 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/15 16:26:54 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/15 16:25:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 16:25:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 16:25:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/10/13 11:37:06 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/19 20:23:12 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/02 00:40:28 | 000,510,920 | ---- | M] () -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/22 19:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 19:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 19:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2010/06/24 14:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:*64bit:* - [2010/01/18 23:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:*64bit:* - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/03/12 13:06:02 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/02 00:40:49 | 000,334,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe -- (OrangeMobileBroadband_Service)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 18:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 19:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2011/10/01 01:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2011/09/08 13:15:08 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:*64bit:* - [2011/09/08 13:15:08 | 000,091,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:*64bit:* - [2011/09/08 13:15:08 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:*64bit:* - [2011/09/08 00:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:*64bit:* - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2011/04/01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:*64bit:* - [2011/04/01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2010/08/02 11:14:48 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:*64bit:* - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:*64bit:* - [2010/04/13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/03/05 19:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:*64bit:* - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:*64bit:* - [2009/09/23 01:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:*64bit:* - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:*64bit:* - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:*64bit:* - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:*64bit:* - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/08 13:15:08 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/09/08 13:15:08 | 000,091,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/09/08 13:15:08 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2009/09/23 01:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109217&babsrc=HP_ss&mntrId=861e3a0c0000000000001c659d81fd5f
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.hotmail.co.uk/"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e224a9f&v=7.008.031.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 0

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 13:06:13 | 000,000,000 | ---D | M]

[2011/07/15 02:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wayne\AppData\Roaming\Mozilla\Extensions
[2011/10/18 03:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\extensions
[2011/09/22 14:34:45 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/13 00:56:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\extensions\[email protected]
[2011/09/27 14:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/19 20:20:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/19 18:53:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
() (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I47DLX98.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/03/06 14:23:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254E0A9-0D93-4F95-B582-FF7FD032CE0E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797F4521-A23C-4937-99E5-6705B2879883}: DhcpNameServer = 192.168.0.1
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 22:04:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/18 04:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/18 04:01:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/18 04:01:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/18 04:01:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/14 12:26:29 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 12:26:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 12:26:27 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 03:38:18 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 03:33:32 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 03:33:31 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 03:33:30 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 03:33:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 03:33:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/07 00:13:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/03/07 00:09:37 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\wayne\Desktop\OTM.exe
[2012/03/06 21:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/06 21:48:29 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/06 21:42:41 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\wayne\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/06 14:37:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 14:11:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/06 13:58:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/05 23:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/05 23:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/05 23:20:05 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Users\wayne\Desktop\mseinstall.exe
[2012/03/05 20:13:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/05 20:13:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/05 20:13:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/05 20:12:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 20:12:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/05 19:49:55 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\wayne\Desktop\ComboFix.exe
[2012/03/05 18:59:30 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Users\wayne\Desktop\AppRemover.exe
[2012/03/05 16:52:30 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D9738B5F-2EA7-4135-A78A-FC2319CFF69D}
[2012/03/05 04:52:21 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{C523EA86-AC1A-4FB7-AF21-CF2496EAC2BB}
[2012/03/04 16:52:12 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{EF7F3201-ED29-4E04-9C90-8D0ADC96DF06}
[2012/03/04 04:52:05 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{A54EAC59-FF23-496C-8D6B-6BF9ED349B70}
[2012/03/03 16:51:55 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{EA74EB7E-EAAF-4833-ABEF-BFDF33164D37}
[2012/03/03 04:51:51 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{E5A4248D-BF54-49CE-847B-4BF830DC1200}
[2012/03/02 16:51:31 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{014D32E1-CE13-41D4-83ED-3FC1C364C416}
[2012/03/02 04:51:20 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{96850ED5-D49D-42A0-989F-D230279114E6}
[2012/03/02 04:51:15 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{CC018FF4-8CFC-4D5E-84DE-FF980F1A72AC}
[2012/03/01 16:50:39 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D8FC6E18-1F99-4476-A44F-774A46451B06}
[2012/03/01 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{1EFD6269-076F-4B5B-815D-F21626AA8D1B}
[2012/03/01 14:06:28 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3BCF3F85-31D7-4F15-8F1D-0A7F0292BE2A}
[2012/03/01 14:02:33 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3F28F4E2-54C3-40F8-9294-185950A756C1}
[2012/02/29 23:31:34 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{0EF10DC0-D6ED-4EA6-A4B5-75084C4AA7EA}
[2012/02/29 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4079E3B5-97C3-47A0-8CF3-99E67F2C761B}
[2012/02/29 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{10489F3E-7847-4B08-A41A-AD63CA5981FE}
[2012/02/29 11:15:46 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{6F090EB3-56DA-4093-8AA6-2326A3858E9B}
[2012/02/28 14:18:54 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{DAC206E4-06CA-4DB8-B5CB-64982BAC32C6}
[2012/02/28 14:18:42 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{7C48A2DB-BCD5-4222-86E4-2E2317FDD66A}
[2012/02/28 03:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/02/27 18:47:49 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{2546E067-EB59-4AC9-97A1-A28F60A2E265}
[2012/02/27 06:47:19 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4B1FF45C-758B-4C67-B33D-40C35A595789}
[2012/02/27 06:47:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{A5C734A6-10BC-46CC-91CA-CB3D81591AC4}
[2012/02/26 16:25:32 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{6E01871F-F972-4A1A-B1C8-15C1DCFE5042}
[2012/02/26 04:25:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{422B7785-614C-412C-834B-923F92458C6D}
[2012/02/25 16:24:43 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{C069A079-4B17-4A07-93B6-CDF3CFFDF245}
[2012/02/25 04:24:15 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{B95BEE17-0EAA-4D96-9921-7332D17B7FD7}
[2012/02/25 04:20:30 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{CBEA724F-0D71-467E-AB04-B47335E8943E}
[2012/02/24 16:19:56 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{9E34A5FA-A65C-417A-A13F-9F87FAA8C96D}
[2012/02/24 16:19:44 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{5600042C-7B45-4AE4-A0A6-8A95E5776D30}
[2012/02/23 15:35:57 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4C7E651E-445D-4831-8AC1-9FB27BDAB887}
[2012/02/23 01:49:17 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3B503E89-2C35-45C4-BDD5-CE26945261CA}
[2012/02/23 01:49:06 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{66F22BE3-CA99-4F3E-A31E-FB4E0066FB01}
[2012/02/22 12:54:12 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{EABA2641-A80D-4857-9224-83933E9A6B40}
[2012/02/22 12:54:00 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{1318159B-09E7-4AB1-A28F-79D479467AE0}
[2012/02/21 21:40:56 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{00F0E1CD-D06D-43A8-B4B2-87E4E95B9487}
[2012/02/21 21:40:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{913C48C0-5F01-4F63-9253-7D337C748B89}
[2012/02/21 09:40:18 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{11601893-02EB-47FD-808A-88E179ECA2FD}
[2012/02/21 09:40:06 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{878CEA58-F2AB-4CE4-AC39-1BCF273BA877}
[2012/02/20 23:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/20 11:25:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{449293B8-0D13-41CF-8852-130CC1335DF7}
[2012/02/20 11:24:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{FC2D112D-6E21-413E-BCC4-7761B743ECED}
[2012/02/19 09:53:10 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{B327D4C3-FF34-4A24-9F7D-0B645384C7F1}

========== Files - Modified Within 30 Days ==========

[2012/03/19 20:28:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 20:28:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 20:25:18 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/19 20:25:18 | 000,631,002 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/19 20:25:18 | 000,112,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/19 20:21:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 20:20:54 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 14:34:20 | 000,047,864 | ---- | M] () -- C:\Users\wayne\Documents\free pool.odg
[2012/03/18 22:04:54 | 000,002,515 | ---- | M] () -- C:\Users\wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/18 22:04:54 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/18 04:01:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/18 04:01:35 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/18 04:01:35 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/18 04:01:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/16 21:23:28 | 000,069,782 | ---- | M] () -- C:\Users\wayne\Documents\Marchbrandnewwayne.mmp
[2012/03/16 20:46:51 | 000,012,965 | ---- | M] () -- C:\Users\wayne\Desktop\weekly tally sheet.ods
[2012/03/14 12:30:35 | 004,987,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 01:42:58 | 000,062,950 | ---- | M] () -- C:\Users\wayne\Documents\bank holiday sunday.mmp
[2012/03/08 06:43:07 | 000,026,590 | -HS- | M] () -- C:\Users\wayne\Desktop\Folder.jpg
[2012/03/08 06:43:05 | 000,005,768 | -HS- | M] () -- C:\Users\wayne\Desktop\AlbumArtSmall.jpg
[2012/03/08 03:28:56 | 000,013,644 | -HS- | M] () -- C:\Users\wayne\Desktop\AlbumArt_{4E690B8A-4DCE-4496-B558-84F141699886}_Large.jpg
[2012/03/08 03:28:55 | 000,003,268 | -HS- | M] () -- C:\Users\wayne\Desktop\AlbumArt_{4E690B8A-4DCE-4496-B558-84F141699886}_Small.jpg
[2012/03/07 00:09:39 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\wayne\Desktop\OTM.exe
[2012/03/06 21:48:31 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 21:43:11 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\wayne\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/06 14:23:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/05 23:22:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/05 23:22:30 | 000,735,726 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/05 23:20:28 | 010,165,440 | ---- | M] (Microsoft Corporation) -- C:\Users\wayne\Desktop\mseinstall.exe
[2012/03/05 19:50:09 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\wayne\Desktop\ComboFix.exe
[2012/03/05 19:00:04 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\wayne\Desktop\AppRemover.exe
[2012/03/03 17:20:03 | 000,067,296 | ---- | M] () -- C:\Users\wayne\Documents\feb2012.mmp
[2012/03/01 16:54:00 | 000,058,272 | ---- | M] () -- C:\Users\wayne\Documents\steve work confirmation.odt
[2012/03/01 16:53:54 | 000,033,793 | ---- | M] () -- C:\Users\wayne\Documents\ineson inside out quote.odt
[2012/03/01 14:30:14 | 000,030,441 | ---- | M] () -- C:\Users\wayne\Desktop\dbs header.jpg
[2012/02/29 18:00:29 | 000,058,692 | ---- | M] () -- C:\Users\wayne\Documents\letter to tenants.odt
[2012/02/29 17:10:21 | 000,001,589 | ---- | M] () -- C:\Users\wayne\Desktop\esetsmartinstaller_enu - Shortcut.lnk
[2012/02/28 15:29:03 | 000,107,362 | ---- | M] () -- C:\Users\wayne\Documents\jagerbombs.odg
[2012/02/27 15:22:21 | 000,062,214 | ---- | M] () -- C:\Users\wayne\Documents\2012 cocktails tent cards.odg
[2012/02/27 12:34:54 | 001,728,153 | ---- | M] () -- C:\Users\wayne\Documents\2012 Happy hour poster.odg
[2012/02/24 16:32:43 | 000,072,203 | ---- | M] () -- C:\Users\wayne\Documents\2012 cocktail poster.odg
[2012/02/21 16:06:25 | 000,036,552 | ---- | M] () -- C:\Users\wayne\Documents\birthday poster.odg
[2012/02/20 23:39:37 | 000,070,152 | ---- | M] () -- C:\Users\wayne\Documents\new dbs posters.odg
[2012/02/20 16:50:53 | 000,001,463 | ---- | M] () -- C:\Users\wayne\Desktop\grngg81v - Shortcut.lnk
[2012/02/20 16:50:53 | 000,001,416 | ---- | M] () -- C:\Users\wayne\Desktop\dds - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/03/18 23:20:29 | 000,047,864 | ---- | C] () -- C:\Users\wayne\Documents\free pool.odg
[2012/03/16 20:46:50 | 000,012,965 | ---- | C] () -- C:\Users\wayne\Desktop\weekly tally sheet.ods
[2012/03/16 17:20:43 | 000,069,782 | ---- | C] () -- C:\Users\wayne\Documents\Marchbrandnewwayne.mmp
[2012/03/08 03:28:56 | 000,013,644 | -HS- | C] () -- C:\Users\wayne\Desktop\AlbumArt_{4E690B8A-4DCE-4496-B558-84F141699886}_Large.jpg
[2012/03/08 03:28:56 | 000,003,268 | -HS- | C] () -- C:\Users\wayne\Desktop\AlbumArt_{4E690B8A-4DCE-4496-B558-84F141699886}_Small.jpg
[2012/03/06 21:48:31 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 23:22:47 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/05 23:22:30 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/05 23:22:25 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/05 20:13:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/05 20:13:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/05 20:13:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/05 20:13:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/05 20:13:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/01 15:08:50 | 000,058,272 | ---- | C] () -- C:\Users\wayne\Documents\steve work confirmation.odt
[2012/02/29 22:12:55 | 000,033,793 | ---- | C] () -- C:\Users\wayne\Documents\ineson inside out quote.odt
[2012/02/29 20:55:24 | 000,026,590 | -HS- | C] () -- C:\Users\wayne\Desktop\Folder.jpg
[2012/02/29 20:55:24 | 000,005,768 | -HS- | C] () -- C:\Users\wayne\Desktop\AlbumArtSmall.jpg
[2012/02/29 18:00:28 | 000,058,692 | ---- | C] () -- C:\Users\wayne\Documents\letter to tenants.odt
[2012/02/29 17:06:38 | 000,030,441 | ---- | C] () -- C:\Users\wayne\Desktop\dbs header.jpg
[2012/02/28 15:29:01 | 000,107,362 | ---- | C] () -- C:\Users\wayne\Documents\jagerbombs.odg
[2012/02/27 13:41:30 | 000,062,214 | ---- | C] () -- C:\Users\wayne\Documents\2012 cocktails tent cards.odg
[2012/02/23 18:23:58 | 001,728,153 | ---- | C] () -- C:\Users\wayne\Documents\2012 Happy hour poster.odg
[2012/02/22 16:23:46 | 000,072,203 | ---- | C] () -- C:\Users\wayne\Documents\2012 cocktail poster.odg
[2012/02/20 23:53:21 | 000,001,589 | ---- | C] () -- C:\Users\wayne\Desktop\esetsmartinstaller_enu - Shortcut.lnk
[2012/02/20 17:21:22 | 000,036,552 | ---- | C] () -- C:\Users\wayne\Documents\birthday poster.odg
[2011/11/23 01:09:06 | 000,005,632 | ---- | C] () -- C:\Users\wayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:05:44 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/17 14:05:44 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011/07/17 13:57:07 | 000,000,118 | ---- | C] () -- C:\Users\wayne\AppData\Roaming\wklnhst.dat
[2011/07/15 02:47:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/11/11 08:32:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/11/11 08:29:20 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/11 08:29:20 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/27 02:41:38 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/03/05 19:57:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/03/05 19:57:02 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/03/05 19:56:58 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/09/29 22:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 21:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004/06/06 11:53:42 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2004/06/05 11:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2004/01/27 12:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2001/09/17 12:20:02 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll

========== LOP Check ==========

[2012/01/13 17:08:29 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Amazon
[2011/07/18 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/01 15:40:47 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\DVDVideoSoft
[2012/02/06 03:38:54 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\HTC
[2012/02/06 14:30:29 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/07/25 01:37:20 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Leadertech
[2011/07/16 12:20:25 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\NCH Swift Sound
[2011/07/19 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\OpenOffice.org
[2012/02/14 16:59:51 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\OrangeMobileBroadband
[2011/07/14 16:32:39 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Serif
[2011/07/17 13:57:25 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Template
[2012/03/19 20:19:24 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\uTorrent
[2011/09/08 13:29:49 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\WildTangent
[2011/08/01 17:46:54 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Windows Live Writer
[2011/07/15 02:46:57 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\_MDLogs
[2011/12/30 16:40:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

It did not produce another text which was minimized.
Hope this helps.
The OTL program was already on my desk top due to us using it recently.

Wayne


----------



## waydown72 (Jan 16, 2011)

otl text report.-

OTL logfile created on: 3/19/2012 10:34:59 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\wayne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.93 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.93% Memory free
3.87 Gb Paging File | 2.28 Gb Available in Paging File | 58.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.63 Gb Total Space | 176.17 Gb Free Space | 80.58% Space Free | Partition Type: NTFS
Drive D: | 13.96 Gb Total Space | 2.30 Gb Free Space | 16.48% Space Free | Partition Type: NTFS
Drive E: | 99.18 Mb Total Space | 95.09 Mb Free Space | 95.88% Space Free | Partition Type: FAT32

Computer Name: WAYNE-LAPTOP | User Name: wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/12 13:06:02 | 000,918,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 13:06:00 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/03/08 16:30:50 | 002,388,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2012/03/07 19:15:46 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
PRC - [2012/02/07 13:12:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\wayne\Desktop\OTL.exe
PRC - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/06/02 00:40:49 | 000,334,792 | ---- | M] () -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe
PRC - [2011/06/02 00:40:28 | 000,510,920 | ---- | M] () -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/01/17 18:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

========== Modules (No Company Name) ==========

MOD - [2012/03/12 13:06:00 | 000,982,880 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/03/07 19:15:56 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
MOD - [2012/03/07 19:15:36 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
MOD - [2012/03/07 19:15:36 | 000,224,104 | ---- | M] () -- C:\Program Files (x86)\Safari\Apple Application Support\libxslt.dll
MOD - [2012/02/18 03:33:41 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/15 16:26:54 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012/02/15 16:25:47 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 16:25:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 16:25:39 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/12/20 13:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 13:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 13:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 13:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 13:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 13:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 13:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 13:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 13:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/10/13 11:37:06 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/19 20:23:12 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/02 00:40:28 | 000,510,920 | ---- | M] () -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Launcher.exe
MOD - [2010/11/05 01:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/22 19:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 19:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 19:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2010/06/24 14:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:*64bit:* - [2010/01/18 23:04:08 | 000,020,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV:*64bit:* - [2009/11/17 17:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2012/03/12 13:06:02 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/01/03 13:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/09/15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/06/02 00:40:49 | 000,334,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OrangeMobileBroadband\OrangeMobileBroadband_Service.exe -- (OrangeMobileBroadband_Service)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/04 18:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/22 19:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2011/10/01 01:16:50 | 000,393,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:*64bit:* - [2011/09/08 13:15:08 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:*64bit:* - [2011/09/08 13:15:08 | 000,091,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:*64bit:* - [2011/09/08 13:15:08 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:*64bit:* - [2011/09/08 00:46:56 | 001,225,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:*64bit:* - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2011/04/01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:*64bit:* - [2011/04/01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2010/08/02 11:14:48 | 000,032,880 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:*64bit:* - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:*64bit:* - [2010/04/13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/03/05 19:57:18 | 000,144,896 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:*64bit:* - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:*64bit:* - [2009/09/23 01:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:*64bit:* - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 21:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:*64bit:* - [2009/06/10 21:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:*64bit:* - [2009/06/10 21:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:*64bit:* - [2009/06/10 20:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:*64bit:* - [2009/06/10 20:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:*64bit:* - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/09/08 13:15:08 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/09/08 13:15:08 | 000,091,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011/09/08 13:15:08 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2009/09/23 01:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQNOT/2

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109217&babsrc=HP_ss&mntrId=861e3a0c0000000000001c659d81fd5f
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.hotmail.co.uk/"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e224a9f&v=7.008.031.001&i=23&tp=ab&iy=&ychte=uk&lng=en-GB&q="
FF - prefs.js..network.proxy.type: 0

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 13:06:13 | 000,000,000 | ---D | M]

[2011/07/15 02:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wayne\AppData\Roaming\Mozilla\Extensions
[2011/10/18 03:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\extensions
[2011/09/22 14:34:45 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/13 00:56:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\extensions\[email protected]
[2011/09/27 14:09:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/19 20:20:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/19 18:53:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
File not found (No name found) -- C:\PROGRAM FILES (X86)\AVG\AVG10\TOOLBAR\FIREFOX\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\WINDOWS ILIVID TOOLBAR\DATAMNGR\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
() (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I47DLX98.DEFAULT\EXTENSIONS\{D47A9F51-8281-43FA-F450-F28EF8735E9A}.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/03/06 14:23:07 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:*64bit:* - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - Startup: C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254E0A9-0D93-4F95-B582-FF7FD032CE0E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{797F4521-A23C-4937-99E5-6705B2879883}: DhcpNameServer = 192.168.0.1
O18:*64bit:* - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:*64bit:* - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = ComFile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/18 22:04:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/18 04:02:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/18 04:01:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/18 04:01:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/18 04:01:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/14 12:26:29 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/14 12:26:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/14 12:26:27 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 03:38:18 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 03:33:32 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 03:33:31 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 03:33:30 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 03:33:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 03:33:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/07 00:13:02 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/03/07 00:09:37 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\wayne\Desktop\OTM.exe
[2012/03/06 21:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/06 21:48:29 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/06 21:42:41 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\wayne\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/06 14:37:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 14:11:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/06 13:58:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/05 23:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/05 23:22:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/05 23:20:05 | 010,165,440 | ---- | C] (Microsoft Corporation) -- C:\Users\wayne\Desktop\mseinstall.exe
[2012/03/05 20:13:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/05 20:13:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/05 20:13:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/05 20:12:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 20:12:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/05 19:49:55 | 004,427,148 | R--- | C] (Swearware) -- C:\Users\wayne\Desktop\ComboFix.exe
[2012/03/05 18:59:30 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Users\wayne\Desktop\AppRemover.exe
[2012/03/05 16:52:30 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D9738B5F-2EA7-4135-A78A-FC2319CFF69D}
[2012/03/05 04:52:21 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{C523EA86-AC1A-4FB7-AF21-CF2496EAC2BB}
[2012/03/04 16:52:12 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{EF7F3201-ED29-4E04-9C90-8D0ADC96DF06}
[2012/03/04 04:52:05 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{A54EAC59-FF23-496C-8D6B-6BF9ED349B70}
[2012/03/03 16:51:55 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{EA74EB7E-EAAF-4833-ABEF-BFDF33164D37}
[2012/03/03 04:51:51 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{E5A4248D-BF54-49CE-847B-4BF830DC1200}
[2012/03/02 16:51:31 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{014D32E1-CE13-41D4-83ED-3FC1C364C416}
[2012/03/02 04:51:20 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{96850ED5-D49D-42A0-989F-D230279114E6}
[2012/03/02 04:51:15 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{CC018FF4-8CFC-4D5E-84DE-FF980F1A72AC}
[2012/03/01 16:50:39 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D8FC6E18-1F99-4476-A44F-774A46451B06}
[2012/03/01 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{1EFD6269-076F-4B5B-815D-F21626AA8D1B}
[2012/03/01 14:06:28 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3BCF3F85-31D7-4F15-8F1D-0A7F0292BE2A}
[2012/03/01 14:02:33 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3F28F4E2-54C3-40F8-9294-185950A756C1}
[2012/02/29 23:31:34 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{0EF10DC0-D6ED-4EA6-A4B5-75084C4AA7EA}
[2012/02/29 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4079E3B5-97C3-47A0-8CF3-99E67F2C761B}
[2012/02/29 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{10489F3E-7847-4B08-A41A-AD63CA5981FE}
[2012/02/29 11:15:46 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{6F090EB3-56DA-4093-8AA6-2326A3858E9B}
[2012/02/28 14:18:54 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{DAC206E4-06CA-4DB8-B5CB-64982BAC32C6}
[2012/02/28 14:18:42 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{7C48A2DB-BCD5-4222-86E4-2E2317FDD66A}
[2012/02/28 03:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[2012/02/27 18:47:49 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{2546E067-EB59-4AC9-97A1-A28F60A2E265}
[2012/02/27 06:47:19 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4B1FF45C-758B-4C67-B33D-40C35A595789}
[2012/02/27 06:47:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{A5C734A6-10BC-46CC-91CA-CB3D81591AC4}
[2012/02/26 16:25:32 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{6E01871F-F972-4A1A-B1C8-15C1DCFE5042}
[2012/02/26 04:25:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{422B7785-614C-412C-834B-923F92458C6D}
[2012/02/25 16:24:43 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{C069A079-4B17-4A07-93B6-CDF3CFFDF245}
[2012/02/25 04:24:15 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{B95BEE17-0EAA-4D96-9921-7332D17B7FD7}
[2012/02/25 04:20:30 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{CBEA724F-0D71-467E-AB04-B47335E8943E}
[2012/02/24 16:19:56 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{9E34A5FA-A65C-417A-A13F-9F87FAA8C96D}
[2012/02/24 16:19:44 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{5600042C-7B45-4AE4-A0A6-8A95E5776D30}
[2012/02/23 15:35:57 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4C7E651E-445D-4831-8AC1-9FB27BDAB887}
[2012/02/23 01:49:17 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3B503E89-2C35-45C4-BDD5-CE26945261CA}
[2012/02/23 01:49:06 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{66F22BE3-CA99-4F3E-A31E-FB4E0066FB01}
[2012/02/22 12:54:12 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{EABA2641-A80D-4857-9224-83933E9A6B40}
[2012/02/22 12:54:00 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{1318159B-09E7-4AB1-A28F-79D479467AE0}
[2012/02/21 21:40:56 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{00F0E1CD-D06D-43A8-B4B2-87E4E95B9487}
[2012/02/21 21:40:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{913C48C0-5F01-4F63-9253-7D337C748B89}
[2012/02/21 09:40:18 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{11601893-02EB-47FD-808A-88E179ECA2FD}
[2012/02/21 09:40:06 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{878CEA58-F2AB-4CE4-AC39-1BCF273BA877}
[2012/02/20 23:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/20 11:25:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{449293B8-0D13-41CF-8852-130CC1335DF7}
[2012/02/20 11:24:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{FC2D112D-6E21-413E-BCC4-7761B743ECED}
[2012/02/19 09:53:10 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{B327D4C3-FF34-4A24-9F7D-0B645384C7F1}

========== Files - Modified Within 30 Days ==========

[2012/03/19 20:28:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 20:28:17 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/19 20:25:18 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/19 20:25:18 | 000,631,002 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/19 20:25:18 | 000,112,054 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/19 20:21:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/19 20:20:54 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/19 14:34:20 | 000,047,864 | ---- | M] () -- C:\Users\wayne\Documents\free pool.odg
[2012/03/18 22:04:54 | 000,002,515 | ---- | M] () -- C:\Users\wayne\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/03/18 22:04:54 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/03/18 04:01:35 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/18 04:01:35 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/18 04:01:35 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/18 04:01:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/16 21:23:28 | 000,069,782 | ---- | M] () -- C:\Users\wayne\Documents\Marchbrandnewwayne.mmp
[2012/03/16 20:46:51 | 000,012,965 | ---- | M] () -- C:\Users\wayne\Desktop\weekly tally sheet.ods
[2012/03/14 12:30:35 | 004,987,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 01:42:58 | 000,062,950 | ---- | M] () -- C:\Users\wayne\Documents\bank holiday sunday.mmp
[2012/03/08 06:43:07 | 000,026,590 | -HS- | M] () -- C:\Users\wayne\Desktop\Folder.jpg
[2012/03/08 06:43:05 | 000,005,768 | -HS- | M] () -- C:\Users\wayne\Desktop\AlbumArtSmall.jpg
[2012/03/08 03:28:56 | 000,013,644 | -HS- | M] () -- C:\Users\wayne\Desktop\AlbumArt_{4E690B8A-4DCE-4496-B558-84F141699886}_Large.jpg
[2012/03/08 03:28:55 | 000,003,268 | -HS- | M] () -- C:\Users\wayne\Desktop\AlbumArt_{4E690B8A-4DCE-4496-B558-84F141699886}_Small.jpg
[2012/03/07 00:09:39 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\wayne\Desktop\OTM.exe
[2012/03/06 21:48:31 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 21:43:11 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\wayne\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/06 14:23:07 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/05 23:22:47 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/05 23:22:30 | 000,735,726 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/05 23:20:28 | 010,165,440 | ---- | M] (Microsoft Corporation) -- C:\Users\wayne\Desktop\mseinstall.exe
[2012/03/05 19:50:09 | 004,427,148 | R--- | M] (Swearware) -- C:\Users\wayne\Desktop\ComboFix.exe
[2012/03/05 19:00:04 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Users\wayne\Desktop\AppRemover.exe
[2012/03/03 17:20:03 | 000,067,296 | ---- | M] () -- C:\Users\wayne\Documents\feb2012.mmp
[2012/03/01 16:54:00 | 000,058,272 | ---- | M] () -- C:\Users\wayne\Documents\steve work confirmation.odt
[2012/03/01 16:53:54 | 000,033,793 | ---- | M] () -- C:\Users\wayne\Documents\ineson inside out quote.odt
[2012/03/01 14:30:14 | 000,030,441 | ---- | M] () -- C:\Users\wayne\Desktop\dbs header.jpg
[2012/02/29 18:00:29 | 000,058,692 | ---- | M] () -- C:\Users\wayne\Documents\letter to tenants.odt
[2012/02/29 17:10:21 | 000,001,589 | ---- | M] () -- C:\Users\wayne\Desktop\esetsmartinstaller_enu - Shortcut.lnk
[2012/02/28 15:29:03 | 000,107,362 | ---- | M] () -- C:\Users\wayne\Documents\jagerbombs.odg
[2012/02/27 15:22:21 | 000,062,214 | ---- | M] () -- C:\Users\wayne\Documents\2012 cocktails tent cards.odg
[2012/02/27 12:34:54 | 001,728,153 | ---- | M] () -- C:\Users\wayne\Documents\2012 Happy hour poster.odg
[2012/02/24 16:32:43 | 000,072,203 | ---- | M] () -- C:\Users\wayne\Documents\2012 cocktail poster.odg
[2012/02/21 16:06:25 | 000,036,552 | ---- | M] () -- C:\Users\wayne\Documents\birthday poster.odg
[2012/02/20 23:39:37 | 000,070,152 | ---- | M] () -- C:\Users\wayne\Documents\new dbs posters.odg
[2012/02/20 16:50:53 | 000,001,463 | ---- | M] () -- C:\Users\wayne\Desktop\grngg81v - Shortcut.lnk
[2012/02/20 16:50:53 | 000,001,416 | ---- | M] () -- C:\Users\wayne\Desktop\dds - Shortcut.lnk

========== Files Created - No Company Name ==========

[2012/03/18 23:20:29 | 000,047,864 | ---- | C] () -- C:\Users\wayne\Documents\free pool.odg
[2012/03/16 20:46:50 | 000,012,965 | ---- | C] () -- C:\Users\wayne\Desktop\weekly tally sheet.ods
[2012/03/16 17:20:43 | 000,069,782 | ---- | C] () -- C:\Users\wayne\Documents\Marchbrandnewwayne.mmp
[2012/03/08 03:28:56 | 000,013,644 | -HS- | C] () -- C:\Users\wayne\Desktop\AlbumArt_{4E690B8A-4DCE-4496-B558-84F141699886}_Large.jpg
[2012/03/08 03:28:56 | 000,003,268 | -HS- | C] () -- C:\Users\wayne\Desktop\AlbumArt_{4E690B8A-4DCE-4496-B558-84F141699886}_Small.jpg
[2012/03/06 21:48:31 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 23:22:47 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/05 23:22:30 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/05 23:22:25 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/05 20:13:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/05 20:13:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/05 20:13:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/05 20:13:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/05 20:13:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/01 15:08:50 | 000,058,272 | ---- | C] () -- C:\Users\wayne\Documents\steve work confirmation.odt
[2012/02/29 22:12:55 | 000,033,793 | ---- | C] () -- C:\Users\wayne\Documents\ineson inside out quote.odt
[2012/02/29 20:55:24 | 000,026,590 | -HS- | C] () -- C:\Users\wayne\Desktop\Folder.jpg
[2012/02/29 20:55:24 | 000,005,768 | -HS- | C] () -- C:\Users\wayne\Desktop\AlbumArtSmall.jpg
[2012/02/29 18:00:28 | 000,058,692 | ---- | C] () -- C:\Users\wayne\Documents\letter to tenants.odt
[2012/02/29 17:06:38 | 000,030,441 | ---- | C] () -- C:\Users\wayne\Desktop\dbs header.jpg
[2012/02/28 15:29:01 | 000,107,362 | ---- | C] () -- C:\Users\wayne\Documents\jagerbombs.odg
[2012/02/27 13:41:30 | 000,062,214 | ---- | C] () -- C:\Users\wayne\Documents\2012 cocktails tent cards.odg
[2012/02/23 18:23:58 | 001,728,153 | ---- | C] () -- C:\Users\wayne\Documents\2012 Happy hour poster.odg
[2012/02/22 16:23:46 | 000,072,203 | ---- | C] () -- C:\Users\wayne\Documents\2012 cocktail poster.odg
[2012/02/20 23:53:21 | 000,001,589 | ---- | C] () -- C:\Users\wayne\Desktop\esetsmartinstaller_enu - Shortcut.lnk
[2012/02/20 17:21:22 | 000,036,552 | ---- | C] () -- C:\Users\wayne\Documents\birthday poster.odg
[2011/11/23 01:09:06 | 000,005,632 | ---- | C] () -- C:\Users\wayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/17 14:05:44 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/17 14:05:44 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2011/07/17 13:57:07 | 000,000,118 | ---- | C] () -- C:\Users\wayne\AppData\Roaming\wklnhst.dat
[2011/07/15 02:47:02 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2010/11/11 08:32:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/11/11 08:29:20 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/11/11 08:29:20 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/03/27 02:41:38 | 000,009,868 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/03/05 19:57:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/03/05 19:57:02 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/03/05 19:56:58 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/09/29 22:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 05:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 02:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 02:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 00:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 21:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 21:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 21:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 21:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2004/06/06 11:53:42 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2004/06/05 11:56:16 | 000,679,936 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2004/01/27 12:13:54 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\OpenQuicktimeLib.dll
[2001/09/17 12:20:02 | 000,009,216 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll

========== LOP Check ==========

[2012/01/13 17:08:29 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Amazon
[2011/07/18 16:43:08 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/18 08:26:13 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/08/01 15:40:47 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\DVDVideoSoft
[2012/02/06 03:38:54 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\HTC
[2012/02/06 14:30:29 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/07/25 01:37:20 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Leadertech
[2011/07/16 12:20:25 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\NCH Swift Sound
[2011/07/19 20:24:35 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\OpenOffice.org
[2012/02/14 16:59:51 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\OrangeMobileBroadband
[2011/07/14 16:32:39 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Serif
[2011/07/17 13:57:25 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Template
[2012/03/19 20:19:24 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\uTorrent
[2011/09/08 13:29:49 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\WildTangent
[2011/08/01 17:46:54 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\Windows Live Writer
[2011/07/15 02:46:57 | 000,000,000 | ---D | M] -- C:\Users\wayne\AppData\Roaming\_MDLogs
[2011/12/30 16:40:14 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

It did not produce another text which was minimized.
Hope this helps.
The OTL program was already on my desk top due to us using it recently.

Wayne


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users right click and select Run as Administrator.

Under the







box at the bottom, paste in the following


```
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109217...001c659d81fd5f
[2011/09/22 14:34:45 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\ex tensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/09/13 00:56:53 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\ex tensions\[email protected]
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2012/03/05 16:52:30 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D9738B5F-2EA7-4135-A78A-FC2319CFF69D}
[2012/03/05 04:52:21 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{C523EA86-AC1A-4FB7-AF21-CF2496EAC2BB}
[2012/03/04 16:52:12 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{EF7F3201-ED29-4E04-9C90-8D0ADC96DF06}
[2012/03/04 04:52:05 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{A54EAC59-FF23-496C-8D6B-6BF9ED349B70}
[2012/03/03 16:51:55 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{EA74EB7E-EAAF-4833-ABEF-BFDF33164D37}
[2012/03/03 04:51:51 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{E5A4248D-BF54-49CE-847B-4BF830DC1200}
[2012/03/02 16:51:31 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{014D32E1-CE13-41D4-83ED-3FC1C364C416}
[2012/03/02 04:51:20 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{96850ED5-D49D-42A0-989F-D230279114E6}
[2012/03/02 04:51:15 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{CC018FF4-8CFC-4D5E-84DE-FF980F1A72AC}
[2012/03/01 16:50:39 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{D8FC6E18-1F99-4476-A44F-774A46451B06}
[2012/03/01 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{1EFD6269-076F-4B5B-815D-F21626AA8D1B}
[2012/03/01 14:06:28 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3BCF3F85-31D7-4F15-8F1D-0A7F0292BE2A}
[2012/03/01 14:02:33 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3F28F4E2-54C3-40F8-9294-185950A756C1}
[2012/02/29 23:31:34 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{0EF10DC0-D6ED-4EA6-A4B5-75084C4AA7EA}
[2012/02/29 23:31:21 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4079E3B5-97C3-47A0-8CF3-99E67F2C761B}
[2012/02/29 11:16:19 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{10489F3E-7847-4B08-A41A-AD63CA5981FE}
[2012/02/29 11:15:46 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{6F090EB3-56DA-4093-8AA6-2326A3858E9B}
[2012/02/28 14:18:54 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{DAC206E4-06CA-4DB8-B5CB-64982BAC32C6}
[2012/02/28 14:18:42 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{7C48A2DB-BCD5-4222-86E4-2E2317FDD66A}
[2012/02/27 18:47:49 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{2546E067-EB59-4AC9-97A1-A28F60A2E265}
[2012/02/27 06:47:19 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4B1FF45C-758B-4C67-B33D-40C35A595789}
[2012/02/27 06:47:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{A5C734A6-10BC-46CC-91CA-CB3D81591AC4}
[2012/02/26 16:25:32 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{6E01871F-F972-4A1A-B1C8-15C1DCFE5042}
[2012/02/26 04:25:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{422B7785-614C-412C-834B-923F92458C6D}
[2012/02/25 16:24:43 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{C069A079-4B17-4A07-93B6-CDF3CFFDF245}
[2012/02/25 04:24:15 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{B95BEE17-0EAA-4D96-9921-7332D17B7FD7}
[2012/02/25 04:20:30 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{CBEA724F-0D71-467E-AB04-B47335E8943E}
[2012/02/24 16:19:56 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{9E34A5FA-A65C-417A-A13F-9F87FAA8C96D}
[2012/02/24 16:19:44 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{5600042C-7B45-4AE4-A0A6-8A95E5776D30}
[2012/02/23 15:35:57 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{4C7E651E-445D-4831-8AC1-9FB27BDAB887}
[2012/02/23 01:49:17 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{3B503E89-2C35-45C4-BDD5-CE26945261CA}
[2012/02/23 01:49:06 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{66F22BE3-CA99-4F3E-A31E-FB4E0066FB01}
[2012/02/22 12:54:12 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{EABA2641-A80D-4857-9224-83933E9A6B40}
[2012/02/22 12:54:00 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{1318159B-09E7-4AB1-A28F-79D479467AE0}
[2012/02/21 21:40:56 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{00F0E1CD-D06D-43A8-B4B2-87E4E95B9487}
[2012/02/21 21:40:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{913C48C0-5F01-4F63-9253-7D337C748B89}
[2012/02/21 09:40:18 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{11601893-02EB-47FD-808A-88E179ECA2FD}
[2012/02/21 09:40:06 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{878CEA58-F2AB-4CE4-AC39-1BCF273BA877}
[2012/02/20 11:25:07 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{449293B8-0D13-41CF-8852-130CC1335DF7}
[2012/02/20 11:24:45 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{FC2D112D-6E21-413E-BCC4-7761B743ECED}
[2012/02/19 09:53:10 | 000,000,000 | ---D | C] -- C:\Users\wayne\AppData\Local\{B327D4C3-FF34-4A24-9F7D-0B645384C7F1}
:Files
ipconfig /flushdns /c
C:\PROGRAM FILES (X86)\WINDOWS ILIVID TOOLBAR
:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply.

Next,

*Run ESET Online Scan*

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
*ESET OnlineScan*
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








*Leave the tick out of remove found threats*
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push








You can refer to *this animation* by *neomage* if needed.
Frequently asked questions available *Here* *Please read them before running the scan.*

*Also be aware this scan can take several hours to complete depending on the size of your system.*

ESET log can be found here *"C:\Program Files\ESET\EsetOnlineScanner\log.txt".*

Post those two logs in next reply...

Kevin


----------



## waydown72 (Jan 16, 2011)

Hi,
I pasted the code into otl and run fix as requested, i went to maximize page but clicked on close by mistake so i lost the log it produced. So i repeated the process and this is log it gave afterwards.

Sorry.

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Folder C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\ex tensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.
Folder C:\Users\wayne\AppData\Roaming\Mozilla\Firefox\Profiles\i47dlx98.default\ex tensions\[email protected]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Folder C:\Users\wayne\AppData\Local\{D9738B5F-2EA7-4135-A78A-FC2319CFF69D}\ not found.
Folder C:\Users\wayne\AppData\Local\{C523EA86-AC1A-4FB7-AF21-CF2496EAC2BB}\ not found.
Folder C:\Users\wayne\AppData\Local\{EF7F3201-ED29-4E04-9C90-8D0ADC96DF06}\ not found.
Folder C:\Users\wayne\AppData\Local\{A54EAC59-FF23-496C-8D6B-6BF9ED349B70}\ not found.
Folder C:\Users\wayne\AppData\Local\{EA74EB7E-EAAF-4833-ABEF-BFDF33164D37}\ not found.
Folder C:\Users\wayne\AppData\Local\{E5A4248D-BF54-49CE-847B-4BF830DC1200}\ not found.
Folder C:\Users\wayne\AppData\Local\{014D32E1-CE13-41D4-83ED-3FC1C364C416}\ not found.
Folder C:\Users\wayne\AppData\Local\{96850ED5-D49D-42A0-989F-D230279114E6}\ not found.
Folder C:\Users\wayne\AppData\Local\{CC018FF4-8CFC-4D5E-84DE-FF980F1A72AC}\ not found.
Folder C:\Users\wayne\AppData\Local\{D8FC6E18-1F99-4476-A44F-774A46451B06}\ not found.
Folder C:\Users\wayne\AppData\Local\{1EFD6269-076F-4B5B-815D-F21626AA8D1B}\ not found.
Folder C:\Users\wayne\AppData\Local\{3BCF3F85-31D7-4F15-8F1D-0A7F0292BE2A}\ not found.
Folder C:\Users\wayne\AppData\Local\{3F28F4E2-54C3-40F8-9294-185950A756C1}\ not found.
Folder C:\Users\wayne\AppData\Local\{0EF10DC0-D6ED-4EA6-A4B5-75084C4AA7EA}\ not found.
Folder C:\Users\wayne\AppData\Local\{4079E3B5-97C3-47A0-8CF3-99E67F2C761B}\ not found.
Folder C:\Users\wayne\AppData\Local\{10489F3E-7847-4B08-A41A-AD63CA5981FE}\ not found.
Folder C:\Users\wayne\AppData\Local\{6F090EB3-56DA-4093-8AA6-2326A3858E9B}\ not found.
Folder C:\Users\wayne\AppData\Local\{DAC206E4-06CA-4DB8-B5CB-64982BAC32C6}\ not found.
Folder C:\Users\wayne\AppData\Local\{7C48A2DB-BCD5-4222-86E4-2E2317FDD66A}\ not found.
Folder C:\Users\wayne\AppData\Local\{2546E067-EB59-4AC9-97A1-A28F60A2E265}\ not found.
Folder C:\Users\wayne\AppData\Local\{4B1FF45C-758B-4C67-B33D-40C35A595789}\ not found.
Folder C:\Users\wayne\AppData\Local\{A5C734A6-10BC-46CC-91CA-CB3D81591AC4}\ not found.
Folder C:\Users\wayne\AppData\Local\{6E01871F-F972-4A1A-B1C8-15C1DCFE5042}\ not found.
Folder C:\Users\wayne\AppData\Local\{422B7785-614C-412C-834B-923F92458C6D}\ not found.
Folder C:\Users\wayne\AppData\Local\{C069A079-4B17-4A07-93B6-CDF3CFFDF245}\ not found.
Folder C:\Users\wayne\AppData\Local\{B95BEE17-0EAA-4D96-9921-7332D17B7FD7}\ not found.
Folder C:\Users\wayne\AppData\Local\{CBEA724F-0D71-467E-AB04-B47335E8943E}\ not found.
Folder C:\Users\wayne\AppData\Local\{9E34A5FA-A65C-417A-A13F-9F87FAA8C96D}\ not found.
Folder C:\Users\wayne\AppData\Local\{5600042C-7B45-4AE4-A0A6-8A95E5776D30}\ not found.
Folder C:\Users\wayne\AppData\Local\{4C7E651E-445D-4831-8AC1-9FB27BDAB887}\ not found.
Folder C:\Users\wayne\AppData\Local\{3B503E89-2C35-45C4-BDD5-CE26945261CA}\ not found.
Folder C:\Users\wayne\AppData\Local\{66F22BE3-CA99-4F3E-A31E-FB4E0066FB01}\ not found.
Folder C:\Users\wayne\AppData\Local\{EABA2641-A80D-4857-9224-83933E9A6B40}\ not found.
Folder C:\Users\wayne\AppData\Local\{1318159B-09E7-4AB1-A28F-79D479467AE0}\ not found.
Folder C:\Users\wayne\AppData\Local\{00F0E1CD-D06D-43A8-B4B2-87E4E95B9487}\ not found.
Folder C:\Users\wayne\AppData\Local\{913C48C0-5F01-4F63-9253-7D337C748B89}\ not found.
Folder C:\Users\wayne\AppData\Local\{11601893-02EB-47FD-808A-88E179ECA2FD}\ not found.
Folder C:\Users\wayne\AppData\Local\{878CEA58-F2AB-4CE4-AC39-1BCF273BA877}\ not found.
Folder C:\Users\wayne\AppData\Local\{449293B8-0D13-41CF-8852-130CC1335DF7}\ not found.
Folder C:\Users\wayne\AppData\Local\{FC2D112D-6E21-413E-BCC4-7761B743ECED}\ not found.
Folder C:\Users\wayne\AppData\Local\{B327D4C3-FF34-4A24-9F7D-0B645384C7F1}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\wayne\Desktop\cmd.bat deleted successfully.
C:\Users\wayne\Desktop\cmd.txt deleted successfully.
File\Folder C:\PROGRAM FILES (X86)\WINDOWS ILIVID TOOLBAR not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: wayne
->Temp folder emptied: 127376 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 42277888 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28327 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 03202012_150924

Files\Folders moved on Reboot...
C:\Users\wayne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

I'll carry on with rest now.

wayne.


----------



## waydown72 (Jan 16, 2011)

Eset Log - 


C:\Qoobox\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll.vir	a variant of Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll.vir	Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe.vir	probably a variant of Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll.vir	Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll.vir	Win32/Toolbar.Babylon application
C:\Qoobox\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir	a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir	a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir	a variant of Win32/Adware.Yontoo.B application
C:\_OTL\MovedFiles\02072012_213016\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll	Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\02072012_213016\C_Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe	Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03202012_144813\C_PROGRAM FILES (X86)\Windows iLivid Toolbar\Datamngr\datamngr.dll	Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03202012_144813\C_PROGRAM FILES (X86)\Windows iLivid Toolbar\Datamngr\DnsBHO.dll	Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\03202012_144813\C_PROGRAM FILES (X86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll	Win32/Toolbar.SearchSuite application


----------



## kevinf80 (Mar 21, 2006)

How is your system responding now?


----------



## waydown72 (Jan 16, 2011)

there are no system crashes are freezes recently so i think thats good


----------



## kevinf80 (Mar 21, 2006)

Leave all tools in place for now, use your system for a day or so, or until you are satisfied it is OK. Post back and we`ll clean up tools etc...

Kevin


----------



## waydown72 (Jan 16, 2011)

Hi,
Everything has been working really well.

Wayne


----------



## kevinf80 (Mar 21, 2006)

Back to you shortly....


----------



## kevinf80 (Mar 21, 2006)

OK Wayne, do the following;

*Step 1*

Remove Combofix now that we're done with it

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")









 Please follow the prompts to uninstall Combofix.
 You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
The above procedure will delete the following:

 ComboFix and its associated files and folders.
 VundoFix backups, if present
 The C:_OtMoveIt folder, if present
 Reset the clock settings.
 Hide file extensions, if required.
 Hide System/Hidden files, if required.
 Reset System Restore.

*It is very important that you get a successful uninstall because of the extra functions done at the same time, let me know if this does not happen.*

*Step 2*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself. *Any tools/logs remaining on the Desktop can be deleted.*

*Step 3*

Remove ESET online scanner:


 Click Start, type *Uninstall a Program* into the Search programs and files box, and then press ENTER.
 Click to select *ESET Online Scanner* from the listing of installed products, and then click Uninstall/Change from the bar that displays the available tasks. Uninstall *ESETonline Scanner*, only re-boot if prompted.

*Step 4*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

*Step 5*

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by *Secunia*, available *Here* Before clicking the *Start* scan* button, please check the box for the option *Enable thorough system inspection*. Just below the "Scan Options:" section, you'll see the status of what's currently processing....








...when the scan completes, the message "Detection completed successfully" will appear in the *Programs/Result* section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Let me know if those steps complete OK, also if any remaining issues or concerns...

Kevin


----------



## waydown72 (Jan 16, 2011)

combofix is asking me to disable microsoft security essentials, How do i do that.


----------



## kevinf80 (Mar 21, 2006)

Open Microsoft Security Essentials > select > settings > realtime protection > UNtick "turn on realtime protection > apply.

When finished make sure to turn MSE back on.....


----------



## waydown72 (Jan 16, 2011)

Step one succesfull


----------



## kevinf80 (Mar 21, 2006)

OK, let me know if you are successful with the remainder....


----------



## waydown72 (Jan 16, 2011)

I started Secunia but it did not complete when i returned to it. 
Wayne.


----------



## kevinf80 (Mar 21, 2006)

Leave Secunia if it will not run correctly, try this one from FileHippo, it does the same job....

http://www.filehippo.com/updatechecker/

Kevin


----------



## waydown72 (Jan 16, 2011)

Hi,
www.Filehippo/updatechecker/ Worked well. i still have a few programs left on desktop
Malwarebytes, App remover, RK quaratine, dds etc.
What do i do with those.

Wayne


----------



## kevinf80 (Mar 21, 2006)

Keep Malwarebytes, it is an excellent antimalware program. If you have the trial version it will default to the free version after the time limit. If it is the free version that is OK. It will give no realtime protection but can be used as a stand alone scanner, always remember to update first.

The other programs can be simply deleted or dragged to the recycle bin. Run TFC when you`re finished, remember to re-boot even if not prompted....

Otherwise you should be good to go, Here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin :up:


----------

