Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

searchqu.com/406

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

searchqu.com/406

Unread postby jaz167 » May 26th, 2011, 3:50 pm

Please get me out of this mess, I'll try not to download any rubbish ever again. Here's my logs -


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Bartletts at 19:43:24 on 2011-05-26
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1019 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Oxigen\bin\OxigenService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Bartletts\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartletts\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bartletts\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Oxigen\bin\OxigenTray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Bartletts\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Google Update] "c:\users\bartletts\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [OxigenServiceStart] c:\program files\oxigen\bin\OxigenService.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl3d531b40;MpKsl3d531b40;c:\programdata\microsoft\microsoft antimalware\definition updates\{391c4982-07f0-4131-83bd-86c9da831273}\MpKsl3d531b40.sys [2011-5-26 28752]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2011-2-22 32256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-3-4 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2011-2-23 3567]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-05-26 18:38:07 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{391c4982-07f0-4131-83bd-86c9da831273}\MpKsl3d531b40.sys
2011-05-26 18:37:57 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{391c4982-07f0-4131-83bd-86c9da831273}\mpengine.dll
2011-05-26 15:21:55 -------- d-----w- c:\users\bartletts\appdata\local\{74A8FA0C-F86E-4335-9F2C-4BFF06886C45}
2011-05-23 10:12:48 -------- d-----w- c:\users\bartletts\appdata\local\Ilivid Player
2011-05-23 10:09:57 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-05-23 10:09:37 -------- d-----w- c:\users\bartletts\appdata\local\PackageAware
2011-05-22 08:41:29 -------- d-----w- c:\users\bartletts\appdata\local\{F0A1FA50-87A1-4E1A-B5D4-F4DA00393568}
2011-05-21 19:41:27 -------- d-----w- c:\users\bartletts\appdata\local\{FAD22F43-DB0A-47F9-9C67-5CF12D5E1D36}
2011-05-21 07:41:05 -------- d-----w- c:\users\bartletts\appdata\local\{AAA230C7-45DB-4A2A-AC67-50ABA2D25445}
2011-05-20 21:16:25 -------- d-----w- c:\users\bartletts\appdata\local\{CA62B56D-0B0F-4BE6-83A2-959C1145BEDD}
2011-05-20 08:26:23 -------- d-----w- c:\users\bartletts\appdata\local\{C0BCCD79-9FF8-4CF3-A28C-7A180C0B06A6}
2011-05-20 08:10:19 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{d9928de9-d841-4c80-b878-83abe7c50596}\gapaengine.dll
2011-05-19 18:33:52 -------- d-----w- c:\users\bartletts\appdata\local\{2D84B3A4-DB20-45AF-919E-D935BB3D3AD2}
2011-05-19 06:33:29 -------- d-----w- c:\users\bartletts\appdata\local\{736CBC69-2BB7-4522-9AB3-E9008586F4EB}
2011-05-18 08:15:19 -------- d-----w- c:\users\bartletts\appdata\local\{5319DF17-E02E-4687-88E4-AAC6C750759F}
2011-05-17 11:51:45 -------- d-----w- c:\users\bartletts\appdata\local\{023097F4-CA12-4DFA-900A-1D31B2F745DB}
2011-05-16 23:44:36 -------- d-----w- c:\users\bartletts\appdata\local\{9D1040A5-F54B-4A08-AAA3-1EA42E2B60A2}
2011-05-16 11:30:38 -------- d-----w- c:\users\bartletts\appdata\local\{9A1B467B-4D94-498F-AE67-AC87CCE3EDE6}
2011-05-15 21:13:17 -------- d-----w- c:\users\bartletts\appdata\local\{E800DEE6-E749-47E0-A900-90EC66CE039C}
2011-05-15 09:12:56 -------- d-----w- c:\users\bartletts\appdata\local\{3BA5EB1A-B170-40D8-B0D7-AE14942AFDEC}
2011-05-14 21:06:59 -------- d-----w- c:\users\bartletts\appdata\local\{5BB8DE01-52AD-4524-BC16-2126749E66C5}
2011-05-14 09:03:33 -------- d-----w- c:\users\bartletts\appdata\local\{89406B3C-FC7F-4B79-8B98-5E04A35C0F16}
2011-05-13 11:18:39 -------- d-----w- c:\users\bartletts\appdata\local\{E0A332E1-095B-413A-B773-DEADBE27A73C}
2011-05-13 11:06:09 -------- d-----w- c:\users\bartletts\appdata\local\{D984A472-59B4-42DF-BFD5-79F46A71CA87}
2011-05-13 07:15:58 -------- d-----w- c:\program files\Oxigen
2011-05-12 22:12:42 -------- d-----w- c:\users\bartletts\appdata\local\{B67FE77E-C7E4-4180-B7E3-CECD22AF67FC}
2011-05-12 10:12:20 -------- d-----w- c:\users\bartletts\appdata\local\{2515A8FB-611F-4DB1-A826-70B52CA1B714}
2011-05-11 19:41:08 -------- d-----w- c:\users\bartletts\appdata\local\{174D8398-39CA-4388-8B8E-778776ACE3D7}
2011-05-11 07:51:50 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-11 07:36:31 -------- d-----w- c:\users\bartletts\appdata\local\{2437B73F-F171-4AF1-959F-9ED1F50E18A0}
2011-05-10 10:55:54 -------- d-----w- c:\users\bartletts\appdata\local\{65F57025-5ABF-40D2-88E4-55CD2091ABE1}
2011-05-09 20:09:09 -------- d-----w- c:\users\bartletts\appdata\local\{377075D2-F520-422A-BF00-F5761BA402AC}
2011-05-09 08:06:13 -------- d-----w- c:\users\bartletts\appdata\local\{2419F2A9-A8A4-4DC3-90B6-170073B7985B}
2011-05-08 20:06:02 -------- d-----w- c:\users\bartletts\appdata\local\{EEE00360-79AA-46EA-BD0A-B4B1A7D5F392}
2011-05-08 13:20:23 -------- d-----w- c:\users\bartletts\appdata\local\MigWiz
2011-05-08 08:05:38 -------- d-----w- c:\users\bartletts\appdata\local\{C10F747A-C03C-425A-955D-A92BC7AB792C}
2011-05-07 20:05:14 -------- d-----w- c:\users\bartletts\appdata\local\{E7246A5C-33A5-4B9E-B43C-47DBA51169F8}
2011-05-07 08:04:51 -------- d-----w- c:\users\bartletts\appdata\local\{A2A414BF-CB0C-4328-9C85-C0EEE615DC0B}
2011-05-06 17:48:15 -------- d-----w- c:\users\bartletts\appdata\local\{56BE11E9-91B6-4E4F-A8BC-5DBA52417B6D}
2011-05-06 10:54:51 -------- d-----w- c:\users\bartletts\appdata\local\{04ED9F2A-EDC3-48C7-A965-10DD8FB32EF5}
2011-05-05 21:25:53 -------- d-----w- c:\users\bartletts\appdata\local\{B9D49AD2-0BE9-43CF-8A0A-694FA725BAD8}
2011-05-05 09:58:59 386560 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2011-05-05 09:58:59 22016 ----a-w- c:\program files\internet explorer\ExtExport.exe
2011-05-05 09:58:59 149504 ----a-w- c:\program files\internet explorer\jsprofilerui.dll
2011-05-05 09:58:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-05 07:51:17 -------- d-----w- c:\users\bartletts\appdata\local\{EFBABF06-1575-4B20-B008-D19FFBF9D93F}
2011-05-04 16:05:24 -------- d-----w- c:\users\bartletts\appdata\local\{AC6597CF-334B-46F0-A542-BF6FF53CD72B}
2011-05-02 19:20:46 -------- d-----w- c:\users\bartletts\appdata\local\{FBCBAC70-0D03-44EA-9F92-F01580BE3A45}
2011-05-02 07:15:44 -------- d-----w- c:\users\bartletts\appdata\local\{AFB02A9A-E45E-4281-AAE8-6B557B0D5981}
2011-05-01 16:10:19 -------- d-----w- c:\program files\MSECache
2011-05-01 11:02:42 -------- d-----w- c:\users\bartletts\appdata\local\{044A3825-F477-4F37-B4C7-07794D6DCF0C}
2011-04-30 20:55:57 -------- d-----w- c:\users\bartletts\appdata\local\{C12E81AB-5F2C-4001-8458-23B1A34AF462}
2011-04-30 07:00:55 -------- d-----w- c:\users\bartletts\appdata\local\{8C9BBF16-3A6D-4FF4-86F6-E0BA4DB30015}
2011-04-29 12:32:33 -------- d-----w- c:\users\bartletts\appdata\local\{7B51D67F-1252-4C82-8C62-215E19339686}
2011-04-28 20:39:34 -------- d-----w- c:\users\bartletts\appdata\local\{3490EC94-8724-4C38-BDB9-F88142212984}
2011-04-28 08:39:11 -------- d-----w- c:\users\bartletts\appdata\local\{069BFCC7-C3CA-45C1-80FD-30F3FDEEC525}
2011-04-28 08:39:05 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 08:39:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 08:39:00 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 13:36:31 -------- d-----w- c:\users\bartletts\appdata\roaming\LEGO Company
2011-04-27 13:35:55 -------- d-----w- c:\program files\LEGO Company
2011-04-27 10:25:00 -------- d-----w- c:\users\bartletts\appdata\local\{0B9F6DA6-302F-4ED8-8976-7CA07816FABD}
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 16:14:47 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-03-10 16:14:32 1409 ----a-w- c:\windows\QTFont.for
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
============= FINISH: 19:43:58.00 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/22/2011 7:28:09 PM
System Uptime: 5/26/2011 7:37:12 PM (0 hours ago)
.
Motherboard: Acer | | Poyang
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | uPGA-478 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 93.271 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 138.196 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP148: 5/16/2011 10:16:04 AM - Scheduled Checkpoint
RP149: 5/16/2011 2:11:31 PM - Windows Update
RP150: 5/17/2011 7:46:20 PM - Windows Update
RP151: 5/18/2011 9:48:24 AM - Scheduled Checkpoint
RP152: 5/19/2011 7:09:11 AM - Scheduled Checkpoint
RP153: 5/19/2011 7:21:31 AM - Windows Update
RP154: 5/20/2011 9:08:40 AM - Windows Update
RP155: 5/21/2011 9:25:38 AM - Scheduled Checkpoint
RP156: 5/21/2011 10:38:10 AM - Windows Update
RP157: 5/22/2011 8:46:37 PM - Windows Update
RP158: 5/23/2011 10:27:08 AM - Scheduled Checkpoint
RP159: 5/26/2011 4:26:30 PM - Windows Update
RP160: 5/26/2011 7:34:18 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
Compatibility Pack for the 2007 Office system
D3DX10
Disney's The Jungle Book Year 3
DVD-Cloner V8.00 Build 1001
Frankie's Animal Adventures
Frankie Time Traveller
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
JumpStart Typing
Junk Mail filter update
LEGO Digital Designer
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
MSVCRT
MuseScore 1.0 MuseScore score typesetter
NVIDIA Drivers
Oxigen
QuickTime
Reader Rabbit's Maths Ages 6-8
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Segoe UI
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
5/26/2011 7:38:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
5/26/2011 7:38:13 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
5/26/2011 7:37:57 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
5/26/2011 4:27:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
5/26/2011 4:16:02 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
5/26/2011 4:15:50 PM, Error: EventLog [6008] - The previous system shutdown at 11:30:37 AM on 5/23/2011 was unexpected.
5/22/2011 8:48:20 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
5/21/2011 10:39:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
5/20/2011 9:10:27 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
5/19/2011 7:22:49 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
.
==== End Of File ===========================
jaz167
Active Member
 
Posts: 6
Joined: May 26th, 2011, 3:46 pm
Advertisement
Register to Remove

Re: searchqu.com/406

Unread postby askey127 » May 28th, 2011, 7:08 am

Hi jaz167, and welcome to Malware Removal

Before We Start, Some Notes On This Process
During this repair, we may need to remove some obsolete programs, and some which interfere with our tools.
We will install replacements later.
Please do not install or uninstall any programs, or scan with anything, unless I ask, until we are through cleaning.

Also, please be aware that removing Malware is a potentially hazardous undertaking.
I will take care not to knowingly suggest courses of action that might damage your computer. However, it is impossible for me to foresee all interactions that may happen between your computer software and the tools we'll use to clear you of infection, so I cannot guarantee the safety of your system.
It is not likely, but possible, that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate taking your computer to a repair shop.
Because of this, I advise you to backup any important personal files to some external media, like a USB flash or CD, before we start.
---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :Regfind
    fun4IM
    bandoo
    searchqu
    iLivid
    whitesmoke
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
    (Takes about 4 minutes on my XP net book)
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop, labeled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: searchqu.com/406

Unread postby jaz167 » May 28th, 2011, 7:42 am

Thanks Askey 127. While awaiting your reply, I’ve done something that I perhaps should not have - I downloaded Youtube downloader. It assured me it was safe and free of nasties but now it has taken control of whatever browser I use. Searchqu has been pushed aside by this latest thing but no doubt is still lurking in the background. I know something is going on as the colour scheme of Google Chrome has changed and the home page icon has disappeared.

Do I need to get rid of both of them? Or is youtube downloader okay?

In the meantime, here’s the result from systemlook –

SystemLook 04.09.10 by jpshortstuff
Log created at 12:35 on 28/05/2011 by Bartletts
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Program Files\Windows iLivid Toolbar\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:32 02/03/2011] [13:32 02/03/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\Users\Bartletts\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:32 02/03/2011] [13:32 02/03/2011] AA709C3696701CC2792A44116E7D83A1

Searching for "*iLivid*"
C:\Users\Bartletts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO9WJQR5\ilivid[1].7z --a---- 725651 bytes [10:10 23/05/2011] [10:10 23/05/2011] 0CF032A65C5F5F60A709C45A560E778B
C:\Users\Bartletts\AppData\Local\Temp\ilivid.7z --a---- 725651 bytes [10:10 23/05/2011] [10:10 23/05/2011] 0CF032A65C5F5F60A709C45A560E778B

Searching for "*whitesmoke*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Users\AVFC Luke\AppData\LocalLow\searchqutoolbar d------ [15:27 26/05/2011]
C:\Users\Bartletts\AppData\LocalLow\searchqutoolbar d------ [10:10 23/05/2011]

Searching for "*iLivid*"
C:\Program Files\Windows iLivid Toolbar d------ [10:09 23/05/2011]
C:\Users\Bartletts\AppData\Local\Ilivid Player d------ [10:12 23/05/2011]

Searching for "*whitesmoke*"
No folders found.

========== Regfind ==========

Searching for "fun4IM"
No data found.

Searching for "bandoo"
No data found.

Searching for "searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

-= EOF =-
jaz167
Active Member
 
Posts: 6
Joined: May 26th, 2011, 3:46 pm

Re: searchqu.com/406

Unread postby askey127 » May 28th, 2011, 8:27 am

jaz167,
We will get to the Youtube Downloader later.
For now, please don't scan, install or Uninstall anything unless I ask, until we are through cleaning.
---------------------------------------------
Download OTL
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. You can also download OTL from HERE
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
    
    :Files
    C:\Users\Bartletts\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO9WJQR5\ilivid[1].7z
    C:\Users\Bartletts\AppData\Local\Temp\ilivid.7z
    C:\Users\AVFC Luke\AppData\LocalLow\searchqutoolbar
    C:\Users\Bartletts\AppData\LocalLow\searchqutoolbar
    C:\Program Files\Windows iLivid Toolbar
    C:\Users\Bartletts\AppData\Local\Ilivid Player
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again, and Click on the Run Scan button at the top left hand corner.
  • OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
    They will be saved on your desktop.
Please post the contents of these files.
You may use separate replies if you wish.
If any of the files are too large to post, you can split the oversize one(s) into multiple replies

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: searchqu.com/406

Unread postby jaz167 » May 28th, 2011, 9:37 am

OTL logfile created on: 5/28/2011 2:32:34 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Bartletts\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.86% Memory free
4.22 Gb Paging File | 3.29 Gb Available in Paging File | 77.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 89.31 Gb Free Space | 64.57% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 138.20 Gb Free Space | 92.72% Space Free | Partition Type: NTFS

Computer Name: BARTLETTS-PC | User Name: Bartletts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/28 14:23:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Bartletts\Desktop\OTL.exe
PRC - [2011/01/30 16:45:14 | 001,306,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2010/12/22 15:48:36 | 000,024,888 | ---- | M] (Oxigen) -- C:\Program Files\Oxigen\bin\OxigenService.exe
PRC - [2010/12/22 15:40:56 | 000,027,960 | ---- | M] (Oxigen) -- C:\Program Files\Oxigen\bin\OxigenTray.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/04/11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/08 10:29:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/07/12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/07/12 17:36:10 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/05/28 14:23:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Bartletts\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/12 17:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2011/05/28 14:30:46 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15596DE6-F4B1-40D4-AF0B-E9C87C2E5546}\MpKsl0b6892d5.sys -- (MpKsl0b6892d5)
DRV - [2011/05/27 20:30:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15596DE6-F4B1-40D4-AF0B-E9C87C2E5546}\MpKsl64457a74.sys -- (MpKsl64457a74)
DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/07/08 11:15:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/01/21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2007/10/10 16:35:00 | 007,629,504 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2002/01/12 17:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PortTalk.sys -- (PortTalk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OxigenServiceStart] C:\Program Files\Oxigen\bin\OxigenService.exe (Oxigen)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [FocoLink] File not found
O4 - HKCU..\Run: [NTServiceManager] File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [OTL] C:\Users\Bartletts\Desktop\OTL.exe (OldTimer Tools)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 14:25:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/28 14:23:08 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Bartletts\Desktop\OTL.exe
[2011/05/28 08:49:23 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{0D87DA80-6F24-4663-823A-9E5842AB1BC4}
[2011/05/27 20:47:25 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{249AA48A-8E35-4ABA-9513-4A0958E5B99E}
[2011/05/27 17:35:53 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\Documents\YouTube Downloader
[2011/05/27 17:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeDownloader.org
[2011/05/27 08:47:02 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{0855F733-0A21-4204-8D8F-C9BF6877E287}
[2011/05/26 20:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{BB9A593C-3512-4729-A27E-42F83AFEB720}
[2011/05/26 16:21:55 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{74A8FA0C-F86E-4335-9F2C-4BFF06886C45}
[2011/05/23 11:09:37 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\PackageAware
[2011/05/22 09:41:29 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{F0A1FA50-87A1-4E1A-B5D4-F4DA00393568}
[2011/05/22 07:58:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Oxigen
[2011/05/21 20:41:27 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{FAD22F43-DB0A-47F9-9C67-5CF12D5E1D36}
[2011/05/21 08:41:05 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{AAA230C7-45DB-4A2A-AC67-50ABA2D25445}
[2011/05/20 22:16:25 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{CA62B56D-0B0F-4BE6-83A2-959C1145BEDD}
[2011/05/20 09:26:23 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{C0BCCD79-9FF8-4CF3-A28C-7A180C0B06A6}
[2011/05/19 19:33:52 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{2D84B3A4-DB20-45AF-919E-D935BB3D3AD2}
[2011/05/19 07:33:29 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{736CBC69-2BB7-4522-9AB3-E9008586F4EB}
[2011/05/18 09:15:19 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{5319DF17-E02E-4687-88E4-AAC6C750759F}
[2011/05/17 12:51:45 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{023097F4-CA12-4DFA-900A-1D31B2F745DB}
[2011/05/17 00:44:36 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{9D1040A5-F54B-4A08-AAA3-1EA42E2B60A2}
[2011/05/16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{9A1B467B-4D94-498F-AE67-AC87CCE3EDE6}
[2011/05/15 22:13:17 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{E800DEE6-E749-47E0-A900-90EC66CE039C}
[2011/05/15 10:12:56 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{3BA5EB1A-B170-40D8-B0D7-AE14942AFDEC}
[2011/05/14 22:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{5BB8DE01-52AD-4524-BC16-2126749E66C5}
[2011/05/14 10:03:33 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{89406B3C-FC7F-4B79-8B98-5E04A35C0F16}
[2011/05/13 12:18:39 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{E0A332E1-095B-413A-B773-DEADBE27A73C}
[2011/05/13 12:06:09 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{D984A472-59B4-42DF-BFD5-79F46A71CA87}
[2011/05/13 08:15:58 | 000,000,000 | ---D | C] -- C:\Program Files\Oxigen
[2011/05/12 23:12:42 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{B67FE77E-C7E4-4180-B7E3-CECD22AF67FC}
[2011/05/12 11:12:20 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{2515A8FB-611F-4DB1-A826-70B52CA1B714}
[2011/05/11 20:41:08 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{174D8398-39CA-4388-8B8E-778776ACE3D7}
[2011/05/11 08:36:31 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{2437B73F-F171-4AF1-959F-9ED1F50E18A0}
[2011/05/10 11:55:54 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{65F57025-5ABF-40D2-88E4-55CD2091ABE1}
[2011/05/09 21:09:09 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{377075D2-F520-422A-BF00-F5761BA402AC}
[2011/05/09 09:06:13 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{2419F2A9-A8A4-4DC3-90B6-170073B7985B}
[2011/05/08 21:06:02 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{EEE00360-79AA-46EA-BD0A-B4B1A7D5F392}
[2011/05/08 14:20:23 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\MigWiz
[2011/05/08 09:05:38 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{C10F747A-C03C-425A-955D-A92BC7AB792C}
[2011/05/07 21:05:14 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{E7246A5C-33A5-4B9E-B43C-47DBA51169F8}
[2011/05/07 09:04:51 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{A2A414BF-CB0C-4328-9C85-C0EEE615DC0B}
[2011/05/06 18:48:15 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{56BE11E9-91B6-4E4F-A8BC-5DBA52417B6D}
[2011/05/06 11:54:51 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{04ED9F2A-EDC3-48C7-A965-10DD8FB32EF5}
[2011/05/05 22:25:53 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{B9D49AD2-0BE9-43CF-8A0A-694FA725BAD8}
[2011/05/05 10:59:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/05 10:59:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/05 10:59:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/05 10:59:06 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/05 10:59:06 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/05 10:59:06 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/05 10:59:06 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/05 10:59:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/05 10:59:05 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/05 10:59:05 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/05 10:59:04 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/05 10:59:04 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/05 10:59:04 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/05 10:59:04 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/05 10:59:04 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/05 10:59:04 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/05 10:59:03 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/05 10:59:03 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/05 10:59:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/05 10:59:03 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/05 10:59:02 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/05 10:59:02 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/05 10:59:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/05 10:59:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/05 10:59:02 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/05 10:59:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/05 10:59:01 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/05 10:59:01 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/05 10:59:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/05 10:59:01 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/05 10:59:01 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/05 10:59:00 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/05 10:59:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/05 10:59:00 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/05 10:59:00 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/05 10:59:00 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/05 10:59:00 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/05 10:58:59 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/05 10:58:59 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/05 08:51:17 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{EFBABF06-1575-4B20-B008-D19FFBF9D93F}
[2011/05/04 17:05:24 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{AC6597CF-334B-46F0-A542-BF6FF53CD72B}
[2011/05/02 20:20:46 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{FBCBAC70-0D03-44EA-9F92-F01580BE3A45}
[2011/05/02 08:15:44 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{AFB02A9A-E45E-4281-AAE8-6B557B0D5981}
[2011/05/01 17:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2011/05/01 12:02:42 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{044A3825-F477-4F37-B4C7-07794D6DCF0C}
[2011/04/30 21:55:57 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{C12E81AB-5F2C-4001-8458-23B1A34AF462}
[2011/04/30 08:00:55 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{8C9BBF16-3A6D-4FF4-86F6-E0BA4DB30015}
[2011/04/29 13:32:33 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{7B51D67F-1252-4C82-8C62-215E19339686}
[2011/04/28 21:39:34 | 000,000,000 | ---D | C] -- C:\Users\Bartletts\AppData\Local\{3490EC94-8724-4C38-BDB9-F88142212984}
[2010/11/19 14:31:38 | 000,331,776 | ---- | C] ( ) -- C:\Windows\System32\Interop.WMPLib.DLL
[2010/11/19 14:31:38 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2010/11/19 14:31:38 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\Interop.QTOLibrary.dll
[2010/11/19 14:31:38 | 000,032,768 | ---- | C] ( ) -- C:\Windows\System32\Interop.ShockwaveFlashObjects.dll
[2010/11/19 14:31:38 | 000,032,768 | ---- | C] ( ) -- C:\Windows\System32\Interop.QTOControlLib.dll

========== Files - Modified Within 30 Days ==========

[2011/05/28 14:31:05 | 000,028,219 | ---- | M] () -- C:\Users\Bartletts\AppData\Roaming\nvModes.001
[2011/05/28 14:30:49 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/28 14:30:49 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/28 14:30:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/28 14:30:37 | 2143,305,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/28 14:23:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Bartletts\Desktop\OTL.exe
[2011/05/28 14:14:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1001UA.job
[2011/05/28 14:07:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1000UA.job
[2011/05/28 14:07:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1000Core.job
[2011/05/28 13:55:59 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1002UA.job
[2011/05/28 12:58:17 | 000,002,631 | ---- | M] () -- C:\Users\Bartletts\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2011/05/28 12:48:51 | 000,028,219 | ---- | M] () -- C:\Users\Bartletts\AppData\Roaming\nvModes.dat
[2011/05/28 12:33:50 | 000,075,264 | ---- | M] () -- C:\Users\Bartletts\Desktop\SystemLook.exe
[2011/05/28 08:55:59 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1002Core.job
[2011/05/27 20:36:22 | 000,002,633 | ---- | M] () -- C:\Users\Bartletts\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/05/27 20:19:26 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1001Core.job
[2011/05/27 17:22:08 | 000,016,896 | ---- | M] () -- C:\Users\Bartletts\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/27 13:53:37 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/27 13:53:37 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/13 08:16:04 | 000,001,977 | ---- | M] () -- C:\Windows\System32\Oxigen.scr.config
[2011/05/11 12:50:29 | 000,001,951 | ---- | M] () -- C:\Users\Bartletts\Application Data\Microsoft\Internet Explorer\Quick Launch\LEGO Digital Designer.lnk
[2011/05/09 18:16:45 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2011/05/05 14:16:07 | 000,000,943 | ---- | M] () -- C:\Users\Bartletts\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/05 10:59:21 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/05/05 10:59:21 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/05/05 10:59:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/05/05 10:59:07 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/05/05 10:59:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/05/05 10:59:06 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/05/05 10:59:06 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/05/05 10:59:06 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/05/05 10:59:06 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/05/05 10:59:06 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/05/05 10:59:05 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/05/05 10:59:05 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/05/05 10:59:04 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/05/05 10:59:04 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/05/05 10:59:04 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/05/05 10:59:04 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/05/05 10:59:04 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/05/05 10:59:04 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/05/05 10:59:04 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/05/05 10:59:03 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/05/05 10:59:03 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/05/05 10:59:03 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/05/05 10:59:03 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/05/05 10:59:03 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/05/05 10:59:02 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/05/05 10:59:02 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/05/05 10:59:02 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/05/05 10:59:02 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/05/05 10:59:01 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/05/05 10:59:01 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/05/05 10:59:01 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/05/05 10:59:01 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/05/05 10:59:01 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/05/05 10:59:01 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/05/05 10:59:00 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/05/05 10:59:00 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/05/05 10:59:00 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/05/05 10:59:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/05/05 10:59:00 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/05/05 10:59:00 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/05/05 10:58:59 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/05/05 10:58:59 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/05/05 10:45:23 | 000,016,478 | ---- | M] () -- C:\Users\Bartletts\Desktop\aston-villa.jpg

========== Files Created - No Company Name ==========

[2011/05/28 12:33:49 | 000,075,264 | ---- | C] () -- C:\Users\Bartletts\Desktop\SystemLook.exe
[2011/05/10 18:13:38 | 000,005,396 | ---- | C] () -- C:\Users\Public\Documents\Promenade_Example.mscz
[2011/05/10 18:13:38 | 000,003,915 | ---- | C] () -- C:\Users\Public\Documents\something.mscz
[2011/05/10 18:13:38 | 000,003,043 | ---- | C] () -- C:\Users\Public\Documents\.something.mscz,
[2011/05/10 18:13:38 | 000,002,011 | ---- | C] () -- C:\Users\Public\Documents\jack wqa.mscz
[2011/05/10 18:13:38 | 000,001,653 | ---- | C] () -- C:\Users\Public\Documents\Z1.mscz
[2011/05/09 17:41:39 | 000,064,386 | ---- | C] () -- C:\Users\Public\Documents\zach post big.lxf
[2011/05/09 17:41:39 | 000,028,897 | ---- | C] () -- C:\Users\Public\Documents\Clifton Suspension Bridge.lxf
[2011/05/09 17:41:39 | 000,023,278 | ---- | C] () -- C:\Users\Public\Documents\The comunist island-arport defence cars.lxf
[2011/05/09 17:41:39 | 000,017,665 | ---- | C] () -- C:\Users\Public\Documents\The comunist island-arport defence base.lxf
[2011/05/09 17:41:39 | 000,017,466 | ---- | C] () -- C:\Users\Public\Documents\BAD GREEN BOAT.lxf
[2011/05/09 17:41:39 | 000,017,197 | ---- | C] () -- C:\Users\Public\Documents\RRT-Snow Base.lxf
[2011/05/09 17:41:39 | 000,016,653 | ---- | C] () -- C:\Users\Public\Documents\zach post canteen.lxf
[2011/05/09 17:41:39 | 000,016,106 | ---- | C] () -- C:\Users\Public\Documents\zach post van.lxf
[2011/05/09 17:41:39 | 000,015,277 | ---- | C] () -- C:\Users\Public\Documents\BA.D Hoverjet.lxf
[2011/05/09 17:41:39 | 000,014,089 | ---- | C] () -- C:\Users\Public\Documents\RRT-Snow Sled.lxf
[2011/05/09 17:41:39 | 000,013,761 | ---- | C] () -- C:\Users\Public\Documents\RRT-Snow Helicopter.lxf
[2011/05/09 17:41:39 | 000,012,171 | ---- | C] () -- C:\Users\Public\Documents\zl house.lxf
[2011/05/09 17:41:39 | 000,011,934 | ---- | C] () -- C:\Users\Public\Documents\House ZJB.lxf
[2011/05/09 17:41:39 | 000,011,849 | ---- | C] () -- C:\Users\Public\Documents\AMPHIBIAS VEHICLE.lxf
[2011/05/09 17:41:39 | 000,011,378 | ---- | C] () -- C:\Users\Public\Documents\GOOD YELLOW BOAT.lxf
[2011/05/09 17:41:39 | 000,010,355 | ---- | C] () -- C:\Users\Public\Documents\milk van.lxf
[2011/05/09 17:41:39 | 000,010,303 | ---- | C] () -- C:\Users\Public\Documents\race r-truck.lxf
[2011/05/09 17:41:39 | 000,010,047 | ---- | C] () -- C:\Users\Public\Documents\BA.D Base.lxf
[2011/05/09 17:41:39 | 000,010,019 | ---- | C] () -- C:\Users\Public\Documents\ARMYVEHICLELUKESTARTEDELEVENTHOFTHESICTH2010.lxf
[2011/05/09 17:41:39 | 000,008,413 | ---- | C] () -- C:\Users\Public\Documents\loonotick.lxf
[2011/05/09 17:41:39 | 000,007,793 | ---- | C] () -- C:\Users\Public\Documents\MI.5 Trote.lxf
[2011/05/09 17:41:39 | 000,006,165 | ---- | C] () -- C:\Users\Public\Documents\police pison security.lxf
[2011/05/09 17:41:39 | 000,005,561 | ---- | C] () -- C:\Users\Public\Documents\tea & coffe d-recd.lxf
[2011/05/08 08:51:01 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1002UA.job
[2011/05/08 08:51:00 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1002Core.job
[2011/05/07 20:09:57 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1001UA.job
[2011/05/07 20:09:57 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-39172697-96401995-3935220806-1001Core.job
[2011/05/05 10:59:04 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/05/05 10:45:30 | 000,016,478 | ---- | C] () -- C:\Users\Bartletts\Desktop\aston-villa.jpg
[2011/03/11 13:56:09 | 000,000,292 | ---- | C] () -- C:\Windows\ka.ini
[2011/03/11 10:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\SETUP32.INI
[2011/03/10 17:14:47 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011/03/10 17:00:02 | 000,001,318 | ---- | C] () -- C:\Windows\disney.ini
[2011/03/09 14:39:34 | 000,016,896 | ---- | C] () -- C:\Users\Bartletts\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/09 14:28:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/23 12:59:07 | 000,028,219 | ---- | C] () -- C:\Users\Bartletts\AppData\Roaming\nvModes.001
[2011/02/23 12:49:41 | 000,028,219 | ---- | C] () -- C:\Users\Bartletts\AppData\Roaming\nvModes.dat
[2011/02/22 13:32:45 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2011/02/22 12:35:14 | 000,000,680 | ---- | C] () -- C:\Users\Bartletts\AppData\Local\d3d9caps.dat
[2011/02/22 11:55:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/12/22 15:40:24 | 000,009,528 | ---- | C] () -- C:\Windows\System32\OxigenServiceContracts.dll
[2010/11/29 22:30:56 | 000,007,168 | ---- | C] () -- C:\Windows\System32\OxigenCompiledRegexes.dll
[2010/11/19 14:31:38 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AxInterop.WMPLib.dll
[2010/11/19 14:31:38 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AxInterop.ShockwaveFlashObjects.dll
[2010/11/19 14:31:38 | 000,028,672 | ---- | C] () -- C:\Windows\System32\AxInterop.QTOControlLib.dll
[2009/04/11 14:18:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 14:18:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 14:18:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,251,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,606,602 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,105,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

< End of report >
jaz167
Active Member
 
Posts: 6
Joined: May 26th, 2011, 3:46 pm

Re: searchqu.com/406

Unread postby jaz167 » May 28th, 2011, 9:38 am

OTL Extras logfile created on: 5/28/2011 2:32:34 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Bartletts\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.86% Memory free
4.22 Gb Paging File | 3.29 Gb Available in Paging File | 77.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.31 Gb Total Space | 89.31 Gb Free Space | 64.57% Space Free | Partition Type: NTFS
Drive D: | 149.05 Gb Total Space | 138.20 Gb Free Space | 92.72% Space Free | Partition Type: NTFS

Computer Name: BARTLETTS-PC | User Name: Bartletts | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FB2D7B-C157-4D5A-A97C-F5230A9CB61C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1554EACB-DD9A-48BD-B577-1AC4A64EE338}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32D4DF89-701A-4687-B9AF-2E5F43513C67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4229EE64-3EE0-4170-A290-02F7AC32A792}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4E784C47-053A-4753-867E-B11C89B7C278}" = lport=138 | protocol=17 | dir=in | app=system |
"{5269C678-E74A-4F76-AEC8-414D06C7D6F2}" = rport=137 | protocol=17 | dir=out | app=system |
"{541669E2-7970-4F1B-AA09-73CE533A8C0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{70618C7E-73C7-487B-BBDE-DD0B339BBDF0}" = rport=445 | protocol=6 | dir=out | app=system |
"{72201E02-626A-499B-8FD8-5CF9910E2146}" = rport=139 | protocol=6 | dir=out | app=system |
"{79A048B3-2196-4C9A-A416-3E4B49B6F9CC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{88F95C6C-34D8-4407-ABD9-BF6A98392AC2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CB5854B-BE94-45BD-951F-040600924D16}" = lport=445 | protocol=6 | dir=in | app=system |
"{8E5F00DD-911D-4346-AE50-6C49B018769E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B188407-4008-413D-BBB2-ACDDB683DBB4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9D9A54DC-4F74-4340-A703-411AFC3D851F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFD3424F-562A-4C83-ADA0-840BEB816CEE}" = lport=137 | protocol=17 | dir=in | app=system |
"{B5121076-130B-4980-8C27-5CF8F8745B88}" = rport=138 | protocol=17 | dir=out | app=system |
"{C0058628-A89A-41B9-B16F-BA50760163CE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C607037D-DF81-46FE-B4EB-0A2EB4788E48}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C6817320-4B5D-4E57-B410-48641CBD69B0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0907AF8-080E-4999-A843-E165F94C180F}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0125724A-C33F-48EE-865D-206682337FB1}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{31D008FC-80A3-4864-91A4-6CD16EABB94D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{421E11ED-6C8B-4D93-B8C8-BE9C87820525}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4412A587-5DB1-4274-A2AD-C59DEDE9F9AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AAF4D95-D1C7-46C5-9640-6E6B8261BED9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4B0C1CEE-0030-4A2D-A783-516D9DF6BC64}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6A1B8166-5CFC-4E82-AD8B-5D58B8E20C6B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7463EF28-D690-4F49-8525-13D875F2798F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7DFA71F5-C551-4D39-AF23-CDDF05FA9D8F}" = protocol=6 | dir=out | app=system |
"{8BB193CA-CF92-4A2C-AEE2-28A4CEE5F6D3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8FC6155-0377-4DD2-B576-E8B7488F2F3F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BABB148B-E447-4D5D-99CD-86210C3D82E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C7F25B8D-5D26-459C-9179-E52037041BA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D598ACA1-BD15-4392-AEBB-68A0B4D3D6D2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EE00FBF6-FEBC-492E-B36D-9BC6177CD859}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F1933066-8EB6-4F78-A07C-5CC20BFE51C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F26DFC37-24B7-4708-8881-789F072CA31B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F411DB08-F716-4586-BE35-388575B1C21E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB26C821-CB2A-4447-A2EE-FC0377099B66}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05AB04BD-B62E-4A98-9DA0-9650699CAF8E}" = Oxigen
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E552C4F9-7FE6-4876-814A-E50DE86F5E9A}" = Disney's The Jungle Book Year 3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"DVD-Cloner 8_is1" = DVD-Cloner V8.00 Build 1001
"Frankie Time Traveller" = Frankie Time Traveller
"Frankie's Animal Adventures" = Frankie's Animal Adventures
"JumpStart Typing" = JumpStart Typing
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"MuseScore" = MuseScore 1.0 MuseScore score typesetter
"New LEGO Digital Designer" = LEGO Digital Designer
"NVIDIA Drivers" = NVIDIA Drivers
"Reader Rabbit's Maths Ages 6-8" = Reader Rabbit's Maths Ages 6-8
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/28/2011 4:47:51 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

Error - 5/28/2011 5:47:53 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

Error - 5/28/2011 5:47:53 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

Error - 5/28/2011 6:47:53 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

Error - 5/28/2011 6:47:53 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

Error - 5/28/2011 7:47:54 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

Error - 5/28/2011 7:47:54 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

Error - 5/28/2011 8:47:54 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

Error - 5/28/2011 8:47:54 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

Error - 5/28/2011 9:35:17 AM | Computer Name = Bartletts-PC | Source = Oxigen Service | ID = 0
Description = Failed to retrieve General Data

[ System Events ]
Error - 5/26/2011 2:38:13 PM | Computer Name = Bartletts-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 5/26/2011 2:48:51 PM | Computer Name = Bartletts-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 5/27/2011 6:37:28 AM | Computer Name = Bartletts-PC | Source = bowser | ID = 8003
Description =

Error - 5/27/2011 8:49:24 AM | Computer Name = Bartletts-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:14:48 PM on 5/27/2011 was unexpected.

Error - 5/27/2011 8:49:29 AM | Computer Name = Bartletts-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 5/27/2011 3:31:06 PM | Computer Name = Bartletts-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 5/28/2011 3:49:56 AM | Computer Name = Bartletts-PC | Source = BROWSER | ID = 8032
Description =

Error - 5/28/2011 9:25:16 AM | Computer Name = Bartletts-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 5/28/2011 9:25:48 AM | Computer Name = Bartletts-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892

Error - 5/28/2011 9:30:46 AM | Computer Name = Bartletts-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%886 Error Code: 0x8007042c Error description: The dependency service or group failed
to start. Reason: %%892


< End of report >
jaz167
Active Member
 
Posts: 6
Joined: May 26th, 2011, 3:46 pm

Re: searchqu.com/406

Unread postby askey127 » May 28th, 2011, 11:08 am

jaz167
Since both the Youtube downloader and the Oxigen program download and share files from unknown sources, you can expect a fair chance to become infected.
I would suggest you Uninstall them both, but it's your call.
I would also suggest you remove smartwebsearch.net as your startup page in the browser. That site has a very questionable history, and is shown in one or more security blocklists.

Be on the lookout, but I think we got most of it, based on your original complaint.
Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: searchqu.com/406

Unread postby jaz167 » May 28th, 2011, 11:34 am

Thanks, this is an amazing service. I've uninstalled the youtube downloader. How do I get rid of smartwebsearch.net as my startup page in the browser?
jaz167
Active Member
 
Posts: 6
Joined: May 26th, 2011, 3:46 pm

Re: searchqu.com/406

Unread postby askey127 » May 28th, 2011, 1:28 pm

jaz167,
This will get rid of it.
You will need to set up a new start page (home page)
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :OTL
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
----------------------------------------------
Open Internet Explorer.
Click the Tools from the top menu. If you can't see it, hit the Alt key once.
Choose Internet options
You can set your home page to anything you want, like http://www.google.com

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: searchqu.com/406

Unread postby jaz167 » May 28th, 2011, 2:31 pm

All sorted. Thanks again and keep up the good work. I'm so glad I found this site.
jaz167
Active Member
 
Posts: 6
Joined: May 26th, 2011, 3:46 pm

Re: searchqu.com/406

Unread postby askey127 » May 28th, 2011, 6:24 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 48 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware