# Residual problems with Babylon infection



## bobbycow36 (Sep 27, 2010)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) D CPU 2.66GHz, Intel64 Family 15 Model 4 Stepping 7
Processor Count: 2
RAM: 1534 Mb
Graphics Card: NVIDIA GeForce 6200SE TurboCache(TM), 64 Mb
Hard Drives: C: Total - 152524 MB, Free - 113687 MB; E: Total - 476937 MB, Free - 133951 MB;
Motherboard: NEC COMPUTERS INTERNATIONAL, GA-8TRC410M-NF
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

Hi there.
Using advice from one of your earlier postings I have managed to get rid of a lot of the cancerous Babylon from my system, but there is some that will not yield.
In programs there is an entry for Babylon Object Installer remaining  when I click uninstall it spins for 30 seconds and then comes up with the message  do you want to give Babylon the power to alter programs on your computer? Not likely! I have tried it over and over but the message repeats itself with slight variations in the wording. Nothing doing.
I managed to rid Firefox and IE completely by following the advice, but Chrome refuses to part with Babylon at all. Would it do any good to uninstall and reinstall it?
Meanwhile I ran a search for Babylon and carefully deleted all references to it. The only 2 remaining are registry entries that look harmless but I did not want to risk damaging the registry by deleting them. Certainly the performance of my PC had improved 1000% since I got rid of most of this disastrous program.
Tell me, whats the point of inserting it as a Browser Hijacker like this? If theyre looking for customers surely theyve just not just shot themselves in the foot but blown their whole darn leg off! Whod want to use their browser after this?
`I attach the printouts as requested and would value your help in eradicating this thing completely as it seems to creep back if you dont keep shooting off its limbs! It is driving me crazy! Very many thanks for your kind help.
Bobbycow

HiJack this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:47:19, on 15/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\User\Downloads\HijackThis(1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={2968316B-65C0-4E51-AEC0-2F4F10046D63}&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&lang=en&ds=AVG&pr=fr&d=2012-06-04 06:18:47&v=11.1.0.7&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [RegZooka Scheduler] C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SA153.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_SD8C2.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_SE3BD.tmp" /EF "HKCU"
O4 - Startup: Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11009 bytes

DDS 1
DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by User at 19:57:51 on 2012-06-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1535.393 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskhost.exe
C:\Users\User\Downloads\HijackThis(1).exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://isearch.avg.com/?cid={2968316B-65C0-4E51-AEC0-2F4F10046D63}&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&lang=en&ds=AVG&pr=fr&d=2012-06-04 06:18:47&v=11.1.0.7&sap=hp
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe /applicationMode:systemTray /showWelcome:false
uRun: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SA153.tmp" /EF "HKCU"
uRun: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_SD8C2.tmp" /EF "HKCU"
uRun: [EPSON Stylus DX6000 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_SE3BD.tmp" /EF "HKCU"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [RegZooka Scheduler] C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{CCE73E99-676E-4CD4-873D-459574651E99} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [RegZooka Scheduler] C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lnormrny.default\
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-04%2006%3A18%3A47&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-04%2006%3A18%3A47&sap=ku&q=
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110014&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - c413fd340000000000000016e61c4648
FF - user.js: extensions.BabylonToolbar_i.hardId - c413fd340000000000000016e61c4648
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15502
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:31:24
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-5-3 1302072]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-5-3 681016]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-4 935480]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-4 257696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-4 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-14 17:09:07 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EF0138AE-B890-4C03-8AF2-8BFD9A4A65D1}\mpengine.dll
2012-06-14 08:16:52 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 16:55:22 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-13 10:38:00 -------- d-----w- C:\ProgramData\SUPERSetup
2012-06-13 08:56:32 -------- d-----w- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2012-06-13 08:53:15 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-13 08:53:15 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-13 05:17:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-13 05:16:31 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-06-11 10:40:14 -------- d-----w- C:\Program Files (x86)\Datapol
2012-06-11 10:31:02 -------- d-----w- C:\ProgramData\Babylon
2012-06-11 10:29:22 -------- d-----w- C:\ProgramData\Tarma Installer
2012-06-09 17:01:40 39424 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EP0LPP00.DLL
2012-06-09 11:49:50 126976 ----a-w- C:\Windows\System32\E_ILMBVE.DLL
2012-06-09 11:49:49 86528 ----a-w- C:\Windows\System32\E_IBCBBVE.DLL
2012-06-09 06:27:25 -------- d-----w- C:\ProgramData\UDL
2012-06-09 06:14:21 -------- d-----w- C:\Program Files (x86)\Epson Software
2012-06-09 06:08:23 -------- d-----w- C:\Users\User\AppData\Local\CrashDumps
2012-06-08 17:29:47 8704 ----a-w- C:\Windows\System32\E_GCINST.DLL
2012-06-08 17:29:36 126976 ----a-w- C:\Windows\System32\E_ILMBIE.DLL
2012-06-08 17:29:22 86528 ----a-w- C:\Windows\System32\E_IBCBBIE.DLL
2012-06-08 14:29:25 -------- d-----w- C:\ProgramData\EPSON
2012-06-08 12:43:22 -------- d-----w- C:\ProgramData\UAB
2012-06-08 12:40:04 -------- d-----w- C:\Users\User\AppData\Local\PC_Drivers_Headquarters
2012-06-08 12:34:27 -------- d-----w- C:\ProgramData\Driver Manager
2012-06-08 12:29:45 -------- d-----w- C:\Program Files (x86)\Driver Manager
2012-06-08 07:58:56 -------- d-----w- C:\Program Files (x86)\RegZooka
2012-06-07 09:14:38 -------- d-----w- C:\Users\User\AppData\Local\Diagnostics
2012-06-07 04:46:26 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 04:46:26 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-04 07:07:00 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-06-04 07:04:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-04 07:03:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-04 07:03:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-04 06:19:52 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-04 06:19:15 18912 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-06-04 06:19:14 85472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-06-04 06:19:14 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-06-04 06:19:14 117728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2012-06-04 06:19:13 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-06-04 06:19:12 913888 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2012-06-04 06:19:12 258528 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2012-06-04 06:19:11 624608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-04 06:19:10 43488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-04 06:19:10 157600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-04 06:19:10 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-04 05:33:14 -------- d-----w- C:\Users\User\AppData\Roaming\AVG2012
2012-06-04 05:19:15 -------- d-----w- C:\Users\User\AppData\Local\AVG Secure Search
2012-06-04 05:18:45 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-06-04 05:18:37 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-06-04 05:18:35 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-06-04 05:17:12 -------- d--h--w- C:\ProgramData\Common Files
2012-06-04 05:17:02 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-06-04 05:15:38 -------- d--h--w- C:\$AVG
2012-06-04 05:15:38 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-06-04 05:15:38 -------- d-----w- C:\ProgramData\AVG2012
2012-06-04 05:13:49 -------- d-----w- C:\Program Files (x86)\AVG
2012-06-04 05:09:32 -------- d-----w- C:\ProgramData\MFAData
2012-06-04 04:51:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-04 04:44:26 -------- d-----w- C:\Users\User\AppData\Local\Secunia PSI (BETA)
2012-06-04 04:39:02 -------- d-----w- C:\Users\User\AppData\Roaming\Foxit Software
2012-06-04 02:22:18 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-06-04 02:20:11 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-04 02:20:11 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-04 02:20:10 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-04 02:20:09 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-04 02:20:09 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-04 02:20:09 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-04 02:20:09 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-03 22:30:56 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-03 22:30:36 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3A7D49FF-8833-44EF-954F-63B9AD4E6AEB}\gapaengine.dll
2012-06-03 22:21:22 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-06-03 22:21:21 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-06-03 22:21:07 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-06-03 22:21:06 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-06-03 22:21:05 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-03 22:21:04 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-03 22:17:50 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-06-03 22:17:47 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-03 22:14:10 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-06-03 22:14:09 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-06-03 22:06:59 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-03 22:06:48 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-03 22:06:47 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-03 22:06:47 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-03 22:06:45 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-03 22:06:45 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-03 22:05:50 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-06-03 22:05:49 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-06-03 21:50:48 77312 ----a-w- C:\Windows\System32\packager.dll
2012-06-03 21:50:48 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-06-03 21:23:39 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-03 21:23:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-03 21:23:38 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
.
==================== Find3M ====================
.
2012-06-04 04:56:32 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-04 04:54:49 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-19 03:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-03-20 19:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 19:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-19 04:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 19:59:44.26 ===============

DDS 2 (Attachment)
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 22/11/2011 16:25:05
System Uptime: 15/06/2012 07:15:56 (12 hours ago)
.
Motherboard: NEC COMPUTERS INTERNATIONAL | | GA-8TRC410M-NF
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | Socket 775 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 111.024 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 130.812 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP55: 12/06/2012 22:58:47 - Removed BabylonObjectInstaller
RP56: 12/06/2012 23:00:32 - Removed BabylonObjectInstaller
RP57: 13/06/2012 17:42:57 - Restore Operation
RP58: 14/06/2012 18:07:49 - Windows Update
RP59: 15/06/2012 03:00:23 - Windows Update
RP60: 15/06/2012 06:19:41 - Removed BabylonObjectInstaller
RP61: 15/06/2012 06:21:18 - Removed BabylonObjectInstaller
RP62: 15/06/2012 06:23:20 - Removed BabylonObjectInstaller
RP63: 15/06/2012 06:26:36 - Removed BabylonObjectInstaller
RP64: 15/06/2012 06:27:10 - Removed BabylonObjectInstaller
RP65: 15/06/2012 06:27:38 - Removed BabylonObjectInstaller
RP66: 15/06/2012 06:28:18 - Removed BabylonObjectInstaller
RP67: 15/06/2012 11:43:35 - Removed BabylonObjectInstaller
RP68: 15/06/2012 19:40:59 - Removed BabylonObjectInstaller
.
==== Installed Programs ======================
.
7-Zip 9.21
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Audacity 1.3.14 (Unicode)
BabylonObjectInstaller
Corel PaintShop Pro X4
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Driver Manager
Dropbox
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Evernote v. 4.5.2
Google Chrome
Google Earth
Google Update Helper
High-Definition Video Playback
ICA
IPM_PSP_COM
Java Auto Updater
Java(TM) 6 Update 31
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0 (x86 en-GB)
Mozilla Maintenance Service
Nero 11 Kwik Themes Basic
Nero Audio Pack 1
Nero Core Components 11
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Update
nero.prerequisites.msi
NTFS4DOS
Picasa 3
PSPPContent
PSPPHelp
RegZooka
Secunia PSI (3.0.0.1001)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Setup
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
WinDirStat 1.1.2
.
==== Event Viewer Messages From Past Week ========
.
15/06/2012 07:17:40, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
15/06/2012 03:37:47, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
15/06/2012 03:36:19, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
15/06/2012 03:12:18, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2656368).
15/06/2012 03:05:22, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2686827).
14/06/2012 18:11:06, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.2001.0).
14/06/2012 18:10:47, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.2001.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation. 
14/06/2012 18:10:11, Error: Microsoft Antimalware [2003] - Microsoft Antimalware has encountered an error trying to update the engine. New Engine Version: Previous Engine Version: 2.0.8001.0 Engine Type: Network Inspection System User: NT AUTHORITY\SYSTEM Error Code: 0x80070002 Error description: The system cannot find the file specified. 
14/06/2012 18:10:11, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 11.0.0.0 Update Source: User Update Stage: Install Source Path: Signature Type: Network Inspection System Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 2.0.8001.0 Error code: 0x80070002 Error description: The system cannot find the file specified. 
14/06/2012 14:22:48, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
13/06/2012 18:06:12, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1702.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80072ee2 Error description: The operation timed out 
13/06/2012 17:55:20, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.127.1702.0;1.127.1702.0 Engine version: 1.1.8403.0
13/06/2012 17:45:54, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
13/06/2012 12:27:08, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
13/06/2012 12:27:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
13/06/2012 12:27:07, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/06/2012 23:04:53, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/06/2012 23:04:53, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
12/06/2012 05:52:05, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1702.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
12/06/2012 05:52:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1702.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
09/06/2012 18:10:48, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR8.
09/06/2012 14:17:27, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk7\DR7.
09/06/2012 12:55:21, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
09/06/2012 12:07:14, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk9\DR14.
08/06/2012 07:28:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.127.1592.0).
08/06/2012 07:28:22, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.127.1440.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8403.0 Error code: 0x80070643 Error description: Fatal error during installation. 
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-15 20:53:50
Windows 6.1.7601 Service Pack 1 
Running: ps4cxe3w.exe

---- Files - GMER 1.0.15 ----

File C:\Program Files (x86)\Secunia\PSI\SUA\running 0 bytes

---- EOF - GMER 1.0.15 ----

Hope this means something more to you than it does to me!
B


----------



## kevinf80 (Mar 21, 2006)

Hiya bobbycow36,

You have two Antivirus programs running, that is not good, two AV`s will clash and cause issues for your system.... One of them has to go. I suggest you UNinstall AVG and keep Microsoft Security Essentials...

When complete run their removal tool available here http://www.avg.com/us-en/utilities

Also Uninstall Spybot S&D and RegZooka....

Next,

Download *OTL* from any of the following links and save to your desktop.

*Link 1*
*Link 2*
* Link3*

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).


 Please check the box next to "LOP check" and "Purtiy check"
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Kevin


----------



## flavallee (May 12, 2002)

> Tech Support Guy System Info Utility version 1.0.0.2
> OS Version: Microsoft *Windows 7 Home Premium, Service Pack 1, 64 bit*
> Processor: Intel(R) Pentium(R) D CPU 2.66GHz, Intel64 Family 15 Model 4 Stepping 7
> Processor Count: 2
> ...


Not to get off the subject here.

You're running Windows 7(64-bit) with what appears to be only 1.5 GB of RAM.

Its motherboard supports up to 4 GB of RAM.

Windows 7(64-bit) recognizes and utilizes 4 GB or more of RAM.

If you want to improve overall speed and performance in that computer, you need to max it out with 4 GB.

-----------------------------------------------------------

I concur with Kevin.

Get rid of AVG 2012 and RegZooka and Spybot - Search & Destroy.

-----------------------------------------------------------


----------



## bobbycow36 (Sep 27, 2010)

Hi Kevin,
thanks for the info - I hadn't even realized that MSE was running at all!
Have done all that you suggested, just waiting for the scan results, will send when finished.
Cheers
B


----------



## bobbycow36 (Sep 27, 2010)

You know I always thought this machine should be a bit faster
Thanks for the tip - I'll get some more RAM installed
Glad to know you experts agree!
B


----------



## kevinf80 (Mar 21, 2006)

Make sure you get Ram that is suitable for your system, go here http://www.crucial.com and find out.....

Kevin....


----------



## bobbycow36 (Sep 27, 2010)

kevinf80 said:


> Hiya bobbycow36,
> 
> You have two Antivirus programs running, that is not good, two AV`s will clash and cause issues for your system.... One of them has to go. I suggest you UNinstall AVG and keep Microsoft Security Essentials...
> 
> ...


Hi Kevin,
have run the scan several times but just comes up with the one result - OTL.Txt. Even tried a different download. I can't find it minimized anywhere else unless I'm being dense (which is always a possibility.)
Here's the one I got so maybe you can tell me where the other one should be.
Cheers
B

OTL logfile created on: 17/06/2012 10:22:11 - Run 3
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 
1.50 Gb Total Physical Memory | 0.14 Gb Available Physical Memory | 9.32% Memory free
3.00 Gb Paging File | 1.65 Gb Available in Paging File | 54.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148.95 Gb Total Space | 110.44 Gb Free Space | 74.14% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 97.21 Gb Free Space | 20.87% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/17 10:21:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2012/06/16 21:05:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/16 09:11:45 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
PRC - [2012/06/03 22:07:07 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/03 12:39:48 | 001,302,072 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2012/05/03 12:39:48 | 000,681,016 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012/05/03 12:39:46 | 000,562,232 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/16 21:05:07 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/06/16 09:11:34 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 02:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 16:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

========== Win32 Services (SafeList) ==========

SRV:*64bit:* - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:*64bit:* - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:*64bit:* - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/16 21:05:08 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/16 09:11:47 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 12:39:48 | 001,302,072 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/05/03 12:39:48 | 000,681,016 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/04/04 06:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/11/18 03:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:*64bit:* - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/12/16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:*64bit:* - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:*64bit:* - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2008/07/22 08:42:58 | 000,060,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={2968316B-65C0-4E51-AEC0-2F4F10046D63}&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&lang=en&ds=AVG&pr=fr&d=2012-06-04 06:18:47&v=11.1.0.7&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A E4 89 97 0E C2 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110014&tt=060612_7_&babsrc=SP_ss&mntrId=c413fd340000000000000016e61c4648
IE - HKCU\..\SearchScopes\{568A96F5-BA35-4AB7-8902-A2715BE76A9B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={2968316B-65C0-4E51-AEC0-2F4F10046D63}&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&lang=en&ds=AVG&pr=fr&d=2012-06-16 22:23:53&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-04%2006%3A18%3A47&sap=hp"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2012-06-04%2006%3A18%3A47&sap=ku&q="

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/04 06:16:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 21:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/16 09:13:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 21:05:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/16 09:13:10 | 000,000,000 | ---D | M]

[2011/12/24 08:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2012/06/15 06:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\lnormrny.default\extensions
[2012/06/16 09:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/16 09:18:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/04 06:16:10 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/16 21:05:13 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/07 05:46:23 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/06/16 22:23:48 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/07 05:46:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/07 05:46:23 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/07 05:46:23 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/06/07 05:46:23 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/07 05:46:23 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={2968316B-65C0-4E51-AEC0-2F4F10046D63}&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&lang=en&ds=AVG&pr=fr&d=2012-06-04 06:18:47&v=11.1.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: AVG Safe Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:*64bit:* - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:*64bit:* - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RegZooka Scheduler] C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBVE.EXE /FU "C:\Windows\TEMP\E_SA153.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_SD8C2.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series (Copy 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_SE3BD.tmp" /EF "HKCU" File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:*64bit:* - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:*64bit:* - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:*64bit:* - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCE73E99-676E-4CD4-873D-459574651E99}: DhcpNameServer = 192.168.0.1
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/17 06:58:41 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Macromedia
[2012/06/17 06:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2012/06/17 06:38:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012/06/17 06:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/06/17 06:29:22 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2012/06/17 06:27:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/06/17 06:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/06/17 06:19:41 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\hal.dll problem
[2012/06/17 06:17:54 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\TSG Babylon
[2012/06/16 22:32:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple Computer
[2012/06/16 22:32:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Apple Computer
[2012/06/16 22:29:38 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\http z1
[2012/06/16 22:28:53 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Dll problem
[2012/06/16 22:27:00 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\SKY
[2012/06/16 22:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2012/06/16 22:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/06/16 22:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012/06/16 22:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/06/16 22:10:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/06/16 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Apple
[2012/06/16 22:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/06/16 22:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/06/16 09:27:45 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/06/16 09:27:41 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/06/16 09:27:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/16 09:27:39 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/06/16 09:27:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/06/16 09:27:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/06/16 09:27:36 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/06/16 09:27:35 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/06/16 09:27:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/06/16 09:27:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/16 09:27:34 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/06/16 09:27:26 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/06/16 09:27:26 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/06/16 09:27:22 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/06/16 09:27:22 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/06/16 09:27:21 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/06/16 09:27:20 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/06/16 09:27:15 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/06/16 09:27:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/16 09:27:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/16 09:27:00 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/06/16 09:27:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/06/16 09:26:59 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/06/16 09:26:57 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/06/16 09:26:55 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/06/16 09:26:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/16 09:26:52 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/06/16 09:26:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/16 09:26:41 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/06/16 09:26:39 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/06/16 09:26:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/06/16 09:26:39 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/06/16 09:26:34 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/06/16 09:26:32 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/06/16 09:26:29 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/06/16 09:26:23 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/06/16 09:26:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/16 09:26:23 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/06/16 09:26:23 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/06/16 09:26:23 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/06/16 09:26:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/06/16 09:26:23 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/06/16 09:26:22 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/16 09:26:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/16 09:26:22 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/06/16 09:26:22 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/06/16 09:26:20 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/06/16 09:26:20 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/06/16 09:26:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/16 09:26:19 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/06/16 09:26:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/06/16 09:26:19 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/06/16 09:26:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/06/16 09:26:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/06/16 09:26:15 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/06/16 09:26:15 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/06/16 09:26:15 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/06/16 09:26:12 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/06/16 09:26:12 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/06/16 09:26:12 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/06/16 09:26:12 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/06/16 09:26:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/16 09:26:11 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/06/16 09:26:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/06/16 09:26:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/16 09:26:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/06/16 09:26:06 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/06/16 09:26:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/16 09:26:05 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/16 09:26:05 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/06/16 09:26:05 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/06/16 09:26:05 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/06/16 09:18:23 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/06/16 09:18:15 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/16 09:18:13 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/16 09:18:10 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/16 09:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/06/16 09:13:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2012/06/16 09:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2012/06/16 09:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/06/16 09:00:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Winamp
[2012/06/16 09:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012/06/16 08:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Media Player
[2012/06/14 09:17:22 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/14 09:17:22 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/14 09:17:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/14 09:16:46 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/14 09:16:43 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/14 09:16:42 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/14 09:16:28 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/14 09:16:19 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/14 09:16:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 11:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/06/13 09:56:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
[2012/06/13 09:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/06/13 09:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/06/13 06:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/13 06:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/06/12 11:09:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\vlc
[2012/06/11 11:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTFS4DOS
[2012/06/11 11:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Datapol
[2012/06/11 11:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/11 11:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/06/11 11:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/06/11 11:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/06/09 12:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/06/09 12:49:50 | 000,126,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMBVE.DLL
[2012/06/09 12:49:49 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBBVE.DLL
[2012/06/09 07:27:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/06/09 07:27:25 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012/06/09 07:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/06/09 07:13:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/06/09 07:08:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CrashDumps
[2012/06/08 18:29:47 | 000,008,704 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL
[2012/06/08 18:29:36 | 000,126,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMBIE.DLL
[2012/06/08 18:29:22 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBBIE.DLL
[2012/06/08 15:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/06/08 13:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012/06/08 13:40:04 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\PC_Drivers_Headquarters
[2012/06/08 13:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Manager
[2012/06/08 13:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Manager
[2012/06/08 13:29:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Manager
[2012/06/08 08:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegZooka
[2012/06/07 10:14:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Diagnostics
[2012/06/04 10:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/04 09:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/06/04 09:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/06/04 08:07:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012/06/04 08:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/04 08:03:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/04 08:03:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/04 07:20:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/04 07:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/04 06:33:14 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\AVG2012
[2012/06/04 06:17:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/06/04 06:15:38 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/04 06:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/06/04 05:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/04 05:51:07 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/04 05:44:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Secunia PSI (BETA)
[2012/06/04 05:39:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Foxit Software
[2012/06/04 03:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/04 03:20:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/06/04 03:20:11 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/06/04 03:20:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/06/03 23:21:22 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/06/03 23:21:07 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/06/03 23:21:06 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/06/03 23:21:05 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/03 23:21:04 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/03 23:20:41 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/06/03 23:20:33 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/06/03 23:20:32 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/06/03 23:20:31 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/06/03 23:20:31 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/06/03 23:20:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/06/03 23:20:30 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/06/03 23:20:23 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/06/03 23:20:23 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/06/03 23:14:10 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/06/03 23:05:49 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/06/03 22:50:48 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/06/03 22:50:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/06/03 22:23:39 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/06/03 22:23:38 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/06/03 22:14:53 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Outlook Files

========== Files - Modified Within 30 Days ==========

[2012/06/17 10:22:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/17 10:02:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/17 09:13:51 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 09:13:51 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/17 09:05:51 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/17 09:05:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/17 09:05:11 | 1206,820,864 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/17 07:46:02 | 000,001,441 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/06/17 07:29:33 | 000,431,458 | ---- | M] () -- C:\Users\User\Desktop\AVGInstLog.cab
[2012/06/17 06:41:53 | 000,172,016 | ---- | M] () -- C:\Windows\hpoins47.dat
[2012/06/16 22:17:07 | 000,002,515 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/16 22:17:06 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/16 22:14:34 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/06/16 09:27:46 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/06/16 09:27:42 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/06/16 09:27:40 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/16 09:27:39 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/06/16 09:27:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/06/16 09:27:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/06/16 09:27:36 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/06/16 09:27:35 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/06/16 09:27:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/06/16 09:27:34 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/16 09:27:34 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/06/16 09:27:27 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/06/16 09:27:26 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/06/16 09:27:24 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/06/16 09:27:22 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/06/16 09:27:21 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/06/16 09:27:21 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/06/16 09:27:20 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/16 09:27:15 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/06/16 09:27:14 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/16 09:27:10 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/16 09:27:01 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/06/16 09:27:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/06/16 09:27:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/06/16 09:26:57 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/06/16 09:26:56 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/06/16 09:26:54 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/16 09:26:52 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/06/16 09:26:42 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/16 09:26:41 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/06/16 09:26:39 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/06/16 09:26:39 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/06/16 09:26:39 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/06/16 09:26:34 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/06/16 09:26:32 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/06/16 09:26:30 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/06/16 09:26:24 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/16 09:26:23 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/06/16 09:26:23 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/06/16 09:26:23 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/06/16 09:26:23 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/06/16 09:26:23 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/06/16 09:26:23 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/06/16 09:26:22 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/16 09:26:22 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/16 09:26:22 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/06/16 09:26:22 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/06/16 09:26:20 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/06/16 09:26:20 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/06/16 09:26:19 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/16 09:26:19 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/06/16 09:26:19 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/06/16 09:26:19 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/06/16 09:26:19 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/06/16 09:26:17 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/06/16 09:26:16 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/06/16 09:26:15 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/06/16 09:26:15 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/06/16 09:26:15 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/06/16 09:26:12 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/06/16 09:26:12 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/06/16 09:26:12 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/06/16 09:26:12 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/06/16 09:26:11 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/16 09:26:11 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/06/16 09:26:11 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/16 09:26:10 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/16 09:26:07 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/06/16 09:26:06 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/06/16 09:26:06 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/16 09:26:05 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/16 09:26:05 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/06/16 09:26:05 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/06/16 09:26:05 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/06/16 09:18:44 | 000,000,134 | ---- | M] () -- C:\Users\User\Desktop\Internet Explorer Troubleshooting.url
[2012/06/16 09:17:14 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/16 09:17:14 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/16 09:17:12 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/16 09:17:10 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/06/16 09:17:10 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/06/16 09:14:18 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/06/16 09:11:40 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/16 09:11:38 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/16 08:56:56 | 000,000,854 | ---- | M] () -- C:\Users\Public\Desktop\Easy Media Player.lnk
[2012/06/16 03:11:15 | 000,735,022 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/16 03:11:15 | 000,617,910 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/16 03:11:15 | 000,107,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/15 11:16:49 | 000,057,344 | ---- | M] () -- C:\Users\User\Documents\SP meter readings 15.06.12 RE You have not yet given us your meter reading.msg
[2012/06/15 11:16:49 | 000,057,344 | ---- | M] () -- C:\Users\User\Documents\SP meter readings 15.06.12 RE You have not yet given us your meter reading - Copy.msg
[2012/06/15 10:47:51 | 000,028,672 | ---- | M] () -- C:\Users\User\Documents\Your O2 bill is ready May 12 £42.msg
[2012/06/15 10:41:44 | 000,024,576 | ---- | M] () -- C:\Users\User\Documents\Tech Support Guy Newsletter Confirm 14.06.12.msg
[2012/06/15 10:41:44 | 000,024,576 | ---- | M] () -- C:\Users\User\Documents\Tech Support Guy Newsletter Confirm 14.06.12 - Copy.msg
[2012/06/15 10:40:40 | 000,034,816 | ---- | M] () -- C:\Users\User\Documents\Petlog conf emergency nos 12.06.12 RE re Bilie Jo 981000004479523 foal - Copy.msg
[2012/06/15 10:39:45 | 000,080,896 | ---- | M] () -- C:\Users\User\Documents\Natwest Change of Service 12.06.12 Important information about your banking relationship with us - Copy.msg
[2012/06/15 10:34:53 | 000,031,232 | ---- | M] () -- C:\Users\User\Documents\SP no meter readings 11.06.12 Re RE You have not yet given us your meter reading.msg
[2012/06/15 10:34:53 | 000,031,232 | ---- | M] () -- C:\Users\User\Documents\SP no meter readings 11.06.12 Re RE You have not yet given us your meter reading - Copy.msg
[2012/06/15 10:34:12 | 000,058,880 | ---- | M] () -- C:\Users\User\Documents\Scottish Power Meter Readings 11.06.12 You have not yet given us your meter reading.msg
[2012/06/15 10:34:12 | 000,058,880 | ---- | M] () -- C:\Users\User\Documents\Scottish Power Meter Readings 11.06.12 You have not yet given us your meter reading - Copy.msg
[2012/06/15 03:34:12 | 000,416,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 06:57:36 | 000,052,736 | ---- | M] () -- C:\Users\User\Documents\6 Steam Troubleshooting Tips.msg
[2012/06/12 06:55:34 | 000,022,016 | ---- | M] () -- C:\Users\User\Documents\Make U-Tube run faster.msg
[2012/06/12 06:53:28 | 000,040,960 | ---- | M] () -- C:\Users\User\Documents\June's mobile phone contract O2 11.06.12 recommendation from billmonitor - Copy.msg
[2012/06/12 06:28:50 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/06/11 11:31:34 | 000,000,488 | ---- | M] () -- C:\user.js
[2012/06/11 11:01:44 | 000,048,128 | ---- | M] () -- C:\Users\User\Documents\Tracer Microchip Registration Details Billie Jo 30.05.12.msg
[2012/06/11 11:01:44 | 000,048,128 | ---- | M] () -- C:\Users\User\Documents\Tracer Microchip Registration Details Billie Jo 30.05.12 - Copy.msg
[2012/06/11 10:42:15 | 000,027,136 | ---- | M] () -- C:\Users\User\Documents\Registration at BleepingComputer.com 10.06.12.msg
[2012/06/11 10:42:15 | 000,027,136 | ---- | M] () -- C:\Users\User\Documents\Registration at BleepingComputer.com 10.06.12 - Copy.msg
[2012/06/11 06:47:41 | 000,041,472 | ---- | M] () -- C:\Users\User\Documents\SP You have not yet given us your meter reading 01.06.12.msg
[2012/06/11 06:47:41 | 000,041,472 | ---- | M] () -- C:\Users\User\Documents\SP You have not yet given us your meter reading 01.06.12 - Copy.msg
[2012/06/11 06:43:41 | 000,042,496 | ---- | M] () -- C:\Users\User\Documents\SP account 07.06.12 Your monthly Direct Debit payment has been revised.msg
[2012/06/11 06:43:41 | 000,042,496 | ---- | M] () -- C:\Users\User\Documents\SP account 07.06.12 Your monthly Direct Debit payment has been revised - Copy.msg
[2012/06/11 06:37:00 | 000,020,480 | ---- | M] () -- C:\Users\User\Documents\black's.msg
[2012/06/11 06:36:28 | 000,019,968 | ---- | M] () -- C:\Users\User\Documents\spotmau.msg
[2012/06/11 06:35:55 | 000,020,480 | ---- | M] () -- C:\Users\User\Documents\Spotmau disc.msg
[2012/06/11 05:47:08 | 000,158,925 | ---- | M] () -- C:\Users\User\Documents\Film List-2 (Autosaved).rtf
[2012/06/11 05:36:28 | 000,001,010 | ---- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/11 05:36:09 | 000,000,976 | ---- | M] () -- C:\Users\User\Desktop\Dropbox.lnk
[2012/06/10 07:51:40 | 000,027,136 | ---- | M] () -- C:\Users\User\Documents\Regzooka 09.06.12 Update on Your Request {49683}.msg
[2012/06/10 07:51:40 | 000,027,136 | ---- | M] () -- C:\Users\User\Documents\Regzooka 09.06.12 Update on Your Request {49683} - Copy.msg
[2012/06/10 06:46:32 | 000,025,600 | ---- | M] () -- C:\Users\User\Documents\Zookaware 10.05.12 RE Update on Your Request {49695}.msg
[2012/06/10 06:46:32 | 000,025,600 | ---- | M] () -- C:\Users\User\Documents\Zookaware 10.05.12 RE Update on Your Request {49695} - Copy.msg
[2012/06/09 20:19:56 | 000,048,128 | ---- | M] () -- C:\Users\User\Documents\Tracer Microchip Registration Details Billy Jo Copy 30.05.12.msg
[2012/06/09 20:19:56 | 000,048,128 | ---- | M] () -- C:\Users\User\Documents\Tracer Microchip Registration Details Billy Jo Copy 30.05.12 - Copy.msg
[2012/06/09 12:03:06 | 000,030,720 | ---- | M] () -- C:\Users\User\Documents\Equip2clean New Order # 200000673 16.05.12 - Copy.msg
[2012/06/09 12:00:59 | 000,026,112 | ---- | M] () -- C:\Users\User\Documents\Information on Your Request Zookaware 09.06.12 {49683} - Copy.msg
[2012/06/09 11:59:52 | 000,025,600 | ---- | M] () -- C:\Users\User\Documents\ZookaWare Registration Details 09.06.12.msg
[2012/06/09 11:59:52 | 000,025,600 | ---- | M] () -- C:\Users\User\Documents\ZookaWare Registration Details 09.06.12 - Copy.msg
[2012/06/09 11:59:14 | 000,032,768 | ---- | M] () -- C:\Users\User\Documents\Your Order With Zookaware 09.06.12.msg
[2012/06/09 07:27:48 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012/06/09 07:14:29 | 000,000,308 | ---- | M] () -- C:\Windows\setup.iss
[2012/06/08 13:30:25 | 000,002,301 | ---- | M] () -- C:\Users\Public\Desktop\Driver Manager.lnk
[2012/06/05 19:04:51 | 000,001,135 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/06/04 14:43:22 | 000,002,243 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/04 08:04:55 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/04 05:44:18 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012/06/04 05:38:41 | 000,852,129 | R--- | M] () -- C:\Users\User\Documents\Secunia_PSI_3.0_Beta_3_Release_User_Guide_16-May-2012.pdf
[2012/06/04 05:38:41 | 000,852,129 | R--- | M] () -- C:\Users\User\Desktop\Secunia_PSI_3.0_Beta_3_Release_User_Guide_16-May-2012.pdf
[2012/06/04 05:38:41 | 000,852,129 | ---- | M] () -- C:\Users\User\Documents\Secunia_PSI_3.0_Beta_3_Release_User_Guide_16-May-2012 - Copy.pdf
[2012/06/04 03:22:46 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/04 03:22:23 | 000,734,810 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/03 22:37:37 | 000,000,994 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2012/06/17 07:29:33 | 000,431,458 | ---- | C] () -- C:\Users\User\Desktop\AVGInstLog.cab
[2012/06/17 06:25:49 | 000,172,016 | ---- | C] () -- C:\Windows\hpoins47.dat
[2012/06/17 06:25:49 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2012/06/16 22:17:07 | 000,002,515 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2012/06/16 22:17:06 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012/06/16 22:17:06 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/06/16 22:14:34 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/06/16 22:09:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/06/16 09:27:20 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/06/16 09:26:11 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/06/16 09:18:43 | 000,000,134 | ---- | C] () -- C:\Users\User\Desktop\Internet Explorer Troubleshooting.url
[2012/06/16 09:14:18 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2012/06/16 08:56:56 | 000,000,854 | ---- | C] () -- C:\Users\Public\Desktop\Easy Media Player.lnk
[2012/06/15 19:37:54 | 000,852,129 | ---- | C] () -- C:\Users\User\Documents\Secunia_PSI_3.0_Beta_3_Release_User_Guide_16-May-2012 - Copy.pdf
[2012/06/15 19:37:54 | 000,058,880 | ---- | C] () -- C:\Users\User\Documents\Scottish Power Meter Readings 11.06.12 You have not yet given us your meter reading - Copy.msg
[2012/06/15 19:37:54 | 000,057,344 | ---- | C] () -- C:\Users\User\Documents\SP meter readings 15.06.12 RE You have not yet given us your meter reading - Copy.msg
[2012/06/15 19:37:54 | 000,042,496 | ---- | C] () -- C:\Users\User\Documents\SP account 07.06.12 Your monthly Direct Debit payment has been revised - Copy.msg
[2012/06/15 19:37:54 | 000,041,472 | ---- | C] () -- C:\Users\User\Documents\SP You have not yet given us your meter reading 01.06.12 - Copy.msg
[2012/06/15 19:37:54 | 000,031,232 | ---- | C] () -- C:\Users\User\Documents\SP no meter readings 11.06.12 Re RE You have not yet given us your meter reading - Copy.msg
[2012/06/15 19:37:54 | 000,027,136 | ---- | C] () -- C:\Users\User\Documents\Regzooka 09.06.12 Update on Your Request {49683} - Copy.msg
[2012/06/15 19:37:54 | 000,027,136 | ---- | C] () -- C:\Users\User\Documents\Registration at BleepingComputer.com 10.06.12 - Copy.msg
[2012/06/15 19:37:53 | 000,080,896 | ---- | C] () -- C:\Users\User\Documents\Natwest Change of Service 12.06.12 Important information about your banking relationship with us - Copy.msg
[2012/06/15 19:37:53 | 000,040,960 | ---- | C] () -- C:\Users\User\Documents\June's mobile phone contract O2 11.06.12 recommendation from billmonitor - Copy.msg
[2012/06/15 19:37:53 | 000,034,816 | ---- | C] () -- C:\Users\User\Documents\Petlog conf emergency nos 12.06.12 RE re Bilie Jo 981000004479523 foal - Copy.msg
[2012/06/15 19:37:53 | 000,030,720 | ---- | C] () -- C:\Users\User\Documents\Equip2clean New Order # 200000673 16.05.12 - Copy.msg
[2012/06/15 19:37:53 | 000,026,112 | ---- | C] () -- C:\Users\User\Documents\Information on Your Request Zookaware 09.06.12 {49683} - Copy.msg
[2012/06/15 19:37:40 | 000,048,128 | ---- | C] () -- C:\Users\User\Documents\Tracer Microchip Registration Details Billy Jo Copy 30.05.12 - Copy.msg
[2012/06/15 19:37:40 | 000,048,128 | ---- | C] () -- C:\Users\User\Documents\Tracer Microchip Registration Details Billie Jo 30.05.12 - Copy.msg
[2012/06/15 19:37:40 | 000,025,600 | ---- | C] () -- C:\Users\User\Documents\ZookaWare Registration Details 09.06.12 - Copy.msg
[2012/06/15 19:37:40 | 000,025,600 | ---- | C] () -- C:\Users\User\Documents\Zookaware 10.05.12 RE Update on Your Request {49695} - Copy.msg
[2012/06/15 19:37:40 | 000,024,576 | ---- | C] () -- C:\Users\User\Documents\Tech Support Guy Newsletter Confirm 14.06.12 - Copy.msg
[2012/06/15 11:16:49 | 000,057,344 | ---- | C] () -- C:\Users\User\Documents\SP meter readings 15.06.12 RE You have not yet given us your meter reading.msg
[2012/06/15 10:47:50 | 000,028,672 | ---- | C] () -- C:\Users\User\Documents\Your O2 bill is ready May 12 £42.msg
[2012/06/15 10:41:44 | 000,024,576 | ---- | C] () -- C:\Users\User\Documents\Tech Support Guy Newsletter Confirm 14.06.12.msg
[2012/06/15 10:34:53 | 000,031,232 | ---- | C] () -- C:\Users\User\Documents\SP no meter readings 11.06.12 Re RE You have not yet given us your meter reading.msg
[2012/06/15 10:34:11 | 000,058,880 | ---- | C] () -- C:\Users\User\Documents\Scottish Power Meter Readings 11.06.12 You have not yet given us your meter reading.msg
[2012/06/12 06:57:36 | 000,052,736 | ---- | C] () -- C:\Users\User\Documents\6 Steam Troubleshooting Tips.msg
[2012/06/12 06:55:33 | 000,022,016 | ---- | C] () -- C:\Users\User\Documents\Make U-Tube run faster.msg
[2012/06/11 11:01:44 | 000,048,128 | ---- | C] () -- C:\Users\User\Documents\Tracer Microchip Registration Details Billie Jo 30.05.12.msg
[2012/06/11 10:42:12 | 000,027,136 | ---- | C] () -- C:\Users\User\Documents\Registration at BleepingComputer.com 10.06.12.msg
[2012/06/11 06:47:41 | 000,041,472 | ---- | C] () -- C:\Users\User\Documents\SP You have not yet given us your meter reading 01.06.12.msg
[2012/06/11 06:43:41 | 000,042,496 | ---- | C] () -- C:\Users\User\Documents\SP account 07.06.12 Your monthly Direct Debit payment has been revised.msg
[2012/06/11 06:37:00 | 000,020,480 | ---- | C] () -- C:\Users\User\Documents\black's.msg
[2012/06/11 06:36:28 | 000,019,968 | ---- | C] () -- C:\Users\User\Documents\spotmau.msg
[2012/06/11 06:35:55 | 000,020,480 | ---- | C] () -- C:\Users\User\Documents\Spotmau disc.msg
[2012/06/11 05:47:07 | 000,158,925 | ---- | C] () -- C:\Users\User\Documents\Film List-2 (Autosaved).rtf
[2012/06/10 07:51:40 | 000,027,136 | ---- | C] () -- C:\Users\User\Documents\Regzooka 09.06.12 Update on Your Request {49683}.msg
[2012/06/10 06:46:30 | 000,025,600 | ---- | C] () -- C:\Users\User\Documents\Zookaware 10.05.12 RE Update on Your Request {49695}.msg
[2012/06/09 20:19:55 | 000,048,128 | ---- | C] () -- C:\Users\User\Documents\Tracer Microchip Registration Details Billy Jo Copy 30.05.12.msg
[2012/06/09 11:59:51 | 000,025,600 | ---- | C] () -- C:\Users\User\Documents\ZookaWare Registration Details 09.06.12.msg
[2012/06/09 11:59:11 | 000,032,768 | ---- | C] () -- C:\Users\User\Documents\Your Order With Zookaware 09.06.12.msg
[2012/06/09 07:27:48 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\Epson Easy Photo Print.lnk
[2012/06/09 07:08:31 | 000,000,308 | ---- | C] () -- C:\Windows\setup.iss
[2012/06/08 13:30:25 | 000,002,301 | ---- | C] () -- C:\Users\Public\Desktop\Driver Manager.lnk
[2012/06/04 08:04:55 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/04 05:51:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/04 05:46:43 | 000,852,129 | R--- | C] () -- C:\Users\User\Documents\Secunia_PSI_3.0_Beta_3_Release_User_Guide_16-May-2012.pdf
[2012/06/04 05:38:45 | 000,852,129 | R--- | C] () -- C:\Users\User\Desktop\Secunia_PSI_3.0_Beta_3_Release_User_Guide_16-May-2012.pdf
[2012/06/03 22:15:05 | 000,001,135 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/12/24 08:54:52 | 000,734,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/06/04 06:33:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVG2012
[2012/06/17 09:08:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2012/06/16 22:34:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Software
[2011/12/26 06:58:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Systweak
[2009/07/14 06:08:49 | 000,010,286 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >


----------



## kevinf80 (Mar 21, 2006)

You only get the Extras.txt on the first run of OTL, subsequent runs do not produce taht log. If you did not save the first one then its gone...

OK, do this..

Re-Run







by double left click, Vista and Widows 7 users right click and select Run as Administrator.

Under the







box at the bottom, paste in the following


```
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={2968316B-65C0-4E51-AEC0-2F4F10046D63}&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&lang=en&ds=AVG&pr=fr&d=2012-06-04 06:18:47&v=11.1.0.7&sap=hp
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110014&tt=060612_7_&babsrc=SP_ss&mntrId=c413fd340000 000000000016e61c4648
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={2968316B-65C0-4E51-AEC0-2F4F10046D63}&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&lang=en&ds=AVG&pr=fr&d=2012-06-16 22:23:53&v=11.1.0.7&sap=dsp&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://isearch.avg.com?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d= 2012-06-04%2006%3A18%3A47&sap=hp"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d= 2012-06-04%2006%3A18%3A47&sap=ku&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/04 06:16:10 | 000,000,000 | ---D | M]
[2012/06/04 06:16:10 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/16 22:23:48 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/07 05:46:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={2968316B-65C0-4E51-AEC0-2F4F10046D63}&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&lang=en&ds=AVG&pr=fr&d=2012-06-04 06:18:47&v=11.1.0.7&sap=dsp&q={searchTerms}
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - Extension: AVG Safe Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [RegZooka Scheduler] C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Files
ipconfig /flushdns /c
C:\ProgramData\Spybot - Search & Destroy
C:\Program Files (x86)\Spybot - Search & Destroy 2
C:\ProgramData\Babylon
C:\ProgramData\Tarma Installer
C:\Program Files (x86)\RegZooka
C:\$AVG
C:\Program Files (x86)\AVG
C:\Users\User\Desktop\AVGInstLog.cab
C:\Users\User\AppData\Roaming\AVG2012

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Let me see that log, tell be if babylon isue is resolved.

Kevin


----------



## bobbycow36 (Sep 27, 2010)

Hi Kevin,
sorry about that, I didn't realize the log would be a one off.
I have run the other one you suggested. It did force a reboot on me, and then when it rebooted an OTL window came up followed by a notepad report - here it is:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://isearch.avg.com?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d= 2012-06-04%2006%3A18%3A47&sap=hp" removed from browser.startup.homepage
Prefs.js: "http://isearch.avg.com/search?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d= 2012-06-04%2006%3A18%3A47&sap=ku&q=" removed from keyword.URL
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ not found.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\defaults\preferences folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\defaults folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\components folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\Chrome folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
Unable to fix default_search_provider items.
File C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll not found.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\content\Icons folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\content folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0 folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\zh_TW folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\zh_CN folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\tr folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\sr folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\sk folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\ru folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\pt_PT folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\pt_BR folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\pl folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\nl folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\ko folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\ja folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\it folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\id folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\hu folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\fr folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\es_419 folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\es folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\en folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\de folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\da folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\cs folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content\lib folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content\js folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content\icons folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content\css folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0 folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegZooka Scheduler deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Downloads\cmd.bat deleted successfully.
C:\Users\User\Downloads\cmd.txt deleted successfully.
C:\ProgramData\Spybot - Search & Destroy\Quarantine folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Downloads folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Help folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
C:\Program Files (x86)\RegZooka\Backups folder moved successfully.
C:\Program Files (x86)\RegZooka folder moved successfully.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG\$CHJW folder moved successfully.
C:\$AVG folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\html\reportcard folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\html folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\Firefox folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012 folder moved successfully.
C:\Program Files (x86)\AVG folder moved successfully.
C:\Users\User\Desktop\AVGInstLog.cab moved successfully.
C:\Users\User\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\User\AppData\Roaming\AVG2012 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 1468712119 bytes
->Temporary Internet Files folder emptied: 114173250 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 102140306 bytes
->Google Chrome cache emptied: 40802710 bytes
->Apple Safari cache emptied: 964608 bytes
->Flash cache emptied: 59005 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45639983 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 208754212 bytes

Total Files Cleaned = 1,890.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06182012_062858

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Sounds a bit drastic.

I was uncertain if this was the log file you wanted so I went through the procedure you outlined and got a different log file as follows:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "http://isearch.avg.com?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d= 2012-06-04%2006%3A18%3A47&sap=hp" removed from browser.startup.homepage
Prefs.js: "http://isearch.avg.com/search?cid=%7Bd1f311b7-6e25-426f-a27f-7f0a3e0c03e4%7D&mid=de9b0644e01f47d0aecad15fa0f8afbb-e2a08c2ea90a7c4a3700e6f21fce444afc03a6a6&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d= 2012-06-04%2006%3A18%3A47&sap=ku&q=" removed from keyword.URL
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ not found.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\defaults\preferences folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\defaults folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\components folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\Chrome folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml moved successfully.
Unable to fix default_search_provider items.
File C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll not found.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\content\Icons folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\content folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0 folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\zh_TW folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\zh_CN folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\tr folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\sr folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\sk folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\ru folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\pt_PT folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\pt_BR folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\pl folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\nl folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\ko folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\ja folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\it folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\id folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\hu folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\fr folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\es_419 folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\es folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\en folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\de folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\da folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales\cs folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\_locales folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content\lib folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content\js folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content\icons folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content\css folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\content folder moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0 folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegZooka Scheduler deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Downloads\cmd.bat deleted successfully.
C:\Users\User\Downloads\cmd.txt deleted successfully.
C:\ProgramData\Spybot - Search & Destroy\Quarantine folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Downloads folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Includes folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2\Help folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
C:\Program Files (x86)\RegZooka\Backups folder moved successfully.
C:\Program Files (x86)\RegZooka folder moved successfully.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG\$CHJW folder moved successfully.
C:\$AVG folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\html\reportcard folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\html folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\Firefox folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012 folder moved successfully.
C:\Program Files (x86)\AVG folder moved successfully.
C:\Users\User\Desktop\AVGInstLog.cab moved successfully.
C:\Users\User\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\User\AppData\Roaming\AVG2012 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

Still sounds drastic but in a more unintelligible sort of way!
The computer still seems to be working but unfortunately Babylon is still wedged in the Programs file with Babylon Object Installer. I don't know of it anywhere else but a search for it didn't even pick it up there.
Google Chrome is still badly infected with it.
I don't understand how these guys can still be advertising as if they were legitimate!
Your turn Kevin!
Cheers
B


----------



## kevinf80 (Mar 21, 2006)

Hiya bobbycow36,

OK do the following:

Navigate C:\Program Files\ Delete any folder related to Babylon
Navigate C:\Program Filse (X86) Delete any folder related to Babylon

Next,

Go here http://support.google.com/chrome/bin/answer.py?hl=en&answer=95319 and follow the instruction to fully UNinstall Google Chrome. Reboot your system.

Next,

Download







TFC to your desktop, from either of the following links

*Link 1*
*Link 2*

If your security alerts to TFC, please accept the alert TFC and its links are very safe.


 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Next,

Re-run OTL. Make sure all other windows are closed and to let it run uninterrupted.
When the main interface opens change the Standard Registry box to *All*
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
Please copy (Edit > Select All, Edit > Copy) the contents of this file and post it with your next reply.

Let me see the new OTL.txt also tell me if issue is resolved? You can reinstall Google Chrome at your convenience..

Kevin...


----------



## bobbycow36 (Sep 27, 2010)

Hi Kevin,
many thanks for your continued interest and support
Much to my surprise there was no evidense of Babylon under C:\programs or (86) either - I triple checked each one!
I checked back at Programs under control panel and it's still there
Doesn't show up on another search
I uninstalled Chrome lik you said but I didn't proceed with the rest of the schedule you outlined as I didn't know if you wanted me to be rid of the Babylon file first. Didn't want to run it all and get the wrong data like last time if that's not what's wanted.
Personally don't understand how it can show up in one program file and not another unless it's jusy the shell that remains.
Do you think something awful will happen if I try the delete from Control Panel/Programs and say "Yes" to allowing Babylon to control my computer??? It just might allow the file to delete. Or then again it might turn my hard drive to jello.
Will take your advice
Thanks again
Bobbycow


----------



## kevinf80 (Mar 21, 2006)

OK, ignore the last instruction to run OTL. I want to fully remove OTL, d/l again and run a fresh scan, we should get both logs...

*Step 1*


 Re-open







to run it. (Vista and Win 7 users, right click on OTL and "Run as administrator")
 Click on the







button.
 Click Yes to begin the cleanup process and remove tools, including this application
 You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

*Step 2*

Download *OTL* from any of the following links and save to your desktop.

*Link 1*
*Link 2*
* Link3*

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).


 Please check the box next to "LOP check" and "Purtiy check"
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Kevin..


----------



## bobbycow36 (Sep 27, 2010)

We have a problem, Kevin
I can't open OTL. Clicking the icon will only let me save, send, copy or view the image - nothing about running anything. I have tried umpteen times with the same result - sorry. I have clicked on the backgrond and tried the menu keys for good measure but nothing doing.
I await further instructions
B


----------



## kevinf80 (Mar 21, 2006)

OK, run the following first, then D/L and run OTL as instructed:


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.


----------



## bobbycow36 (Sep 27, 2010)

Hi again,
I tried to download the OTC by Old Timer but all I could get was a 404. Tried looking arund it but no joy
Managed to get the rest of the stuff though so went ahead without it.
Clean seemed to go ahead ok and then a reboot
I can now find no evidence of Babylon!
Thank you so much for your efforts it has not been an easy job
Very grateful
B


----------



## kevinf80 (Mar 21, 2006)

Is your issue now resolved? if so delete all references to Oldtimer tools from you Desktop. Next,

Navigate to C:\_OTL right click on that folder, select delete. Select continue at any alert...

Kevin


----------



## bobbycow36 (Sep 27, 2010)

Hi
well there's no sign of any residual virus that I can see, and the PC seems ok so I'm hoping that's it!
I deleted the Oldtimer tools like you said, but I couldn't find any trace of any OLT on the C root, and I went through it thoroughly.
Went through a re-boot and it seemed ok
Very many thanks for all your help and and patience.
Bobby


----------



## kevinf80 (Mar 21, 2006)

That is good news, here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by *Secunia*, available *Here* Before clicking the *Start* scan button, please check the box for the option *Enable thorough system inspection*. Just below the "Scan Options:" section, you'll see the status of what's currently processing....








...when the scan completes, the message "Detection completed successfully" will appear in the *Programs/Result* section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin


----------



## bobbycow36 (Sep 27, 2010)

Thanks for all that - some I do already like FF and Secunia and the others I will definitely follow up on
Prevention better than cure, right?
Thanks again and I'll tip the Solved buton on my way out
B


----------

