sammyjammy77

Members
  • Content count

    7
  • Joined

  • Last visited

About sammyjammy77

  • Rank
    New Member
  1. Thanks so much
  2. Well, I uninstalled then reinstalled Google Chrome, and all is looking good there now. Bizarrely, my IE homepage had been re-set to aol.co.uk, and try as I might I couldn't alter it. However, I've since re-booted my pc and all seems to be well.
  3. Hey Maniac, So I've run another quick scan and this is the reult; OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Sam\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.38 Mb Total Physical Memory | 397.13 Mb Available Physical Memory | 39.19% Memory free 2.24 Gb Paging File | 1.36 Gb Available in Paging File | 60.70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 106.67 Gb Total Space | 29.65 Gb Free Space | 27.80% Space Free | Partition Type: NTFS Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.67% Space Free | Partition Type: NTFS Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/19 08:33:35 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2006/11/10 19:50:24 | 000,382,552 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC.exe ========== Modules (No Company Name) ========== MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/06/21 03:43:57 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll MOD - [2011/06/21 03:37:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011/06/21 03:36:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011/06/21 03:34:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011/06/21 03:34:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011/06/21 03:33:39 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011/06/21 03:29:52 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011/06/21 03:29:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2006/12/08 15:16:14 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll MOD - [2006/11/25 00:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2006/11/06 10:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2006/11/06 10:00:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012/04/14 13:44:21 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2008/11/19 19:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2006/06/26 18:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr) SRV - [2004/10/22 12:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\inspect.sys -- (Inspect) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008/09/02 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2008/05/12 15:40:48 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006/06/28 18:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/06/28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEB_en-GB IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) [2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.) O3 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader2.cab (Facebook Photo Uploader 4 Control) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab (Bonusprint Image Uploader Version 4.5 Control) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D657F350-2B42-4BFE-BC8E-8267DF985246}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4B5AC7-899D-4A7A-B04F-CBD9D799B1AD}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/04/25 23:35:18 | 000,000,000 | ---D | C] -- C:\_OTL [2012/04/25 14:34:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe [2012/04/25 13:45:51 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012/04/25 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/04/25 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\DriverCure [2012/04/25 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\ParetoLogic [2012/04/25 13:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2012/04/25 11:30:38 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Ilivid Player [2012/04/06 10:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/04/06 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/04/06 10:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes ========== Files - Modified Within 30 Days ========== [2012/04/28 16:55:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job [2012/04/28 16:44:35 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/28 16:35:16 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job [2012/04/28 16:32:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/26 14:46:50 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/26 14:46:49 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/26 08:50:53 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2012/04/26 08:46:02 | 1061,298,176 | -HS- | M] () -- C:\hiberfil.sys [2012/04/26 08:45:57 | 138,180,517 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/04/25 23:51:45 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/25 23:51:45 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe [2012/04/25 13:45:51 | 000,001,057 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk [2012/04/19 22:32:31 | 000,016,958 | ---- | M] () -- C:\Users\Sam\Desktop\Lion King Sides.odt [2012/04/15 19:12:29 | 000,020,570 | ---- | M] () -- C:\Users\Sam\Documents\Paul work pitch.odt [2012/04/15 17:37:36 | 000,021,165 | ---- | M] () -- C:\Users\Sam\Documents\Paul's thing.odt [2012/04/12 20:21:16 | 000,033,661 | ---- | M] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf [2012/04/12 20:10:24 | 000,089,722 | ---- | M] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg [2012/04/12 19:58:49 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip [2012/04/12 19:52:39 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\poopoo124.zip [2012/04/06 10:28:47 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012/04/25 13:45:51 | 000,001,057 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk [2012/04/19 21:52:33 | 000,016,958 | ---- | C] () -- C:\Users\Sam\Desktop\Lion King Sides.odt [2012/04/15 19:12:28 | 000,020,570 | ---- | C] () -- C:\Users\Sam\Documents\Paul work pitch.odt [2012/04/15 17:37:10 | 000,021,165 | ---- | C] () -- C:\Users\Sam\Documents\Paul's thing.odt [2012/04/14 13:01:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/12 19:58:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip [2012/04/12 19:58:04 | 000,089,722 | ---- | C] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg [2012/04/12 19:52:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\poopoo124.zip [2012/04/06 10:28:47 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/01 12:27:08 | 000,123,579 | ---- | C] () -- C:\Users\Sam\Desktop\IMG_3327detail 2.jpg [2012/04/01 12:00:33 | 000,033,661 | ---- | C] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf [2011/06/17 12:03:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/06/17 12:03:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/08/28 15:58:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2008/01/23 18:10:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Alfac [2012/04/25 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DriverCure [2009/03/07 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0 [2008/06/16 19:10:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Image Zone Express [2009/03/05 22:15:41 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LimeWire [2009/01/14 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NCH Swift Sound [2009/05/10 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OpenOffice.org [2012/04/25 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ParetoLogic [2007/08/09 03:14:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking [2007/11/28 13:44:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Printer Info Cache [2011/06/14 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Samsung [2007/07/07 15:36:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Template [2010/06/01 13:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Trusteer [2012/04/26 01:42:09 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/04/28 16:55:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job [2012/04/28 16:35:16 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job ========== Purity Check ========== < End of report >
  4. Sorry to sound stupid but do you want me to run a normal scan, as I did before?
  5. Ok, so ignore my last message!! I've run OTL as per your instructions and received the following; All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found. HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found. Registry key HKEY_USERS\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Unable to fix default_search_provider items. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Folder C:\ProgramData\boost_interprocess\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Sam ->Temp folder emptied: 1480217761 bytes ->Temporary Internet Files folder emptied: 41919005 bytes ->Java cache emptied: 95787141 bytes ->Apple Safari cache emptied: 1917952 bytes ->Flash cache emptied: 8323 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 156339449 bytes RecycleBin emptied: 1214690706 bytes Total Files Cleaned = 2,852.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.42.0 log created on 04262012_012725 Files\Folders moved on Reboot... C:\Users\Sam\AppData\Local\Temp\ehmsas.txt moved successfully. File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot...
  6. Thanks maniac, I've tried to follow your instructions a few times but the only thing that happens is OTL freezes and my desktop is completely wiped clean. Maybe this is supposed to happen?
  7. Hello there, I downloaded iLivid this morning and as a result searchnu.com/406 has taken over both my Googlechrome and IE browsers. I've followed Maniac's instructions as per http://forums.malwarebytes.org/index.php?showtopic=108859 / http://forums.malwarebytes.org/index.php?showtopic=107847 , and my OTL and Extras results are listed below. Any help you can offer me with all this will be hugely appreciated!!! OTL Extras logfile created on: 25/04/2012 15:16:42 - Run 1 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Sam\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.38 Mb Total Physical Memory | 373.66 Mb Available Physical Memory | 36.87% Memory free 2.24 Gb Paging File | 1.47 Gb Available in Paging File | 65.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 106.67 Gb Total Space | 26.24 Gb Free Space | 24.60% Space Free | Partition Type: NTFS Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.67% Space Free | Partition Type: NTFS Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06D8FD43-CADF-489B-8570-756DB27ECABF}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "{11B3F39C-FDFF-4C4E-BA35-9CCBAA4297E8}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe | "{1FC3605E-72B5-4AE6-B8EF-D6A65232D435}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{25C94CCE-1558-41BD-9E69-F78953C9F211}" = dir=in | app=c:\program files\itunes\itunes.exe | "{2B35D4AA-7E70-41C4-9C8F-8BA4A7C4083F}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | "{2E91565B-3B38-4EBB-87FB-A401B3AAC484}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe | "{42542722-61C3-4ED5-86DA-FD136397CD55}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | "{4E80272A-8FF1-4AEA-BEC5-0ECE91112D2F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{521BB5DE-50E6-401F-AEA2-62B0E4FBC37A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{6A07A1B0-48C5-4A83-B0F4-15C04B3E7B95}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{6FFD9945-CA7D-4815-B309-D5447348787B}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | "{75F6A9C7-BFE2-4683-B8F1-50990C8969B7}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "{8CEFB351-7211-4391-B406-A8DC89912223}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{929FAE9D-99CE-4581-BABA-559677DBE965}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{9A8DDC70-6A85-4E48-B07C-E9D47762FBC8}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | "{D752C0E5-17C7-4298-A443-C74DC455E3F3}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "{D75B8B54-B6B0-4E95-8C81-90138DD1DDE4}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{E7ABDBC0-F311-4B05-81C0-ADB916FD2532}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F048AAEE-1B1B-467A-AFD3-9E56D64F3E2A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "TCP Query User{14434780-4FA7-4B53-A69A-737D03EAFCC2}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{369084EB-0136-49D4-9B4B-17ADF674684D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{7F32FB18-6BEA-41E9-9E20-C61D1787942F}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | "TCP Query User{A3E7D172-1196-4B94-A60E-D18C4A982CA5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{F2583139-0E81-4BEC-927C-723750F8FB29}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=6 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe | "UDP Query User{443CDBDE-A79D-4C43-9E1F-BEC5D03C5BF4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{527BE72F-0FC8-4CFB-8D1C-B225C8BA2842}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | "UDP Query User{75B3252E-A9A4-4641-8A82-63DB870558FD}C:\program files\speedtouch\dr speedtouch\drst.exe" = protocol=17 | dir=in | app=c:\program files\speedtouch\dr speedtouch\drst.exe | "UDP Query User{9126FE6F-3490-4887-8754-7C6DC35A4C18}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{F420D13B-03FC-4352-8B19-C37EA25EB0FA}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data "{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive "{15DD1D3C-8386-47D4-91A4-2D25FAFE1255}" = HP User Guide 0039 "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1967D67C-6F3F-4001-9644-BAC704F7EE84}" = Samsung PC Studio "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 13 "{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6 "{3260D61B-DCA6-4ec6-8A41-DCCE01BC6EE4}" = c4100_Help "{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.10 B9 "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.0 "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6AEE2B0B-B3C1-4367-B1EF-FC4ED98DEED1}" = C4100 "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A59AB961-BE82-41E0-B0FB-648DFA6DDEA4}" = Web Camera Driver V1.0.25.102 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0 "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{ED3F469E-D9EC-4DF1-968F-5812CE2F30F8}" = HP Driver Diagnostics "{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core "{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Audacity_is1" = Audacity 1.2.6 "BBC iPlayer Download Manager" = BBC iPlayer Download Manager "Bink and Smacker" = Bink and Smacker "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30A5" = HDAUDIO Soft Data Fax Modem with SmartCP "HDMI" = IntelĀ® Graphics Media Accelerator Driver "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "iLivid" = iLivid "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Pixillion" = Pixillion Image Converter "Revo Uninstaller" = Revo Uninstaller 1.93 "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "Sibelius Scorch Plugin_is1" = Sibelius Scorch Plugin 5.2.5.30 "Switch" = Switch Sound File Converter "SynTPDeinstKey" = Synaptics Pointing Device Driver ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Antivirus Events ] Error - 02/03/2009 05:23:23 | Computer Name = Sam-PC | Source = avast! | ID = 33554522 Description = [ Application Events ] Error - 25/04/2012 07:48:41 | Computer Name = Sam-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6001.18639, time stamp 0x4db02c95, faulting module IEBHO.dll, version 1.0.0.1, time stamp 0x4f5de727, exception code 0xc0000417, fault offset 0x00091b32, process id 0x524, application start time 0x01cd22d6366181b0. Error - 25/04/2012 08:48:25 | Computer Name = Sam-PC | Source = VSS | ID = 8194 Description = Error - 25/04/2012 09:40:44 | Computer Name = Sam-PC | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.42.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 748 Start Time: 01cd22e841bbc450 Termination Time: 31 Error - 25/04/2012 09:43:49 | Computer Name = Sam-PC | Source = Application Hang | ID = 1002 Description = The program OTL.exe version 3.2.42.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 84c Start Time: 01cd22e90bb6dbf0 Termination Time: 31 Error - 25/04/2012 09:53:59 | Computer Name = Sam-PC | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe_SysMain, version 6.0.6001.18000, time stamp 0x47918b89, faulting module sysmain.dll, version 6.0.6001.18000, time stamp 0x4791a770, exception code 0xc0000006, fault offset 0x0000cb1e, process id 0x424, application start time 0x01cd22eab7a68f40. Error - 25/04/2012 09:54:00 | Computer Name = Sam-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000009C Disk type: 3 Error - 25/04/2012 09:55:56 | Computer Name = Sam-PC | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe_SysMain, version 6.0.6001.18000, time stamp 0x47918b89, faulting module sysmain.dll, version 6.0.6001.18000, time stamp 0x4791a770, exception code 0xc0000006, fault offset 0x0000cb1e, process id 0x184, application start time 0x01cd22eb0e2979fa. Error - 25/04/2012 09:55:56 | Computer Name = Sam-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000009C Disk type: 3 Error - 25/04/2012 09:57:46 | Computer Name = Sam-PC | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe_SysMain, version 6.0.6001.18000, time stamp 0x47918b89, faulting module sysmain.dll, version 6.0.6001.18000, time stamp 0x4791a770, exception code 0xc0000006, fault offset 0x0000cb1e, process id 0x568, application start time 0x01cd22eb2ca21aea. Error - 25/04/2012 09:57:46 | Computer Name = Sam-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000009C Disk type: 3 [ Media Center Events ] Error - 23/09/2007 09:14:25 | Computer Name = Sam-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 24/09/2007 11:32:48 | Computer Name = Sam-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 17/04/2008 07:15:49 | Computer Name = Sam-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. [ System Events ] Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031 Description = Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7034 Description = Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7034 Description = Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7034 Description = Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031 Description = Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031 Description = Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7034 Description = Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031 Description = Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031 Description = Error - 25/04/2012 09:58:42 | Computer Name = Sam-PC | Source = Service Control Manager | ID = 7031 Description = < End of report > And OTL logfile created on: 25/04/2012 15:16:42 - Run 1 OTL by OldTimer - Version 3.2.42.0 Folder = C:\Users\Sam\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 1013.38 Mb Total Physical Memory | 373.66 Mb Available Physical Memory | 36.87% Memory free 2.24 Gb Paging File | 1.47 Gb Available in Paging File | 65.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 106.67 Gb Total Space | 26.24 Gb Free Space | 24.60% Space Free | Partition Type: NTFS Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.67% Space Free | Partition Type: NTFS Computer Name: SAM-PC | User Name: Sam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe PRC - [2012/04/01 10:05:28 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe PRC - [2011/01/13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe PRC - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe PRC - [2009/04/23 06:29:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2009/04/23 06:29:14 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/03/25 20:40:42 | 000,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe PRC - [2008/02/27 17:56:54 | 001,032,376 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/19 08:33:35 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe PRC - [2008/01/19 08:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe PRC - [2007/12/10 15:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAC7302\Monitor.exe PRC - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe ========== Modules (No Company Name) ========== MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2009/04/16 13:02:16 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2006/11/25 00:33:18 | 000,061,440 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2006/11/06 10:05:40 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll MOD - [2006/11/06 10:00:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService) SRV - [2012/04/14 13:44:21 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/01/13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2008/11/19 19:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc) SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Stopped] -- C:\Program Files\Kontiki\KService.exe -- (KService) SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/09/12 19:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/09/12 19:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2006/06/26 18:50:08 | 000,126,976 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr) SRV - [2004/10/22 12:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\inspect.sys -- (Inspect) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2011/01/13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011/01/13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011/01/13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011/01/13 09:37:19 | 000,051,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011/01/13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2008/09/02 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2008/05/12 15:40:48 | 000,460,544 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302) DRV - [2008/03/04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007/05/02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007/05/02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007/05/02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2006/07/24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006/06/28 18:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr) DRV - [2006/06/28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn) SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=363&systemid=406&sr=0&q={searchTerms} IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7HPEB_en-GB IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{88B98EAA-7513-4BD0-B51F-E304D5F99E7A}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=363&systemid=406&sr=0&q={searchTerms} IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms} IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sam\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) [2008/02/27 17:57:38 | 000,106,496 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\mozilla firefox\plugins\npBBCPlugin.dll ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - Extension: No name found = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced\1.0.0.8_1\ CHR - Extension: No name found = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\Sam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe (Kontiki Inc.) O4 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background File not found O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - Startup: C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-4022988669-3045192606-1649212457-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer) O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader2.cab (Facebook Photo Uploader 4 Control) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab (Bonusprint Image Uploader Version 4.5 Control) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D657F350-2B42-4BFE-BC8E-8267DF985246}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC4B5AC7-899D-4A7A-B04F-CBD9D799B1AD}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/11 16:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/04/25 14:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2012/04/25 14:34:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe [2012/04/25 13:45:51 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2012/04/25 13:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2012/04/25 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\DriverCure [2012/04/25 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Roaming\ParetoLogic [2012/04/25 13:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic [2012/04/25 11:30:38 | 000,000,000 | ---D | C] -- C:\Users\Sam\AppData\Local\Ilivid Player [2012/04/25 11:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid [2012/04/06 10:28:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/04/06 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/04/06 10:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes ========== Files - Modified Within 30 Days ========== [2012/04/25 15:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job [2012/04/25 15:10:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4022988669-3045192606-1649212457-1000UA.job [2012/04/25 15:00:00 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/25 15:00:00 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/25 14:58:21 | 000,000,150 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2012/04/25 14:53:31 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/25 14:53:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/25 14:52:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/25 14:52:28 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys [2012/04/25 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/25 14:35:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sam\Desktop\OTL.exe [2012/04/25 13:45:51 | 000,001,057 | ---- | M] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk [2012/04/25 11:30:00 | 000,001,310 | ---- | M] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk [2012/04/25 11:28:44 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\iLivid.lnk [2012/04/24 18:02:21 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job [2012/04/23 10:10:04 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4022988669-3045192606-1649212457-1000Core.job [2012/04/19 22:32:31 | 000,016,958 | ---- | M] () -- C:\Users\Sam\Desktop\Lion King Sides.odt [2012/04/15 19:12:29 | 000,020,570 | ---- | M] () -- C:\Users\Sam\Documents\Paul work pitch.odt [2012/04/15 17:37:36 | 000,021,165 | ---- | M] () -- C:\Users\Sam\Documents\Paul's thing.odt [2012/04/15 12:16:29 | 000,001,994 | ---- | M] () -- C:\Users\Sam\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/04/15 12:16:28 | 000,002,032 | ---- | M] () -- C:\Users\Sam\Desktop\Google Chrome.lnk [2012/04/12 20:21:16 | 000,033,661 | ---- | M] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf [2012/04/12 20:10:24 | 000,089,722 | ---- | M] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg [2012/04/12 19:58:49 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip [2012/04/12 19:52:39 | 000,108,775 | ---- | M] () -- C:\Users\Sam\Desktop\poopoo124.zip [2012/04/06 10:28:47 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk ========== Files Created - No Company Name ========== [2012/04/25 13:45:51 | 000,001,057 | ---- | C] () -- C:\Users\Sam\Desktop\Revo Uninstaller.lnk [2012/04/25 11:30:00 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Upgrade Facebook Chat Experience.lnk [2012/04/25 11:20:23 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\iLivid.lnk [2012/04/19 21:52:33 | 000,016,958 | ---- | C] () -- C:\Users\Sam\Desktop\Lion King Sides.odt [2012/04/15 19:12:28 | 000,020,570 | ---- | C] () -- C:\Users\Sam\Documents\Paul work pitch.odt [2012/04/15 17:37:10 | 000,021,165 | ---- | C] () -- C:\Users\Sam\Documents\Paul's thing.odt [2012/04/14 13:01:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/12 19:58:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\Attachments_2012_04_12.zip [2012/04/12 19:58:04 | 000,089,722 | ---- | C] () -- C:\Users\Sam\Desktop\Portsmouth1.jpg [2012/04/12 19:52:33 | 000,108,775 | ---- | C] () -- C:\Users\Sam\Desktop\poopoo124.zip [2012/04/06 10:28:47 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/04/01 12:27:08 | 000,123,579 | ---- | C] () -- C:\Users\Sam\Desktop\IMG_3327detail 2.jpg [2012/04/01 12:00:33 | 000,033,661 | ---- | C] () -- C:\Users\Sam\Documents\SAMUEL JAMES ACTING CV.pdf [2011/06/17 12:03:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011/06/17 12:03:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010/08/28 15:58:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2008/01/23 18:10:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Alfac [2012/04/25 13:13:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\DriverCure [2009/03/07 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\gtk-2.0 [2008/06/16 19:10:42 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Image Zone Express [2009/03/05 22:15:41 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\LimeWire [2009/01/14 14:54:59 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\NCH Swift Sound [2009/05/10 23:20:19 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\OpenOffice.org [2012/04/25 13:12:36 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\ParetoLogic [2007/08/09 03:14:25 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\PeerNetworking [2007/11/28 13:44:05 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Printer Info Cache [2011/06/14 18:32:57 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Samsung [2007/07/07 15:36:53 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Template [2010/06/01 13:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sam\AppData\Roaming\Trusteer [2012/04/25 14:49:16 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/04/25 15:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{59DB3363-F40D-4D9C-B8D3-FFF6C0AAEABB}.job [2012/04/24 18:02:21 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A9586D53-F0F7-468F-974B-D5FCA021B6A0}.job ========== Purity Check ========== < End of report >