Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

www.searchnu.com/406

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

www.searchnu.com/406

Unread postby donikoues » May 16th, 2012, 5:04 pm

Hi,

I am a new member here so if I have posted anything incorrectly accept my apologies and please advise so I can rectify it.

I have noticed that other users have been infected by the searchnu.com/406 and my laptop is infected too and it was brought by the something called livid player.
It was adviced on the other thread that every case is different so I followed the first step to run the OTL app as recommended and here are my results:

Code: Select all
OTL logfile created on: 16/05/2012 21:36:49 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\uk_trader\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.54% Memory free
3.98 Gb Paging File | 3.04 Gb Available in Paging File | 76.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.11 Gb Total Space | 255.52 Gb Free Space | 90.58% Space Free | Partition Type: NTFS
Drive D: | 15.69 Gb Total Space | 1.73 Gb Free Space | 11.05% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 89.45 Mb Free Space | 90.35% Space Free | Partition Type: FAT32
 
Computer Name: UK_TRADER-HP | User Name: uk_trader | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
PRC - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012/04/05 13:08:36 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/12 13:12:01 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/01/13 21:20:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/01/13 21:13:41 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/10/24 06:50:00 | 001,433,692 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011/10/07 04:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/09/10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 09:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/21 15:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/05/12 12:15:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/12 12:15:18 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll
MOD - [2012/05/12 11:28:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 11:25:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 11:25:16 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 11:24:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 11:23:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 11:23:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 11:23:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 11:22:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012/05/15 18:14:20 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 02:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2012/05/04 21:27:05 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2012/03/29 16:32:12 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/24 06:50:00 | 000,444,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/10/22 10:53:40 | 000,445,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/10/22 10:52:54 | 000,263,968 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/10/22 10:52:40 | 000,060,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/10/22 10:52:08 | 000,147,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/10/22 10:51:54 | 000,035,488 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/10/22 10:51:38 | 000,025,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011/10/22 10:51:22 | 000,097,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_avdt.sys -- (btath_avdt)
DRV - [2011/10/22 10:51:08 | 000,290,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/08/22 05:13:20 | 002,204,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011/03/23 16:15:48 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2011/03/23 16:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 16:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 16:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 16:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/12/02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/10/08 14:14:55 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2010/07/28 18:13:42 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/03/02 21:33:54 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/7
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 17:38:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/05/15 17:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Extensions
[2012/05/16 18:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Firefox\Profiles\z0n2wfk5.default\extensions
[2012/05/15 17:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/15 19:33:20 | 000,148,816 | ---- | M] () (No name found) -- C:\USERS\UK_TRADER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z0N2WFK5.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
[2012/04/21 02:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32 [2012/05/16 21:36:26 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32 [2012/05/16 21:36:26 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32 [2012/05/16 21:36:26 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Persistence] C:\Windows\System32 [2012/05/16 21:36:26 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB822218-F6EB-4E61-8FCF-84A046F8F1C9}: DhcpNameServer = 40.23.1.201 40.23.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA1A98D7-700A-4842-94D2-C955D2F19ABE}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell - "" = AutoRun
O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell - "" = AutoRun
O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/05/16 21:27:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
[2012/05/16 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Malwarebytes
[2012/05/16 21:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/16 21:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/16 21:08:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/16 21:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/15 18:03:16 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Mozilla
[2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Mozilla
[2012/05/15 17:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 17:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/15 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/14 19:06:27 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Ilivid Player
[2012/05/14 19:02:52 | 000,000,000 | ---D | C] -- C:\Program Files\Searchqu Toolbar
[2012/05/12 19:20:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/12 11:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/05/11 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/05/11 18:27:19 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/05/11 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\SoftGrid Client
[2012/05/11 18:19:21 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client
[2012/05/11 18:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/05/11 18:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/05/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/05/11 18:17:44 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TP
[2012/05/11 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft Corporation
[2012/05/11 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/05/11 16:55:34 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/11 16:55:33 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/11 16:55:32 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/11 16:55:12 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/09 20:00:54 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012/05/09 20:00:47 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012/05/09 20:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/05/09 19:59:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software
[2012/05/09 19:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012/05/09 19:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/05/09 19:58:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/09 19:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/09 19:38:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PassMark
[2012/05/09 19:38:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\PassMark
[2012/05/09 19:37:52 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2012/05/09 19:37:52 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2012/05/09 19:37:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2012/05/09 19:37:51 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012/05/09 19:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
[2012/05/09 19:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2012/05/09 19:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2012/05/09 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology
[2012/05/09 19:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology
[2012/05/09 19:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 Mobile Broadband
[2012/05/09 19:09:26 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2012/05/09 19:09:26 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
[2012/05/09 19:09:26 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2012/05/09 19:09:26 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2012/05/09 19:09:26 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2012/05/09 19:09:25 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2012/05/09 19:09:25 | 000,353,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys
[2012/05/09 19:09:25 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2012/05/09 19:09:25 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2012/05/09 19:09:25 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2012/05/09 19:09:25 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2012/05/09 19:09:24 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2012/05/09 19:09:24 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2012/05/09 19:09:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2012/05/09 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Huawei Modems
[2012/05/09 19:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2012/05/08 20:33:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\BETTING PRO
[2012/05/08 17:47:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\CrashDumps
[2012/05/08 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Sophos
[2012/05/07 10:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/05/06 23:01:38 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/05/06 23:01:36 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/05/06 23:01:35 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/05/06 23:01:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/05/06 23:01:33 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/05/06 23:01:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/05/06 11:15:25 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2012/05/06 11:14:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/05/06 11:14:42 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/05/06 11:14:40 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/05/06 11:14:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/05/06 11:14:06 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webio.dll
[2012/05/06 11:14:05 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2012/05/06 11:13:52 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2012/05/05 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/05 19:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/04 21:27:45 | 000,059,392 | ---- | C] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll
[2012/05/04 21:27:44 | 000,260,096 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2012/05/04 21:27:43 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2012/05/04 21:27:43 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2012/05/04 21:27:43 | 000,056,832 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2012/05/04 21:27:42 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2012/05/04 21:27:42 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2012/05/04 21:27:42 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2012/05/04 21:27:42 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2012/05/04 21:27:42 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2012/05/04 21:27:41 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2012/05/04 21:27:41 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2012/05/04 21:27:41 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2012/05/04 21:27:41 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2012/05/04 21:27:40 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2012/05/04 21:27:40 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2012/05/04 21:27:40 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2012/05/04 21:27:40 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2012/05/04 21:27:40 | 000,280,064 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2012/05/04 21:27:39 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2012/05/04 21:27:39 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2012/05/04 21:27:38 | 009,030,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2012/05/04 21:27:37 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc
[2012/05/04 21:27:37 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2012/05/04 21:27:36 | 000,284,672 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2012/05/04 21:27:36 | 000,284,160 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2012/05/04 21:27:36 | 000,283,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2012/05/04 21:27:36 | 000,283,136 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2012/05/04 21:27:36 | 000,279,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2012/05/04 21:27:35 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2012/05/04 21:27:35 | 000,279,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2012/05/04 21:27:35 | 000,200,704 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2012/05/04 21:27:34 | 000,130,560 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2012/05/04 21:27:34 | 000,119,808 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2012/05/04 21:27:34 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2012/05/04 21:27:32 | 002,314,240 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdogl32.dll
[2012/05/04 21:27:30 | 001,344,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\igddim32.sys
[2012/05/04 21:27:28 | 000,094,720 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2012/05/04 21:27:27 | 003,157,272 | ---- | C] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe
[2012/05/04 21:27:26 | 000,122,368 | ---- | C] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll
[2012/05/04 21:12:53 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
[2012/05/04 20:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/04 20:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/04 19:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2012/05/04 19:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/05/04 19:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/05/04 19:46:30 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/05/04 19:44:26 | 000,122,360 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/05/04 19:44:26 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/05/04 19:44:16 | 000,000,000 | ---D | C] -- C:\savw_95_sa
[2012/05/04 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PROGRAMS
[2012/05/04 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Adobe
[2012/05/04 19:29:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\IDT
[2012/05/04 19:10:34 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/05/04 19:08:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/04 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Google
[2012/05/04 19:06:50 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Apps
[2012/05/04 19:06:49 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Deployment
[2012/05/04 19:02:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Macromedia
[2012/05/04 19:02:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Adobe
[2012/05/04 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Kjs.AppLife.Update
[2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Blio
[2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blio
[2012/05/04 18:54:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Blio
[2012/05/04 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Intel Corporation
[2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\BMExplorer
[2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Bluetooth Folder
[2012/05/04 18:48:29 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Atheros
[2012/05/04 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Synaptics
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Searches
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/04 18:47:54 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/04 18:47:45 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Identities
[2012/05/04 18:47:43 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Contacts
[2012/05/04 18:47:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Hewlett-Packard
[2012/05/04 18:43:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\hpqlog
[2012/05/04 18:43:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard
[2012/05/04 18:43:16 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/05/04 18:43:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/05/04 18:43:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/05/04 18:43:15 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2012/05/04 18:42:42 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\RemEngine
[2012/05/04 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard_Company
[2012/05/04 18:40:11 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\VirtualStore
[2012/05/04 18:40:10 | 000,000,000 | --SD | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Videos
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Saved Games
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Pictures
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Music
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Links
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Favorites
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Downloads
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Documents
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Desktop
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Temporary Internet Files
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Templates
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Start Menu
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\SendTo
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Recent
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\PrintHood
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\NetHood
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Videos
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Pictures
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Music
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\My Documents
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Local Settings
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\History
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Cookies
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Application Data
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Application Data
[2012/05/04 18:40:10 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\AppData
[2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Temp
[2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/05/16 21:39:11 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 21:39:11 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 21:36:26 | 000,628,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/16 21:36:26 | 000,110,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/16 21:30:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
[2012/05/16 21:09:00 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/16 20:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/16 20:12:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job
[2012/05/16 19:49:58 | 000,031,117 | ---- | M] () -- C:\Users\uk_trader\Desktop\batty acc.rtf
[2012/05/16 19:12:01 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job
[2012/05/16 18:38:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job
[2012/05/15 18:14:13 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/15 18:14:13 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/15 17:38:46 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 20:03:18 | 000,000,247 | ---- | M] () -- C:\Users\uk_trader\Desktop\chris batty.rtf
[2012/05/12 11:21:04 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job
[2012/05/12 11:20:39 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/09 19:35:40 | 000,007,606 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg
[2012/05/09 19:09:40 | 000,001,943 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/05/09 19:09:39 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/05/09 19:09:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/09 19:08:01 | 000,067,156 | ---- | M] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/05/06 20:22:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/05 17:15:39 | 000,015,098 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/05/05 02:38:58 | 000,102,127 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/05/04 21:27:08 | 000,059,392 | ---- | M] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll
[2012/05/04 21:27:07 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2012/05/04 21:27:07 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2012/05/04 21:27:07 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2012/05/04 21:27:07 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2012/05/04 21:27:07 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2012/05/04 21:27:07 | 000,280,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2012/05/04 21:27:07 | 000,260,096 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2012/05/04 21:27:07 | 000,056,832 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2012/05/04 21:27:06 | 009,030,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2012/05/04 21:27:06 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdogl32.dll
[2012/05/04 21:27:06 | 001,097,216 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2012/05/04 21:27:06 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2012/05/04 21:27:06 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxresn.lrc
[2012/05/04 21:27:06 | 000,284,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2012/05/04 21:27:06 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2012/05/04 21:27:06 | 000,284,160 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2012/05/04 21:27:06 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2012/05/04 21:27:06 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2012/05/04 21:27:06 | 000,283,648 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2012/05/04 21:27:06 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2012/05/04 21:27:06 | 000,283,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2012/05/04 21:27:06 | 000,282,624 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2012/05/04 21:27:06 | 000,282,624 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2012/05/04 21:27:06 | 000,280,576 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2012/05/04 21:27:06 | 000,279,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2012/05/04 21:27:06 | 000,279,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2012/05/04 21:27:06 | 000,200,704 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2012/05/04 21:27:06 | 000,130,560 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2012/05/04 21:27:06 | 000,119,808 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2012/05/04 21:27:06 | 000,074,240 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdvidproc32.dll
[2012/05/04 21:27:06 | 000,023,552 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2012/05/04 21:27:06 | 000,004,096 | ---- | M] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/05/04 21:27:05 | 003,157,272 | ---- | M] (Intel Corporation) -- C:\Windows\System32\GfxUI.exe
[2012/05/04 21:27:05 | 001,344,512 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igddim32.sys
[2012/05/04 21:27:05 | 000,817,152 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igddxva32.dll
[2012/05/04 21:27:05 | 000,122,368 | ---- | M] (Intel Corporation) -- C:\Windows\System32\gfxSrvc.dll
[2012/05/04 21:27:05 | 000,094,720 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2012/05/04 21:27:05 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igdaux32.dll
[2012/05/04 21:27:05 | 000,018,196 | ---- | M] () -- C:\Windows\System32\igddim32.vp
[2012/05/04 20:59:49 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/04 19:01:48 | 000,001,411 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/05/16 21:09:00 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 21:43:26 | 000,031,117 | ---- | C] () -- C:\Users\uk_trader\Desktop\batty acc.rtf
[2012/05/15 18:03:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/15 17:38:46 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/15 17:38:44 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/13 20:03:18 | 000,000,247 | ---- | C] () -- C:\Users\uk_trader\Desktop\chris batty.rtf
[2012/05/11 18:52:13 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job
[2012/05/11 17:02:14 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/05/09 20:00:21 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/05/09 19:35:40 | 000,007,606 | ---- | C] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg
[2012/05/09 19:09:40 | 000,001,943 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/05/09 19:09:39 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/05/09 19:09:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/09 19:07:59 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/05/09 19:07:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2012/05/06 20:22:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/04 21:27:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/05/04 21:27:30 | 000,018,196 | ---- | C] () -- C:\Windows\System32\igddim32.vp
[2012/05/04 20:59:49 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/04 19:07:03 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job
[2012/05/04 19:07:03 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job
[2012/05/04 19:01:48 | 000,001,411 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/04 18:48:10 | 000,001,417 | ---- | C] () -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/04 18:47:28 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job
[2012/05/04 18:40:10 | 000,000,290 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/04 18:40:10 | 000,000,272 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/01 10:41:15 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/30 10:50:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/10/22 10:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 04:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/06 21:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/05/09 19:09:55 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology
[2012/05/04 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Blio
[2012/05/04 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\IDT
[2012/05/16 19:50:04 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client
[2012/05/04 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Synaptics
[2012/05/11 18:19:30 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TP
[2012/05/09 19:59:54 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software
[2009/07/14 05:53:46 | 000,009,838 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >



And second file

Code: Select all
OTL Extras logfile created on: 16/05/2012 21:36:49 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\uk_trader\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.54% Memory free
3.98 Gb Paging File | 3.04 Gb Available in Paging File | 76.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.11 Gb Total Space | 255.52 Gb Free Space | 90.58% Space Free | Partition Type: NTFS
Drive D: | 15.69 Gb Total Space | 1.73 Gb Free Space | 11.05% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 89.45 Mb Free Space | 90.35% Space Free | Partition Type: FAT32
 
Computer Name: UK_TRADER-HP | User Name: uk_trader | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8EE30191-9A88-4120-A341-8A2D9ADBD617}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{AF4A7DCF-5480-4570-A9DA-AF66D3D272C6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C6AC66AD-9912-4317-8D03-7CAF8E427774}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{C91532B7-3039-4610-9CD8-8F77C5880703}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{CFEDEF74-41D4-4731-B866-A3E87E555E64}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{D432C3D5-9FB4-4A50-9105-ADEFBC9042F9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"TCP Query User{52CDAC23-81BB-4DDB-90FC-F4F9A3FFF216}C:\program files\performancetest\pt.exe" = protocol=6 | dir=in | app=c:\program files\performancetest\pt.exe | 
"UDP Query User{7DE3EE16-A911-4F46-820E-6B7A611FC474}C:\program files\performancetest\pt.exe" = protocol=17 | dir=in | app=c:\program files\performancetest\pt.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{101A497C-7EF6-4001-834D-E5FA1C70FEFA}" = Atheros Bluetooth Suite
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{285F722C-0E45-47DE-B38E-5B3B10FA4A7C}" = HP Quick Launch
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2DB8743E-A513-4AE5-A617-BD42D0653969}" = HP Launch Box
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{860C8A24-AA98-476C-90D3-5046C0787987}" = HP Documentation
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{BCE2B68D-8543-4ED6-8BF8-DB125A11A929}" = ESU for Microsoft Windows 7 SP1
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDE547F9-21B7-4067-AC7F-F19627CCC31F}" = HP Security Assistant
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF9DAE00-F582-42F6-9537-B5F1F6858AE1}" = HP Software Framework
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"Huawei Modems" = Huawei modem
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PerformanceTest 7_is1" = PerformanceTest v7.0
"Searchqu Toolbar" = Searchqu Toolbar
"SynTPDeinstKey" = Synaptics TouchPad Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WinLiveSuite" = Windows Live Essentials
 
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
 
[HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 04/05/2012 13:48:35 | Computer Name = uk_trader-HP | Source = Application Error | ID = 1000
Description = Faulting application name: HPWMISVC.exe, version: 2.5.1.0, time stamp:
 0x4e1a9184  Faulting module name: HPWMISVC.exe, version: 2.5.1.0, time stamp: 0x4e1a9184
Exception
 code: 0xc0000005  Fault offset: 0x000016d1  Faulting process id: 0x65c  Faulting application
 start time: 0x01cd2a5fb6cf9d2d  Faulting application path: C:\Program Files\Hewlett-Packard\HP
 Quick Launch\HPWMISVC.exe  Faulting module path: C:\Program Files\Hewlett-Packard\HP
 Quick Launch\HPWMISVC.exe  Report Id: 5e79bb07-9611-11e1-8077-9cb70d7dd5bb
 
Error - 04/05/2012 13:52:17 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/05/2012 14:19:14 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/05/2012 14:23:12 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/05/2012 14:57:32 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10
Description = 
 
Error - 04/05/2012 15:05:49 | Computer Name = uk_trader-HP | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV.exe, version: 1.0.6370.0, time stamp:
 0x4ea4d6b1  Faulting module name: ntdll.dll, version: 6.1.7601.17514, time stamp:
 0x4ce7b96e  Exception code: 0xc000000d  Fault offset: 0x00097bf1  Faulting process id:
 0x434  Faulting application start time: 0x01cd2a2784417e78  Faulting application path:
 C:\Program Files\IDT\WDM\STacSV.exe  Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
 Id: 29064ff3-961c-11e1-8f69-9cb70d7dd5bb
 
Error - 05/05/2012 12:15:02 | Computer Name = uk_trader-HP | Source = WinMgmt | ID = 10
Description = 
 
[ Hewlett-Packard Events ]
Error - 06/05/2012 06:22:24 | Computer Name = uk_trader-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 06/05/2012 06:22:24 | Computer Name = uk_trader-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12/05/2012 07:34:30 | Computer Name = uk_trader-HP | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 12/05/2012 07:34:44 | Computer Name = uk_trader-HP | Source = HPSF.exe | ID = 4000
Description = 
 
[ HP Software Framework Events ]
Error - 13/01/2012 17:10:58 | Computer Name = N1N75ERBQT5GC | Source = CaslWmi | ID = 5
Description = 2012/01/13 13:10:58.248|000003B8|Error      |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception
 occurred in querying WMI for WmiMonitorBrightness: 'Not supported '
 
Error - 12/05/2012 07:28:37 | Computer Name = uk_trader-HP | Source = CaslSmBios | ID = 5
Description = 2012/05/12 12:28:37.924|00000324|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Retrieving the COM class factory 
for component with CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} failed due to the
 following error: 80070422.
 
Error - 12/05/2012 07:34:56 | Computer Name = uk_trader-HP | Source = CaslSmBios | ID = 5
Description = 2012/05/12 12:34:56.703|00000DE0|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Retrieving the COM class factory 
for component with CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} failed due to the
 following error: 80070422.
 
Error - 12/05/2012 07:35:10 | Computer Name = uk_trader-HP | Source = CaslSmBios | ID = 5
Description = 2012/05/12 12:35:10.698|000013FC|Error      |[CaslWmi]A::A{bool()}|Error
 connecting to Global Event server. Exception: Retrieving the COM class factory 
for component with CLSID {69D77689-DA2B-4308-8404-2614CBF9896E} failed due to the
 following error: 80070422.
 
[ System Events ]
Error - 04/05/2012 13:48:46 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7034
Description = The HPWMISVC service terminated unexpectedly.  It has done this 1 
time(s).
 
Error - 04/05/2012 14:56:14 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7034
Description = The HP Auto service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 04/05/2012 15:06:06 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7034
Description = The Audio Service service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 07/05/2012 04:56:34 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%16405
 
Error - 07/05/2012 07:19:28 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the ShellHWDetection service.
 
Error - 07/05/2012 07:19:28 | Computer Name = uk_trader-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the HPClientSvc service.
 
Error - 07/05/2012 13:21:21 | Computer Name = uk_trader-HP | Source = DCOM | ID = 10010
Description = 
 
Error - 09/05/2012 14:02:49 | Computer Name = uk_trader-HP | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
 will not be used. The driver has been unloaded.
 
 
< End of report >

Can you please advice or help with the next step?


Many thanks in advance
donikoues
Active Member
 
Posts: 5
Joined: May 16th, 2012, 4:51 pm
Advertisement
Register to Remove

Re: www.searchnu.com/406

Unread postby askey127 » May 18th, 2012, 7:25 am

Hi donikoues,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Searchqu Toolbar

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
    IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
    IE - HKU\S-1-5-21-3224105516-2178430169-1404831700-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
    O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
    
    :Files
    C:\Users\uk_trader\AppData\Local\Ilivid Player
    C:\Program Files\Searchqu Toolbar
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    It can also be found on your desktop as a new version of OTL.txt

---------------------------------------------
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

So we are looking for the contents of:
OTL.txt
SystemLook.txt


askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/406

Unread postby donikoues » May 18th, 2012, 3:41 pm

Hi askey127,

First of all thank you very much for helping me out, it is appreciated.

Please find below the second otl log:

Code: Select all
OTL logfile created on: 18/05/2012 20:16:35 - Run 2
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\uk_trader\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.68% Memory free
3.98 Gb Paging File | 3.16 Gb Available in Paging File | 79.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.11 Gb Total Space | 255.40 Gb Free Space | 90.53% Space Free | Partition Type: NTFS
Drive D: | 15.69 Gb Total Space | 1.73 Gb Free Space | 11.05% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 89.45 Mb Free Space | 90.35% Space Free | Partition Type: FAT32
 
Computer Name: UK_TRADER-HP | User Name: uk_trader | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
PRC - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012/04/05 13:08:36 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/01/13 21:20:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/01/13 21:13:41 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/10/24 06:50:00 | 001,433,692 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011/10/07 04:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/06 09:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/21 15:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/05/12 12:15:18 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll
MOD - [2012/05/12 11:28:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 11:25:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 11:25:16 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 11:23:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 11:23:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 11:23:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 11:22:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012/05/15 18:14:20 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 02:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2012/05/04 21:27:05 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2012/03/29 16:32:12 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/24 06:50:00 | 000,444,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/10/22 10:53:40 | 000,445,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/10/22 10:52:54 | 000,263,968 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/10/22 10:52:40 | 000,060,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/10/22 10:52:08 | 000,147,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/10/22 10:51:54 | 000,035,488 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/10/22 10:51:38 | 000,025,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011/10/22 10:51:22 | 000,097,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_avdt.sys -- (btath_avdt)
DRV - [2011/10/22 10:51:08 | 000,290,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/08/22 05:13:20 | 002,204,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011/03/23 16:15:48 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2011/03/23 16:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 16:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 16:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 16:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/12/02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/10/08 14:14:55 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2010/07/28 18:13:42 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/03/02 21:33:54 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/7
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 17:38:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/05/15 17:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Extensions
[2012/05/16 18:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Firefox\Profiles\z0n2wfk5.default\extensions
[2012/05/15 17:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/15 19:33:20 | 000,148,816 | ---- | M] () (No name found) -- C:\USERS\UK_TRADER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z0N2WFK5.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
[2012/04/21 02:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32 [2012/05/18 20:19:25 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32 [2012/05/18 20:19:25 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32 [2012/05/18 20:19:25 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Persistence] C:\Windows\System32 [2012/05/18 20:19:25 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB822218-F6EB-4E61-8FCF-84A046F8F1C9}: DhcpNameServer = 40.23.1.201 40.23.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA1A98D7-700A-4842-94D2-C955D2F19ABE}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell - "" = AutoRun
O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell - "" = AutoRun
O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/05/18 20:10:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/16 21:27:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
[2012/05/16 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Malwarebytes
[2012/05/16 21:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/16 21:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/16 21:08:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/16 21:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Mozilla
[2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Mozilla
[2012/05/15 17:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 17:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/15 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/12 19:20:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/12 11:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/05/11 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/05/11 18:27:19 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/05/11 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\SoftGrid Client
[2012/05/11 18:19:21 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client
[2012/05/11 18:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/05/11 18:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/05/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/05/11 18:17:44 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TP
[2012/05/11 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft Corporation
[2012/05/11 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/05/09 20:00:54 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012/05/09 20:00:47 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012/05/09 20:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/05/09 19:59:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software
[2012/05/09 19:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012/05/09 19:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/05/09 19:58:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/09 19:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/09 19:38:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PassMark
[2012/05/09 19:38:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\PassMark
[2012/05/09 19:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
[2012/05/09 19:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2012/05/09 19:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2012/05/09 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology
[2012/05/09 19:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology
[2012/05/09 19:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 Mobile Broadband
[2012/05/09 19:09:26 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2012/05/09 19:09:26 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2012/05/09 19:09:26 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2012/05/09 19:09:25 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2012/05/09 19:09:25 | 000,353,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys
[2012/05/09 19:09:25 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2012/05/09 19:09:25 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2012/05/09 19:09:25 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2012/05/09 19:09:25 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2012/05/09 19:09:24 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2012/05/09 19:09:24 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2012/05/09 19:09:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2012/05/09 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Huawei Modems
[2012/05/09 19:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2012/05/08 20:33:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\BETTING PRO
[2012/05/08 17:47:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\CrashDumps
[2012/05/08 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Sophos
[2012/05/07 10:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/05/05 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/05 19:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/04 21:12:53 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
[2012/05/04 20:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/04 20:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/04 19:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2012/05/04 19:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/05/04 19:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/05/04 19:46:30 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/05/04 19:44:26 | 000,122,360 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/05/04 19:44:26 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/05/04 19:44:16 | 000,000,000 | ---D | C] -- C:\savw_95_sa
[2012/05/04 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PROGRAMS
[2012/05/04 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Adobe
[2012/05/04 19:29:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\IDT
[2012/05/04 19:08:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/04 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Google
[2012/05/04 19:06:50 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Apps
[2012/05/04 19:06:49 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Deployment
[2012/05/04 19:02:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Macromedia
[2012/05/04 19:02:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Adobe
[2012/05/04 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Kjs.AppLife.Update
[2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Blio
[2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blio
[2012/05/04 18:54:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Blio
[2012/05/04 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Intel Corporation
[2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\BMExplorer
[2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Bluetooth Folder
[2012/05/04 18:48:29 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Atheros
[2012/05/04 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Synaptics
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Searches
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/04 18:47:54 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/04 18:47:45 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Identities
[2012/05/04 18:47:43 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Contacts
[2012/05/04 18:47:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Hewlett-Packard
[2012/05/04 18:43:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\hpqlog
[2012/05/04 18:43:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard
[2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2012/05/04 18:42:42 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\RemEngine
[2012/05/04 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard_Company
[2012/05/04 18:40:11 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\VirtualStore
[2012/05/04 18:40:10 | 000,000,000 | --SD | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Videos
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Saved Games
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Pictures
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Music
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Links
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Favorites
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Downloads
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Documents
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Desktop
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Temporary Internet Files
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Templates
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Start Menu
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\SendTo
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Recent
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\PrintHood
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\NetHood
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Videos
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Pictures
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Music
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\My Documents
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Local Settings
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\History
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Cookies
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Application Data
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Application Data
[2012/05/04 18:40:10 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\AppData
[2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Temp
[2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/05/18 20:22:01 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 20:22:01 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/18 20:19:25 | 000,628,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/18 20:19:25 | 000,110,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/18 20:14:34 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job
[2012/05/18 20:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 20:12:04 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job
[2012/05/18 11:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/17 19:12:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job
[2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
[2012/05/16 21:09:00 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/16 19:49:58 | 000,031,117 | ---- | M] () -- C:\Users\uk_trader\Desktop\batty acc.rtf
[2012/05/16 18:38:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job
[2012/05/15 17:38:46 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 20:03:18 | 000,000,247 | ---- | M] () -- C:\Users\uk_trader\Desktop\chris batty.rtf
[2012/05/12 11:20:39 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/09 19:35:40 | 000,007,606 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg
[2012/05/09 19:09:40 | 000,001,943 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/05/09 19:09:39 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/05/09 19:09:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/09 19:08:01 | 000,067,156 | ---- | M] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/05/06 20:22:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/05 17:15:39 | 000,015,098 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/05/05 02:38:58 | 000,102,127 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/05/04 21:27:06 | 000,004,096 | ---- | M] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/05/04 21:27:05 | 000,018,196 | ---- | M] () -- C:\Windows\System32\igddim32.vp
[2012/05/04 20:59:49 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/04 19:01:48 | 000,001,411 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/05/16 21:09:00 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 21:43:26 | 000,031,117 | ---- | C] () -- C:\Users\uk_trader\Desktop\batty acc.rtf
[2012/05/15 18:03:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/15 17:38:46 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/15 17:38:44 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/13 20:03:18 | 000,000,247 | ---- | C] () -- C:\Users\uk_trader\Desktop\chris batty.rtf
[2012/05/11 18:52:13 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job
[2012/05/11 17:02:14 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/05/09 20:00:21 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/05/09 19:35:40 | 000,007,606 | ---- | C] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg
[2012/05/09 19:09:40 | 000,001,943 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/05/09 19:09:39 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/05/09 19:09:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/09 19:07:59 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/05/09 19:07:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2012/05/06 20:22:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/04 21:27:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/05/04 21:27:30 | 000,018,196 | ---- | C] () -- C:\Windows\System32\igddim32.vp
[2012/05/04 20:59:49 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/04 19:07:03 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job
[2012/05/04 19:07:03 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job
[2012/05/04 19:01:48 | 000,001,411 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/04 18:48:10 | 000,001,417 | ---- | C] () -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/04 18:47:28 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job
[2012/05/04 18:40:10 | 000,000,290 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/04 18:40:10 | 000,000,272 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/01 10:41:15 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/30 10:50:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/10/22 10:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 04:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/06 21:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/05/09 19:09:55 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology
[2012/05/04 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Blio
[2012/05/04 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\IDT
[2012/05/16 19:50:04 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client
[2012/05/04 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Synaptics
[2012/05/11 18:19:30 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TP
[2012/05/09 19:59:54 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software
[2009/07/14 05:53:46 | 000,010,830 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >


And below please find the systemlook's log

Code: Select all
SystemLook 30.07.11 by jpshortstuff
Log created at 20:29 on 18/05/2012 by uk_trader
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\uk_trader\Downloads\iLividSetupV1.exe	--a---- 516136 bytes	[18:01 14/05/2012]	[18:01 14/05/2012] 775C003E5068F2708BD27F7D424AC47E

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\uk_trader\AppData\LocalLow\DataMngr	d------	[19:50 16/05/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"="http://malware-removal.windowsupdatesonline.com/how-to-remove-searchnu-com-virus-httpwww-searchnu-com406-hijacker-remover/"
[HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Microsoft\Internet Explorer\TypedURLs]
"url1"="http://malware-removal.windowsupdatesonline.com/how-to-remove-searchnu-com-virus-httpwww-searchnu-com406-hijacker-remover/"

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=394&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=394&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]
[HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=394&systemid=406&qu={searchTerms}&ft=json"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
[HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\Datamngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]
[HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Datamngr]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

-= EOF =-


Many many many thanks for all your help

donikoues
donikoues
Active Member
 
Posts: 5
Joined: May 16th, 2012, 4:51 pm

Re: www.searchnu.com/406

Unread postby askey127 » May 18th, 2012, 7:44 pm

donikoues,
We will get there.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files\iLivid]
    [-HKEY_CURRENT_USER\Software\Datamngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]
    [-HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Datamngr]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TypedURLs]
    "url1"=-
    [HKEY_USERS\S-1-5-21-3224105516-2178430169-1404831700-1000\Software\Microsoft\Internet Explorer\TypedURLs]
    "url1"=-
    
    :Files
    C:\Users\uk_trader\Downloads\iLividSetupV1.exe
    C:\Users\uk_trader\AppData\LocalLow\DataMngr
    ipconfig /flushdns /c
    
    :Commands
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

---------------------------------------------
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Searchnu*
    *Searchqu*
    *iLivid*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Searchnu*
    *Searchqu*
    *iLivid*
    *datamngr*
    *trolltech*
    
    :Regfind
    Searchnu
    Searchqu
    iLivid
    datamngr
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

Let's have a look at the newest OTL.txt log, the the newest SystemLook.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/406

Unread postby donikoues » May 19th, 2012, 6:57 am

Hi askey127,

Thank you very much.
Please find below the new OTL log:

Code: Select all
OTL logfile created on: 19/05/2012 11:38:28 - Run 3
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\uk_trader\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 57.63% Memory free
3.98 Gb Paging File | 3.06 Gb Available in Paging File | 77.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.11 Gb Total Space | 255.03 Gb Free Space | 90.40% Space Free | Partition Type: NTFS
Drive D: | 15.69 Gb Total Space | 1.73 Gb Free Space | 11.05% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 89.45 Mb Free Space | 90.35% Space Free | Partition Type: FAT32
 
Computer Name: UK_TRADER-HP | User Name: uk_trader | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
PRC - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012/04/05 13:08:36 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/01/13 21:20:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/01/13 21:13:41 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/10/24 06:50:00 | 001,433,692 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011/10/07 04:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/09/10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
PRC - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 09:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/21 15:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/05/12 12:15:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/12 12:15:18 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll
MOD - [2012/05/12 11:28:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 11:25:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 11:25:16 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 11:24:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 11:23:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 11:23:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 11:23:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 11:22:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/04/28 03:07:01 | 000,444,400 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/28 03:06:59 | 003,915,248 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 03:05:34 | 000,122,880 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 03:05:33 | 000,220,672 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 03:05:32 | 001,747,456 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012/05/15 18:14:20 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 02:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2012/05/04 21:27:05 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2012/03/29 16:32:12 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/24 06:50:00 | 000,444,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/10/22 10:53:40 | 000,445,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/10/22 10:52:54 | 000,263,968 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/10/22 10:52:40 | 000,060,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/10/22 10:52:08 | 000,147,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/10/22 10:51:54 | 000,035,488 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/10/22 10:51:38 | 000,025,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011/10/22 10:51:22 | 000,097,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_avdt.sys -- (btath_avdt)
DRV - [2011/10/22 10:51:08 | 000,290,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/08/22 05:13:20 | 002,204,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011/03/23 16:15:48 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2011/03/23 16:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 16:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 16:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 16:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/12/02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/10/08 14:14:55 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2010/07/28 18:13:42 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/03/02 21:33:54 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/7
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 17:38:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/05/15 17:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Extensions
[2012/05/16 18:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Firefox\Profiles\z0n2wfk5.default\extensions
[2012/05/15 17:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/15 19:33:20 | 000,148,816 | ---- | M] () (No name found) -- C:\USERS\UK_TRADER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z0N2WFK5.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
[2012/04/21 02:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32 [2012/05/19 11:41:16 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32 [2012/05/19 11:41:16 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32 [2012/05/19 11:41:16 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Persistence] C:\Windows\System32 [2012/05/19 11:41:16 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB822218-F6EB-4E61-8FCF-84A046F8F1C9}: DhcpNameServer = 40.23.1.201 40.23.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA1A98D7-700A-4842-94D2-C955D2F19ABE}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell - "" = AutoRun
O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell - "" = AutoRun
O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/05/18 20:10:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/16 21:27:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
[2012/05/16 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Malwarebytes
[2012/05/16 21:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/16 21:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/16 21:08:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/16 21:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Mozilla
[2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Mozilla
[2012/05/15 17:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 17:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/15 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/12 19:20:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/12 11:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/05/11 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/05/11 18:27:19 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/05/11 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\SoftGrid Client
[2012/05/11 18:19:21 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client
[2012/05/11 18:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/05/11 18:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/05/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/05/11 18:17:44 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TP
[2012/05/11 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft Corporation
[2012/05/11 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/05/09 20:00:54 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012/05/09 20:00:47 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012/05/09 20:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/05/09 19:59:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software
[2012/05/09 19:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012/05/09 19:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/05/09 19:58:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/09 19:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/09 19:38:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PassMark
[2012/05/09 19:38:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\PassMark
[2012/05/09 19:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
[2012/05/09 19:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2012/05/09 19:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2012/05/09 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology
[2012/05/09 19:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology
[2012/05/09 19:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 Mobile Broadband
[2012/05/09 19:09:26 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2012/05/09 19:09:26 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2012/05/09 19:09:26 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2012/05/09 19:09:25 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2012/05/09 19:09:25 | 000,353,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys
[2012/05/09 19:09:25 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2012/05/09 19:09:25 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2012/05/09 19:09:25 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2012/05/09 19:09:25 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2012/05/09 19:09:24 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2012/05/09 19:09:24 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2012/05/09 19:09:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2012/05/09 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Huawei Modems
[2012/05/09 19:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2012/05/08 20:33:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\BETTING PRO
[2012/05/08 17:47:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\CrashDumps
[2012/05/08 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Sophos
[2012/05/07 10:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/05/05 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/05 19:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/04 21:12:53 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
[2012/05/04 20:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/04 20:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/04 19:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2012/05/04 19:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/05/04 19:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/05/04 19:46:30 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/05/04 19:44:26 | 000,122,360 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/05/04 19:44:26 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/05/04 19:44:16 | 000,000,000 | ---D | C] -- C:\savw_95_sa
[2012/05/04 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PROGRAMS
[2012/05/04 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Adobe
[2012/05/04 19:29:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\IDT
[2012/05/04 19:08:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/04 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Google
[2012/05/04 19:06:50 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Apps
[2012/05/04 19:06:49 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Deployment
[2012/05/04 19:02:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Macromedia
[2012/05/04 19:02:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Adobe
[2012/05/04 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Kjs.AppLife.Update
[2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Blio
[2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blio
[2012/05/04 18:54:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Blio
[2012/05/04 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Intel Corporation
[2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\BMExplorer
[2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Bluetooth Folder
[2012/05/04 18:48:29 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Atheros
[2012/05/04 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Synaptics
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Searches
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/04 18:47:54 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/04 18:47:45 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Identities
[2012/05/04 18:47:43 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Contacts
[2012/05/04 18:47:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Hewlett-Packard
[2012/05/04 18:43:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\hpqlog
[2012/05/04 18:43:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard
[2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2012/05/04 18:42:42 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\RemEngine
[2012/05/04 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard_Company
[2012/05/04 18:40:11 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\VirtualStore
[2012/05/04 18:40:10 | 000,000,000 | --SD | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Videos
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Saved Games
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Pictures
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Music
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Links
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Favorites
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Downloads
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Documents
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Desktop
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Temporary Internet Files
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Templates
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Start Menu
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\SendTo
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Recent
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\PrintHood
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\NetHood
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Videos
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Pictures
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Music
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\My Documents
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Local Settings
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\History
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Cookies
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Application Data
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Application Data
[2012/05/04 18:40:10 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\AppData
[2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Temp
[2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/05/19 11:42:16 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 11:42:16 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 11:41:16 | 000,628,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/19 11:41:16 | 000,110,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/19 11:34:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 21:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/18 21:12:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job
[2012/05/18 20:28:18 | 000,139,264 | ---- | M] () -- C:\Users\uk_trader\Desktop\SystemLook.exe
[2012/05/18 20:14:34 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job
[2012/05/17 19:12:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job
[2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
[2012/05/16 21:09:00 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/16 19:49:58 | 000,031,117 | ---- | M] () -- C:\Users\uk_trader\Desktop\batty acc.rtf
[2012/05/16 18:38:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job
[2012/05/15 17:38:46 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 20:03:18 | 000,000,247 | ---- | M] () -- C:\Users\uk_trader\Desktop\chris batty.rtf
[2012/05/12 11:20:39 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/09 19:35:40 | 000,007,606 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg
[2012/05/09 19:09:40 | 000,001,943 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/05/09 19:09:39 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/05/09 19:09:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/09 19:08:01 | 000,067,156 | ---- | M] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/05/06 20:22:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/05 17:15:39 | 000,015,098 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/05/05 02:38:58 | 000,102,127 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/05/04 21:27:06 | 000,004,096 | ---- | M] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/05/04 21:27:05 | 000,018,196 | ---- | M] () -- C:\Windows\System32\igddim32.vp
[2012/05/04 20:59:49 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/04 19:01:48 | 000,001,411 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/05/18 20:28:22 | 000,139,264 | ---- | C] () -- C:\Users\uk_trader\Desktop\SystemLook.exe
[2012/05/16 21:09:00 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 21:43:26 | 000,031,117 | ---- | C] () -- C:\Users\uk_trader\Desktop\batty acc.rtf
[2012/05/15 18:03:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/15 17:38:46 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/15 17:38:44 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/13 20:03:18 | 000,000,247 | ---- | C] () -- C:\Users\uk_trader\Desktop\chris batty.rtf
[2012/05/11 18:52:13 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job
[2012/05/11 17:02:14 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/05/09 20:00:21 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/05/09 19:35:40 | 000,007,606 | ---- | C] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg
[2012/05/09 19:09:40 | 000,001,943 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/05/09 19:09:39 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/05/09 19:09:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/09 19:07:59 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/05/09 19:07:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2012/05/06 20:22:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/04 21:27:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/05/04 21:27:30 | 000,018,196 | ---- | C] () -- C:\Windows\System32\igddim32.vp
[2012/05/04 20:59:49 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/04 19:07:03 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job
[2012/05/04 19:07:03 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job
[2012/05/04 19:01:48 | 000,001,411 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/04 18:48:10 | 000,001,417 | ---- | C] () -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/04 18:47:28 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job
[2012/05/04 18:40:10 | 000,000,290 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/04 18:40:10 | 000,000,272 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/01 10:41:15 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/30 10:50:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/10/22 10:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 04:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/06 21:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/05/09 19:09:55 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology
[2012/05/04 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Blio
[2012/05/04 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\IDT
[2012/05/16 19:50:04 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client
[2012/05/04 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Synaptics
[2012/05/11 18:19:30 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TP
[2012/05/09 19:59:54 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software
[2009/07/14 05:53:46 | 000,011,326 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >



And here the systemlook log:

Code: Select all
SystemLook 30.07.11 by jpshortstuff
Log created at 11:50 on 19/05/2012 by uk_trader
Administrator - Elevation successful

========== filefind ==========

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\05192012_112955\C_Users\uk_trader\Downloads\iLividSetupV1.exe	--a---- 516136 bytes	[18:01 14/05/2012]	[18:01 14/05/2012] 775C003E5068F2708BD27F7D424AC47E

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\05192012_112955\C_Users\uk_trader\AppData\LocalLow\DataMngr	d------	[19:50 16/05/2012]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "datamngr"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-



Once again, thank you very much, your help is just priceless!!!!

donikoues
donikoues
Active Member
 
Posts: 5
Joined: May 16th, 2012, 4:51 pm

Re: www.searchnu.com/406

Unread postby askey127 » May 19th, 2012, 8:15 am

donikoues,
The hit list is getting a lot smaller.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPMTDF&pc=HPMTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
------------------------------------------------------------
Make sure Firefox no longer shows Searchnu as your homepage.
Set your homepage to Yahoo, Google or something else.
If you need a bit of help on how to change it, let me know.
------------------------------------------------------------
Run MalwareBytes' Anti-Malware

As you already have Malwarebytes' Anti-Malware installed on your computer, could you please do a scan using this procedure:
  • Open Malwarebytes' Anti-Malware (Right click and "Run as administrator")
  • Select the Update tab. Choose Check for Updates.
  • Restart Malwarebytes Anti-Malware after the Update if you have to.
  • After the update has been completed, select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Make sure all items are checked. Then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.
    The same new log can also be found via the Logs tab when the application is re-started.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
This allows MBAM to remove additional items that could not be removed while Windows is running.
---------------------------------------------------
So, In Your Reply, we will be looking for the following :
The contents of:
  • OTL.txt
  • Any issues about the Firefox homepage
  • the Malwarebytes log
Please feel free to use separate replies.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/406

Unread postby donikoues » May 19th, 2012, 9:05 am

Hi Askey127,

Thank you again.

Please find below the latest OTL log

Code: Select all
OTL logfile created on: 19/05/2012 13:32:16 - Run 4
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\uk_trader\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 60.90% Memory free
3.98 Gb Paging File | 3.20 Gb Available in Paging File | 80.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282.11 Gb Total Space | 254.86 Gb Free Space | 90.34% Space Free | Partition Type: NTFS
Drive D: | 15.69 Gb Total Space | 1.73 Gb Free Space | 11.05% Space Free | Partition Type: NTFS
Drive E: | 99.00 Mb Total Space | 89.45 Mb Free Space | 90.35% Space Free | Partition Type: FAT32
 
Computer Name: UK_TRADER-HP | User Name: uk_trader | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
PRC - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012/04/05 13:08:36 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2012/01/13 21:20:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/01/13 21:13:41 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/10/24 06:50:00 | 001,433,692 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) -- C:\Program Files\Bluetooth Suite\AdminService.exe
PRC - [2011/10/07 04:19:16 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
PRC - [2010/11/20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/06 09:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
PRC - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/21 15:16:17 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\IDT\WDM\AEstSrv.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/05/12 12:15:18 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll
MOD - [2012/05/12 11:28:18 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 11:25:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/12 11:25:16 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/12 11:23:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 11:23:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 11:23:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 11:22:55 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2012/05/15 18:14:20 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 02:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/11 15:43:09 | 000,232,472 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2012/04/05 13:08:36 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/05 12:38:45 | 001,543,704 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/10/24 06:50:00 | 000,290,898 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2011/10/22 11:20:44 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2011/10/22 10:44:12 | 000,085,152 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/29 19:27:06 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/09/10 02:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 23:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/03/23 16:32:20 | 001,740,696 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2011/02/17 07:47:12 | 000,579,640 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV - [2010/11/06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/11 11:48:00 | 000,246,840 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV - [2010/10/08 14:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/06/14 17:42:36 | 000,097,520 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 11:43:00 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2012/05/04 21:27:05 | 001,344,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2012/03/29 16:32:12 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/24 06:50:00 | 000,444,928 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2011/10/22 10:53:40 | 000,445,088 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011/10/22 10:52:54 | 000,263,968 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011/10/22 10:52:40 | 000,060,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011/10/22 10:52:08 | 000,147,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011/10/22 10:51:54 | 000,035,488 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011/10/22 10:51:38 | 000,025,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2011/10/22 10:51:22 | 000,097,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_avdt.sys -- (btath_avdt)
DRV - [2011/10/22 10:51:08 | 000,290,976 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/08/22 05:13:20 | 002,204,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2011/03/23 16:17:48 | 000,010,240 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdvrmng.sys -- (mdvrmng)
DRV - [2011/03/23 16:15:48 | 000,353,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2011/03/23 16:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 16:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 16:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 16:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/12/02 01:12:04 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/11/20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/10/08 14:14:55 | 000,122,360 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\Windows\System32\drivers\savonaccess.sys -- (SAVOnAccess)
DRV - [2010/07/28 18:13:42 | 000,027,632 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\clwvd.sys -- (clwvd)
DRV - [2010/03/02 21:33:54 | 000,022,536 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2009/07/13 23:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/7
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{C2F8B7F0-9719-4B7E-BF33-D300F822B874}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://www.ebay.co.uk/sch/i.html?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=394&systemid=406&sr=0&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/15 17:38:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/05/15 17:39:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Extensions
[2012/05/16 18:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uk_trader\AppData\Roaming\Mozilla\Firefox\Profiles\z0n2wfk5.default\extensions
[2012/05/15 17:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/15 19:33:20 | 000,148,816 | ---- | M] () (No name found) -- C:\USERS\UK_TRADER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z0N2WFK5.DEFAULT\EXTENSIONS\AUTOFILLFORMS@BLUEIMP.NET.XPI
[2012/04/21 02:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\uk_trader\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\uk_trader\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32 [2012/05/19 13:35:29 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32 [2012/05/19 13:35:29 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32 [2012/05/19 13:35:29 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Persistence] C:\Windows\System32 [2012/05/19 13:35:29 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB822218-F6EB-4E61-8FCF-84A046F8F1C9}: DhcpNameServer = 40.23.1.201 40.23.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA1A98D7-700A-4842-94D2-C955D2F19ABE}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell - "" = AutoRun
O33 - MountPoints2\{249dce3d-9a01-11e1-806b-9cb70d7dd5bb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell - "" = AutoRun
O33 - MountPoints2\{249dce70-9a01-11e1-806b-80c16e4a2874}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/05/18 20:10:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/16 21:27:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
[2012/05/16 21:09:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Malwarebytes
[2012/05/16 21:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/16 21:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/16 21:08:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/16 21:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Mozilla
[2012/05/15 17:38:56 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Mozilla
[2012/05/15 17:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/15 17:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/15 17:38:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/05/12 19:20:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/12 11:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/05/11 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012/05/11 18:27:19 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/05/11 18:19:22 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\SoftGrid Client
[2012/05/11 18:19:21 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client
[2012/05/11 18:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2012/05/11 18:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/05/11 18:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2012/05/11 18:17:44 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TP
[2012/05/11 17:02:51 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft Corporation
[2012/05/11 17:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/05/09 20:00:54 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2012/05/09 20:00:47 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2012/05/09 20:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012/05/09 19:59:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software
[2012/05/09 19:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012
[2012/05/09 19:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/05/09 19:58:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/09 19:58:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/09 19:38:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PassMark
[2012/05/09 19:38:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\PassMark
[2012/05/09 19:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest
[2012/05/09 19:36:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark
[2012/05/09 19:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest
[2012/05/09 19:09:55 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology
[2012/05/09 19:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Birdstep Technology
[2012/05/09 19:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3 Mobile Broadband
[2012/05/09 19:09:26 | 000,181,760 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2012/05/09 19:09:26 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2012/05/09 19:09:26 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2012/05/09 19:09:25 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2012/05/09 19:09:25 | 000,353,280 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys
[2012/05/09 19:09:25 | 000,090,112 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2012/05/09 19:09:25 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2012/05/09 19:09:25 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2012/05/09 19:09:25 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2012/05/09 19:09:24 | 000,193,792 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2012/05/09 19:09:24 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2012/05/09 19:09:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2012/05/09 19:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Huawei Modems
[2012/05/09 19:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\3 Mobile Broadband
[2012/05/08 20:33:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\BETTING PRO
[2012/05/08 17:47:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\CrashDumps
[2012/05/08 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Sophos
[2012/05/07 10:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/05/05 19:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/05/05 19:47:10 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/05/04 21:12:53 | 000,000,000 | ---D | C] -- C:\HP_TOOLS_mountHPSF
[2012/05/04 20:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/04 20:59:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/04 19:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos Web Intelligence
[2012/05/04 19:46:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/05/04 19:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/05/04 19:46:30 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SophosBootTasks.exe
[2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/05/04 19:46:19 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012/05/04 19:44:26 | 000,122,360 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\savonaccess.sys
[2012/05/04 19:44:26 | 000,022,536 | ---- | C] (Sophos Plc) -- C:\Windows\System32\drivers\SophosBootDriver.sys
[2012/05/04 19:44:16 | 000,000,000 | ---D | C] -- C:\savw_95_sa
[2012/05/04 19:43:14 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\PROGRAMS
[2012/05/04 19:40:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Adobe
[2012/05/04 19:29:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\IDT
[2012/05/04 19:08:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/04 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Google
[2012/05/04 19:06:50 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Apps
[2012/05/04 19:06:49 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Deployment
[2012/05/04 19:02:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Macromedia
[2012/05/04 19:02:06 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Adobe
[2012/05/04 19:00:03 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Kjs.AppLife.Update
[2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Blio
[2012/05/04 18:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blio
[2012/05/04 18:54:53 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Blio
[2012/05/04 18:48:54 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Intel Corporation
[2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\BMExplorer
[2012/05/04 18:48:38 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\Documents\Bluetooth Folder
[2012/05/04 18:48:29 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Atheros
[2012/05/04 18:48:27 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Synaptics
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Searches
[2012/05/04 18:47:54 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/04 18:47:54 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/04 18:47:45 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Identities
[2012/05/04 18:47:43 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Contacts
[2012/05/04 18:47:16 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\Hewlett-Packard
[2012/05/04 18:43:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Roaming\hpqlog
[2012/05/04 18:43:36 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard
[2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2012/05/04 18:42:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2012/05/04 18:42:42 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\RemEngine
[2012/05/04 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Hewlett-Packard_Company
[2012/05/04 18:40:11 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\VirtualStore
[2012/05/04 18:40:10 | 000,000,000 | --SD | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Videos
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Saved Games
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Pictures
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Music
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Links
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Favorites
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Downloads
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Documents
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\Desktop
[2012/05/04 18:40:10 | 000,000,000 | R--D | C] -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Temporary Internet Files
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Templates
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Start Menu
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\SendTo
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Recent
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\PrintHood
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\NetHood
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Videos
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Pictures
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Documents\My Music
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\My Documents
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Local Settings
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\History
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Cookies
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\Application Data
[2012/05/04 18:40:10 | 000,000,000 | -HSD | C] -- C:\Users\uk_trader\AppData\Local\Application Data
[2012/05/04 18:40:10 | 000,000,000 | -H-D | C] -- C:\Users\uk_trader\AppData
[2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Temp
[2012/05/04 18:40:10 | 000,000,000 | ---D | C] -- C:\Users\uk_trader\AppData\Local\Microsoft
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/05/19 13:38:37 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 13:38:37 | 000,016,480 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 13:35:29 | 000,628,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/19 13:35:29 | 000,110,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/19 13:30:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/18 21:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/18 21:12:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job
[2012/05/18 20:28:18 | 000,139,264 | ---- | M] () -- C:\Users\uk_trader\Desktop\SystemLook.exe
[2012/05/18 20:14:34 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job
[2012/05/17 19:12:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job
[2012/05/16 21:27:28 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\uk_trader\Desktop\OTL.exe
[2012/05/16 21:09:00 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/16 19:49:58 | 000,031,117 | ---- | M] () -- C:\Users\uk_trader\Desktop\batty acc.rtf
[2012/05/16 18:38:32 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job
[2012/05/15 17:38:46 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/13 20:03:18 | 000,000,247 | ---- | M] () -- C:\Users\uk_trader\Desktop\chris batty.rtf
[2012/05/12 11:20:39 | 000,257,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/09 19:35:40 | 000,007,606 | ---- | M] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg
[2012/05/09 19:09:40 | 000,001,943 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/05/09 19:09:39 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/05/09 19:09:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/09 19:08:01 | 000,067,156 | ---- | M] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/05/06 20:22:02 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/05 17:15:39 | 000,015,098 | ---- | M] () -- C:\Windows\System32\results.xml
[2012/05/05 02:38:58 | 000,102,127 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/05/04 21:27:06 | 000,004,096 | ---- | M] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/05/04 21:27:05 | 000,018,196 | ---- | M] () -- C:\Windows\System32\igddim32.vp
[2012/05/04 20:59:49 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/04 19:01:48 | 000,001,411 | ---- | M] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/05/18 20:28:22 | 000,139,264 | ---- | C] () -- C:\Users\uk_trader\Desktop\SystemLook.exe
[2012/05/16 21:09:00 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/15 21:43:26 | 000,031,117 | ---- | C] () -- C:\Users\uk_trader\Desktop\batty acc.rtf
[2012/05/15 18:03:19 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/15 17:38:46 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/15 17:38:44 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/13 20:03:18 | 000,000,247 | ---- | C] () -- C:\Users\uk_trader\Desktop\chris batty.rtf
[2012/05/11 18:52:13 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUK_TRADER-HP$.job
[2012/05/11 17:02:14 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/05/09 20:00:21 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012/05/09 19:35:40 | 000,007,606 | ---- | C] () -- C:\Users\uk_trader\AppData\Local\Resmon.ResmonCfg
[2012/05/09 19:09:40 | 000,001,943 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\3Connect.lnk
[2012/05/09 19:09:39 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\3Connect.lnk
[2012/05/09 19:09:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/05/09 19:07:59 | 000,067,156 | ---- | C] () -- C:\Windows\Huawei ModemsUninstall.exe
[2012/05/09 19:07:52 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\mdvrmng.sys
[2012/05/06 20:22:02 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/05/04 21:27:34 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/05/04 21:27:30 | 000,018,196 | ---- | C] () -- C:\Windows\System32\igddim32.vp
[2012/05/04 20:59:49 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/04 19:07:03 | 000,000,924 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000UA.job
[2012/05/04 19:07:03 | 000,000,872 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3224105516-2178430169-1404831700-1000Core.job
[2012/05/04 19:01:48 | 000,001,411 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/04 18:48:10 | 000,001,417 | ---- | C] () -- C:\Users\uk_trader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/04 18:47:28 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForuk_trader.job
[2012/05/04 18:40:10 | 000,000,290 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/04 18:40:10 | 000,000,272 | ---- | C] () -- C:\Users\uk_trader\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/01 10:41:15 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/12/30 10:50:04 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/10/22 10:24:58 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011/09/15 04:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/09/06 21:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/05/09 19:09:55 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Birdstep Technology
[2012/05/04 19:01:14 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Blio
[2012/05/04 19:29:03 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\IDT
[2012/05/19 13:24:28 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\SoftGrid Client
[2012/05/04 18:48:27 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\Synaptics
[2012/05/11 18:19:30 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TP
[2012/05/09 19:59:54 | 000,000,000 | ---D | M] -- C:\Users\uk_trader\AppData\Roaming\TuneUp Software
[2009/07/14 05:53:46 | 000,011,822 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >





Regarding malwarebytes log, no malicious contents were found however please find below the log as requested

Code: Select all
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
uk_trader :: UK_TRADER-HP [administrator]

19/05/2012 13:53:53
mbam-log-2012-05-19 (13-53-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185139
Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


I checked Firefox and IE and set the homepages to Google (the searchnu wasn't there any more)

Many Thanks
donikoues
donikoues
Active Member
 
Posts: 5
Joined: May 16th, 2012, 4:51 pm

Re: www.searchnu.com/406

Unread postby askey127 » May 19th, 2012, 10:40 am

donikoues,
I think you are clean.
Let's just double check to be sure there is nothing else hiding in there.
-----------------------------------------------
Run aswMBR
Download aswMBR.exe and save to your desktop.
Double click on aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click "save log". Save it to your desktop and post the contents in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/406

Unread postby donikoues » May 19th, 2012, 1:33 pm

Thankyou very much askey127.

Please find below the final log

Code: Select all
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-19 17:23:14
-----------------------------
17:23:14.018    OS Version: Windows 6.1.7601 Service Pack 1
17:23:14.018    Number of processors: 4 586 0x3601
17:23:14.018    ComputerName: UK_TRADER-HP  UserName: uk_trader
17:23:16.623    Initialize success
17:25:42.240    AVAST engine defs: 12051900
17:28:08.497    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:28:08.512    Disk 0 Vendor: Hitachi_ ES2O Size: 305245MB BusType: 3
17:28:08.512    Disk 0 MBR read successfully
17:28:08.528    Disk 0 MBR scan
17:28:08.543    Disk 0 Windows 7 default MBR code
17:28:08.559    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
17:28:08.575    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       288878 MB offset 409600
17:28:08.621    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        16063 MB offset 592031744
17:28:08.668    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 624928768
17:28:08.731    Disk 0 scanning sectors +625139712
17:28:08.855    Disk 0 scanning C:\Windows\system32\drivers
17:28:53.799    Service scanning
17:30:03.282    Modules scanning
17:30:20.910    Disk 0 trace - called modules:
17:30:20.988    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 
17:30:21.019    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85eb5530]
17:30:21.050    3 CLASSPNP.SYS[8859559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8472c028]
17:30:23.203    AVAST engine scan C:\Windows
17:30:30.426    AVAST engine scan C:\Windows\system32
17:40:00.451    AVAST engine scan C:\Windows\system32\drivers
17:40:41.370    AVAST engine scan C:\Users\uk_trader
17:47:16.144    AVAST engine scan C:\ProgramData
17:48:51.679    Scan finished successfully
18:31:04.018    Disk 0 MBR has been saved successfully to "C:\Users\uk_trader\Desktop\MBR.dat"
18:31:04.049    The log file has been saved successfully to "C:\Users\uk_trader\Desktop\aswMBR.txt"




Many thanks
donikoues
donikoues
Active Member
 
Posts: 5
Joined: May 16th, 2012, 4:51 pm

Re: www.searchnu.com/406

Unread postby askey127 » May 19th, 2012, 5:02 pm

donikoues,
You are all set.
Start OTL and click the Clean Up button. That will remove most of our tools.
Good Luck!
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: www.searchnu.com/406

Unread postby askey127 » May 20th, 2012, 7:59 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware