Sign In
Create Account
0
Hello there,
I downloaded iLivid this morning and as a result searchnu.com/406 has taken over both my Googlechrome and IE browsers.
I've followed Maniac's instructions as per http://forums.malwar...howtopic=108859 / http://forums.malwar...howtopic=107847 , and my OTL and Extras results are listed below. Any help you can offer me with all this will be hugely appreciated!!!
OTL Extras logfile created on: 25/04/2012 15:16:42 - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.38 Mb Total Physical Memory | 373.66 Mb Available Physical Memory | 36.87% Memory free
2.24 Gb Paging File | 1.47 Gb Available in Paging File | 65.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.67 Gb Total Space | 26.24 Gb Free Space | 24.60% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.67% Space Free | Partition Type: NTFS
Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D8FD43-CADF-489B-8570-756DB27ECABF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{11B3F39C-FDFF-4C4E-BA35-9CCBAA4297E8}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{1FC3605E-72B5-4AE6-B8EF-D6A65232D435}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{25C94CCE-1558-41BD-9E69-F78953C9F211}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{2B35D4AA-7E70-41C4-9C8F-8BA4A7C4083F}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{2E91565B-3B38-4EBB-87FB-A401B3AAC484}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{42542722-61C3-4ED5-86DA-FD136397CD55}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4E80272A-8FF1-4AEA-BEC5-0ECE91112D2F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{521BB5DE-50E6-401F-AEA2-62B0E4FBC37A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6A07A1B0-48C5-4A83-B0F4-15C04B3E7B95}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6FFD9945-CA7D-4815-B309-D5447348787B}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{75F6A9C7-BFE2-4683-B8F1-50990C8969B7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8CEFB351-7211-4391-B406-A8DC89912223}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{929FAE9D-99CE-4581-BABA-559677DBE965}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{9A8DDC70-6A85-4E48-B07C-E9D47762FBC8}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{D752C0E5-17C7-4298-A443-C74DC455E3F3}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"{D75B8B54-B6B0-4E95-8C81-90138DD1DDE4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E7ABDBC0-F311-4B05-81C0-ADB916FD2532}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F048AAEE-1B1B-467A-AFD3-9E56D64F3E2A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{14434780-4FA7-4B53-A69A-737D03EAFCC2}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{369084EB-0136-49D4-9B4B-17ADF674684D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{7F32FB18-6BEA-41E9-9E20-C61D1787942F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{A3E7D172-1196-4B94-A60E-D18C4A982CA5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{F2583139-0E81-4BEC-927C-723750F8FB29}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=6 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe |
"UDP Query User{443CDBDE-A79D-4C43-9E1F-BEC5D03C5BF4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{527BE72F-0FC8-4CFB-8D1C-B225C8BA2842}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{75B3252E-A9A4-4641-8A82-63DB870558FD}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=17 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe |
"UDP Query User{9126FE6F-3490-4887-8754-7C6DC35A4C18}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{F420D13B-03FC-4352-8B19-C37EA25EB0FA}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{15DD1D3C-8386-47D4-91A4-2D25FAFE1255}" = HP User Guide 0039
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.0
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Web Camera Driver V1.0.25.102
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 1.2.6
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Bink and Smacker" = Bink and Smacker
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30A5" = HDAUDIO Soft Data Fax Modem with SmartCP
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"iLivid" = iLivid
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Pixillion" = Pixillion Image Converter
"Revo Uninstaller" = Revo Uninstaller 1.93
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.30
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 02/03/2009 05:23:23 | Computer Name = Sam-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 25/04/2012 07:48:41 | Computer Name = Sam-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18639, time stamp
0x4db02c95, faulting module IEBHO.dll, version 1.0.0.1, time stamp 0x4f5de727,
exception code 0xc0000417, fault offset 0x00091b32, process id 0x524, application
start time 0x01cd22d6366181b0.
Error - 25/04/2012 08:48:25 | Computer Name = Sam-PC | Source = VSS | ID = 8194
Description =
Error - 25/04/2012 09:40:44 | Computer Name = Sam-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 748 Start Time: 01cd22e841bbc450 Termination Time: 31
Error - 25/04/2012 09:43:49 | Computer Name = Sam-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 84c Start Time: 01cd22e90bb6dbf0 Termination Time: 31
Error - 25/04/2012 09:53:59 | Computer Name = Sam-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_SysMain, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module sysmain.dll, version 6.0.6001.18000, time
stamp 0x4791a770, exception code 0xc0000006, fault offset 0x0000cb1e, process id
0x424, application start time 0x01cd22eab7a68f40.
Error - 25/04/2012 09:54:00 | Computer Name = Sam-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3
Error - 25/04/2012 09:55:56 | Computer Name = Sam-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_SysMain, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module sysmain.dll, version 6.0.6001.18000, time
stamp 0x4791a770, exception code 0xc0000006, fault offset 0x0000cb1e, process id
0x184, application start time 0x01cd22eb0e2979fa.
Error - 25/04/2012 09:55:56 | Computer Name = Sam-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3
Error - 25/04/2012 09:57:46 | Computer Name = Sam-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_SysMain, version 6.0.6001.18000,
time stamp 0x47918b89, faulting module sysmain.dll, version 6.0.6001.18000, time
stamp 0x4791a770, exception code 0xc0000006, fault offset 0x0000cb1e, process id
0x568, application start time 0x01cd22eb2ca21aea.
Error - 25/04/2012 09:57:46 | Computer Name = Sam-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf
for one of the following reasons: there is a problem with the network connection,
the disk that the file is stored on, or the storage drivers installed on this computer;
or the disk is missing. Windows closed the program Host Process for Windows Services
because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf
The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3
[ Media Center Events ]
Error - 23/09/2007 09:14:25 | Computer Name = Sam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 24/09/2007 11:32:48 | Computer Name = Sam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Error - 17/04/2008 07:15:49 | Computer Name = Sam-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
[ System Events ]
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031
Description =
< End of report >
And
OTL logfile created on: 25/04/2012 15:16:42 - Run 1
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.38 Mb Total Physical Memory | 373.66 Mb Available Physical Memory | 36.87% Memory free
2.24 Gb Paging File | 1.47 Gb Available in Paging File | 65.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.67 Gb Total Space | 26.24 Gb Free Space | 24.60% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.67% Space Free | Partition Type: NTFS
Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2012/04/01 10:05:28 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 08:33:35 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2008/01/19 08:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2006/11/25 00:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2006/11/06 10:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/06 10:00:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/04/14 13:44:21 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/19 19:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/06/26 18:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 12:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\inspect.sys -- (Inspect)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/02 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/05/12 15:40:48 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/28 18:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yah...ing}&fr=cb-hp06
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7HPEB_en-GB
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yah...ing}&fr=cb-hp06
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheri...q={searchTerms}
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
========== Chrome ==========
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_1\
CHR - Extension: No name found = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonu...geUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D657F350-2B42-4BFE-BC8E-8267DF985246}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4B5AC7-899D-4A7A-B04F-CBD9D799B1AD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/04/25 14:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/04/25 14:34:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2012/04/25 13:45:51 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/04/25 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/04/25 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\DriverCure
[2012/04/25 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\ParetoLogic
[2012/04/25 13:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/04/25 11:30:38 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Ilivid Player
[2012/04/25 11:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/04/06 10:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/06 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/06 10:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
========== Files - Modified Within 30 Days ==========
[2012/04/25 15:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job
[2012/04/25 15:10:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4022988669-3045192606-1649212457-1000UA.job
[2012/04/25 15:00:00 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/25 15:00:00 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/25 14:58:21 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/04/25 14:53:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 14:53:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/25 14:52:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/25 14:52:28 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/25 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2012/04/25 13:45:51 | 000,001,057 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk
[2012/04/25 11:30:00 | 000,001,310 | ---- | M] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk
[2012/04/25 11:28:44 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/04/24 18:02:21 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job
[2012/04/23 10:10:04 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4022988669-3045192606-1649212457-1000Core.job
[2012/04/19 22:32:31 | 000,016,958 | ---- | M] () -- C:\Users\Sam\Desktop\Lion King Sides.odt
[2012/04/15 19:12:29 | 000,020,570 | ---- | M] () -- C:\Users\Sam\Documents\Paul work pitch.odt
[2012/04/15 17:37:36 | 000,021,165 | ---- | M] () -- C:\Users\Sam\Documents\Paul's thing.odt
[2012/04/15 12:16:29 | 000,001,994 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/15 12:16:28 | 000,002,032 | ---- | M] () -- C:\Users\Sam\Desktop\Google Chrome.lnk
[2012/04/12 20:21:16 | 000,033,661 | ---- | M] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf
[2012/04/12 20:10:24 | 000,089,722 | ---- | M] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg
[2012/04/12 19:58:49 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip
[2012/04/12 19:52:39 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\poopoo124.zip
[2012/04/06 10:28:47 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
========== Files Created - No Company Name ==========
[2012/04/25 13:45:51 | 000,001,057 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk
[2012/04/25 11:30:00 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk
[2012/04/25 11:20:23 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk
[2012/04/19 21:52:33 | 000,016,958 | ---- | C] () -- C:\Users\Sam\Desktop\Lion King Sides.odt
[2012/04/15 19:12:28 | 000,020,570 | ---- | C] () -- C:\Users\Sam\Documents\Paul work pitch.odt
[2012/04/15 17:37:10 | 000,021,165 | ---- | C] () -- C:\Users\Sam\Documents\Paul's thing.odt
[2012/04/14 13:01:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/12 19:58:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip
[2012/04/12 19:58:04 | 000,089,722 | ---- | C] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg
[2012/04/12 19:52:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\poopoo124.zip
[2012/04/06 10:28:47 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/01 12:27:08 | 000,123,579 | ---- | C] () -- C:\Users\Sam\Desktop\IMG_3327detail 2.jpg
[2012/04/01 12:00:33 | 000,033,661 | ---- | C] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf
[2011/06/17 12:03:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/17 12:03:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/28 15:58:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== LOP Check ==========
[2008/01/23 18:10:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Alfac
[2012/04/25 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DriverCure
[2009/03/07 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2008/06/16 19:10:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Image Zone Express
[2009/03/05 22:15:41 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LimeWire
[2009/01/14 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NCH Swift Sound
[2009/05/10 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OpenOffice.org
[2012/04/25 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ParetoLogic
[2007/08/09 03:14:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking
[2007/11/28 13:44:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Printer Info Cache
[2011/06/14 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Samsung
[2007/07/07 15:36:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Template
[2010/06/01 13:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Trusteer
[2012/04/25 14:49:16 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/25 15:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job
[2012/04/24 18:02:21 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job
========== Purity Check ==========
< End of report >
-
This topic is locked
Back to top
#2
Posted 25 April 2012 - 02:26 PM
-
- Experts
-
- 17,090 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
Hello sammyjammy77 and 
! My name is Maniac and I will be glad to help you solve your malware problem.
Please note:
My suggestion is to uninstall this application.
Run OTL
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
! My name is Maniac and I will be glad to help you solve your malware problem.Please note:
- If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
- I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
- Make sure you read all of the instructions and fixes thoroughly before continuing with them.
- Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
- Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Quote
I downloaded iLivid this morning and as a result searchnu.com/406 has taken over both my Googlechrome and IE browsers.
My suggestion is to uninstall this application.
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=363&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com/?orig=ds&q={searchTerms} IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=363&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com/?orig=ds&q={searchTerms} CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4 - HKLM..\Run: [] File not found [2012/04/25 14:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess :Commands [emptytemp] [clearallrestorepoints] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here 
#3
Posted 25 April 2012 - 07:25 PM
-
- Members
-
- 7 posts
New Member
Thanks maniac,
I've tried to follow your instructions a few times but the only thing that happens is OTL freezes and my desktop is completely wiped clean. Maybe this is supposed to happen?
I've tried to follow your instructions a few times but the only thing that happens is OTL freezes and my desktop is completely wiped clean. Maybe this is supposed to happen?
#4
Posted 25 April 2012 - 07:54 PM
-
- Members
-
- 7 posts
New Member
Ok, so ignore my last message!!
I've run OTL as per your instructions and received the following;
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Folder C:\ProgramData\boost_interprocess\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Sam
->Temp folder emptied: 1480217761 bytes
->Temporary Internet Files folder emptied: 41919005 bytes
->Java cache emptied: 95787141 bytes
->Apple Safari cache emptied: 1917952 bytes
->Flash cache emptied: 8323 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156339449 bytes
RecycleBin emptied: 1214690706 bytes
Total Files Cleaned = 2,852.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.42.0 log created on 04262012_012725
Files\Folders moved on Reboot...
C:\Users\Sam\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
I've run OTL as per your instructions and received the following;
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Folder C:\ProgramData\boost_interprocess\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Sam
->Temp folder emptied: 1480217761 bytes
->Temporary Internet Files folder emptied: 41919005 bytes
->Java cache emptied: 95787141 bytes
->Apple Safari cache emptied: 1917952 bytes
->Flash cache emptied: 8323 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156339449 bytes
RecycleBin emptied: 1214690706 bytes
Total Files Cleaned = 2,852.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.42.0 log created on 04262012_012725
Files\Folders moved on Reboot...
C:\Users\Sam\AppData\Local\Temp\ehmsas.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
#5
Posted 26 April 2012 - 07:49 AM
-
- Experts
-
- 17,090 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
Please post a new fresh OTL log file and let me know how are things now.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
#6
Posted 26 April 2012 - 02:20 PM
-
- Members
-
- 7 posts
New Member
Sorry to sound stupid but do you want me to run a normal scan, as I did before?
#7
Posted 26 April 2012 - 04:13 PM
-
- Experts
-
- 17,090 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
Yep and to tell me how is your system now.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
#8
Posted 28 April 2012 - 11:47 AM
-
- Members
-
- 7 posts
New Member
Hey Maniac,
So I've run another quick scan and this is the reult;
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.38 Mb Total Physical Memory | 397.13 Mb Available Physical Memory | 39.19% Memory free
2.24 Gb Paging File | 1.36 Gb Available in Paging File | 60.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.67 Gb Total Space | 29.65 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.67% Space Free | Partition Type: NTFS
Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 08:33:35 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/11/10 19:50:24 | 000,382,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/21 03:43:57 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
MOD - [2011/06/21 03:37:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/21 03:36:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/06/21 03:34:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/21 03:34:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/21 03:33:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/21 03:29:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/21 03:29:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2006/12/08 15:16:14 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2006/11/25 00:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2006/11/06 10:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/06 10:00:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/04/14 13:44:21 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/19 19:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/06/26 18:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 12:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\inspect.sys -- (Inspect)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/02 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/05/12 15:40:48 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/28 18:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yah...ing}&fr=cb-hp06
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7HPEB_en-GB
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yah...ing}&fr=cb-hp06
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonu...geUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D657F350-2B42-4BFE-BC8E-8267DF985246}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4B5AC7-899D-4A7A-B04F-CBD9D799B1AD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/04/25 23:35:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/25 14:34:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2012/04/25 13:45:51 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/04/25 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/04/25 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\DriverCure
[2012/04/25 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\ParetoLogic
[2012/04/25 13:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/04/25 11:30:38 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Ilivid Player
[2012/04/06 10:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/06 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/06 10:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
========== Files - Modified Within 30 Days ==========
[2012/04/28 16:55:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job
[2012/04/28 16:44:35 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/28 16:35:16 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job
[2012/04/28 16:32:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 14:46:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 14:46:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 08:50:53 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/04/26 08:46:02 | 1061,298,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 08:45:57 | 138,180,517 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/25 23:51:45 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/25 23:51:45 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2012/04/25 13:45:51 | 000,001,057 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk
[2012/04/19 22:32:31 | 000,016,958 | ---- | M] () -- C:\Users\Sam\Desktop\Lion King Sides.odt
[2012/04/15 19:12:29 | 000,020,570 | ---- | M] () -- C:\Users\Sam\Documents\Paul work pitch.odt
[2012/04/15 17:37:36 | 000,021,165 | ---- | M] () -- C:\Users\Sam\Documents\Paul's thing.odt
[2012/04/12 20:21:16 | 000,033,661 | ---- | M] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf
[2012/04/12 20:10:24 | 000,089,722 | ---- | M] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg
[2012/04/12 19:58:49 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip
[2012/04/12 19:52:39 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\poopoo124.zip
[2012/04/06 10:28:47 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
========== Files Created - No Company Name ==========
[2012/04/25 13:45:51 | 000,001,057 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk
[2012/04/19 21:52:33 | 000,016,958 | ---- | C] () -- C:\Users\Sam\Desktop\Lion King Sides.odt
[2012/04/15 19:12:28 | 000,020,570 | ---- | C] () -- C:\Users\Sam\Documents\Paul work pitch.odt
[2012/04/15 17:37:10 | 000,021,165 | ---- | C] () -- C:\Users\Sam\Documents\Paul's thing.odt
[2012/04/14 13:01:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/12 19:58:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip
[2012/04/12 19:58:04 | 000,089,722 | ---- | C] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg
[2012/04/12 19:52:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\poopoo124.zip
[2012/04/06 10:28:47 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/01 12:27:08 | 000,123,579 | ---- | C] () -- C:\Users\Sam\Desktop\IMG_3327detail 2.jpg
[2012/04/01 12:00:33 | 000,033,661 | ---- | C] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf
[2011/06/17 12:03:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/17 12:03:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/28 15:58:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== LOP Check ==========
[2008/01/23 18:10:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Alfac
[2012/04/25 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DriverCure
[2009/03/07 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2008/06/16 19:10:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Image Zone Express
[2009/03/05 22:15:41 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LimeWire
[2009/01/14 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NCH Swift Sound
[2009/05/10 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OpenOffice.org
[2012/04/25 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ParetoLogic
[2007/08/09 03:14:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking
[2007/11/28 13:44:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Printer Info Cache
[2011/06/14 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Samsung
[2007/07/07 15:36:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Template
[2010/06/01 13:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Trusteer
[2012/04/26 01:42:09 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/28 16:55:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job
[2012/04/28 16:35:16 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job
========== Purity Check ==========
< End of report >
So I've run another quick scan and this is the reult;
OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Sam\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1013.38 Mb Total Physical Memory | 397.13 Mb Available Physical Memory | 39.19% Memory free
2.24 Gb Paging File | 1.36 Gb Available in Paging File | 60.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.67 Gb Total Space | 29.65 Gb Free Space | 27.80% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.67% Space Free | Partition Type: NTFS
Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 08:33:35 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe
PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/11/10 19:50:24 | 000,382,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC.exe
========== Modules (No Company Name) ==========
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/21 03:43:57 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
MOD - [2011/06/21 03:37:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/21 03:36:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/06/21 03:34:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/21 03:34:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/21 03:33:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/21 03:29:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/21 03:29:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2006/12/08 15:16:14 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2006/11/25 00:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll
MOD - [2006/11/06 10:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/06 10:00:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/04/14 13:44:21 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008/11/19 19:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/06/26 18:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2004/10/22 12:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\inspect.sys -- (Inspect)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/02 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/05/12 15:40:48 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/28 18:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKLM\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yah...ing}&fr=cb-hp06
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7HPEB_en-GB
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yah...ing}&fr=cb-hp06
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
[2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.)
O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader2.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonu...geUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D657F350-2B42-4BFE-BC8E-8267DF985246}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4B5AC7-899D-4A7A-B04F-CBD9D799B1AD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/04/25 23:35:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/25 14:34:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2012/04/25 13:45:51 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/04/25 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/04/25 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\DriverCure
[2012/04/25 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\ParetoLogic
[2012/04/25 13:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012/04/25 11:30:38 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Ilivid Player
[2012/04/06 10:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/06 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/06 10:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
========== Files - Modified Within 30 Days ==========
[2012/04/28 16:55:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job
[2012/04/28 16:44:35 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/28 16:35:16 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job
[2012/04/28 16:32:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 14:46:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 14:46:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 08:50:53 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/04/26 08:46:02 | 1061,298,176 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 08:45:57 | 138,180,517 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/25 23:51:45 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/25 23:51:45 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe
[2012/04/25 13:45:51 | 000,001,057 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk
[2012/04/19 22:32:31 | 000,016,958 | ---- | M] () -- C:\Users\Sam\Desktop\Lion King Sides.odt
[2012/04/15 19:12:29 | 000,020,570 | ---- | M] () -- C:\Users\Sam\Documents\Paul work pitch.odt
[2012/04/15 17:37:36 | 000,021,165 | ---- | M] () -- C:\Users\Sam\Documents\Paul's thing.odt
[2012/04/12 20:21:16 | 000,033,661 | ---- | M] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf
[2012/04/12 20:10:24 | 000,089,722 | ---- | M] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg
[2012/04/12 19:58:49 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip
[2012/04/12 19:52:39 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\poopoo124.zip
[2012/04/06 10:28:47 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
========== Files Created - No Company Name ==========
[2012/04/25 13:45:51 | 000,001,057 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk
[2012/04/19 21:52:33 | 000,016,958 | ---- | C] () -- C:\Users\Sam\Desktop\Lion King Sides.odt
[2012/04/15 19:12:28 | 000,020,570 | ---- | C] () -- C:\Users\Sam\Documents\Paul work pitch.odt
[2012/04/15 17:37:10 | 000,021,165 | ---- | C] () -- C:\Users\Sam\Documents\Paul's thing.odt
[2012/04/14 13:01:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/12 19:58:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip
[2012/04/12 19:58:04 | 000,089,722 | ---- | C] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg
[2012/04/12 19:52:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\poopoo124.zip
[2012/04/06 10:28:47 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/01 12:27:08 | 000,123,579 | ---- | C] () -- C:\Users\Sam\Desktop\IMG_3327detail 2.jpg
[2012/04/01 12:00:33 | 000,033,661 | ---- | C] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf
[2011/06/17 12:03:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/06/17 12:03:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/08/28 15:58:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== LOP Check ==========
[2008/01/23 18:10:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Alfac
[2012/04/25 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DriverCure
[2009/03/07 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0
[2008/06/16 19:10:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Image Zone Express
[2009/03/05 22:15:41 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LimeWire
[2009/01/14 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NCH Swift Sound
[2009/05/10 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OpenOffice.org
[2012/04/25 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ParetoLogic
[2007/08/09 03:14:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking
[2007/11/28 13:44:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Printer Info Cache
[2011/06/14 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Samsung
[2007/07/07 15:36:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Template
[2010/06/01 13:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Trusteer
[2012/04/26 01:42:09 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/28 16:55:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job
[2012/04/28 16:35:16 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job
========== Purity Check ==========
< End of report >
#9
Posted 29 April 2012 - 05:23 AM
-
- Experts
-
- 17,090 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
What about my question here:
and
Quote
Please post a new fresh OTL log file and let me know how are things now.
and
Quote
Yep and to tell me how is your system now.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
#10
Posted 29 April 2012 - 05:56 AM
-
- Members
-
- 7 posts
New Member
Well, I uninstalled then reinstalled Google Chrome, and all is looking good there now. Bizarrely, my IE homepage had been re-set to aol.co.uk, and try as I might I couldn't alter it. However, I've since re-booted my pc and all seems to be well.
#11
Posted 29 April 2012 - 06:40 AM
-
- Experts
-
- 17,090 posts
Forum Deity
- Gender:Male
- Location:Bulgaria, EU
Glad I could help! 
Please run OTL and click on CleanUp button.
Some malware prevention tips:
http://forums.malwar...=0
Safe surfing!
Please run OTL and click on CleanUp button.
Some malware prevention tips:
http://forums.malwar...=0
Safe surfing!
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here
#13
Posted 29 April 2012 - 01:19 PM
-
- Moderators
-
- 13,226 posts
Eradicator de logiciels malveillants
- Gender:Male
- Location:USA
- Interests:Security, Windows, Windows Update, malware prevention
Glad we could help.
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.
Other members who need assistance please start your own topic in a new thread. Thanks!
~Maurice Naggar
I close my threads if there is 5 days without a response.
I close my threads if there is 5 days without a response.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
