Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Strange links appearing on web pages

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Strange links appearing on web pages

Unread postby m2thef2thec » September 28th, 2012, 9:57 am

I have noticed that there are links appearing on web pages I visit, including yours. When I hover over them a flashing ad appears. I've attached a picture of the ad to this email. I'm not sure if it's malware or not, but I'd like you to check, please. I've run Malwarebytes' Anti-Malware and removed a couple of threats. I've also run ESET Scanner and removed another nine, but the problem persists. Here are the DDS reports:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Mark at 23:48:40 on 2012-09-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3326.1465 [GMT 10:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\runservice.exe
D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
D:\Program Files\LogMeIn\x86\RaMaint.exe
D:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\Lenovo\file32\hotkey.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = https://www.google.com.au/
mDefault_Page_URL = hxxp://www.lenovo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
uRun: [Spotify Web Helper] "c:\users\mark\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [UVS11 Preload] d:\program files\video studio\uvPL.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [Lenovokey] c:\program files\lenovo\file32\hotkey.exe
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [DeltaIITaskbarApp] c:\windows\system32\DeltaIITray.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "d:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mark\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74C65298-7B6A-4716-B1FF-8589C6780BB3} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\i0zxhjrq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/421
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 21&sr=0&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\netscape6\nppl3260.dll
FF - plugin: d:\program files\netscape6\nprjplug.dll
FF - plugin: d:\program files\netscape6\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-5-28 217600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-6-24 21504]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-9-26 47640]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-5-28 9334784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-5-28 275968]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [2009-6-24 302728]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-7-25 36744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-17 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-25 250288]
S3 BCMIDI;BCMIDI;c:\windows\system32\drivers\bcmidi2.sys [2005-10-19 22432]
S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2010-3-20 35904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-17 135664]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-4-6 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-4-6 11104]
.
=============== Created Last 30 ================
.
2012-09-27 05:35:06 93672 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-26 11:36:29 -------- dc----w- c:\users\mark\appdata\local\LogMeIn
2012-09-26 11:36:25 52128 -c--a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-09-26 11:36:25 30624 -c--a-w- c:\windows\system32\LMIport.dll
2012-09-26 11:36:24 83392 -c--a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-09-26 11:36:24 47640 -c--a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-09-26 11:36:21 87456 -c--a-w- c:\windows\system32\LMIinit.dll
2012-09-26 11:36:16 -------- dc----w- c:\programdata\LogMeIn
2012-09-25 15:43:47 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cd855b34-85b6-4d6a-a5f2-e0890aeba19b}\mpengine.dll
2012-09-24 15:44:49 -------- dc----w- c:\users\mark\appdata\roaming\Flickr
2012-09-24 15:44:49 -------- dc----w- c:\users\mark\appdata\local\Flickr
2012-09-14 13:26:10 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-14 13:25:01 -------- dc----w- c:\program files\iPod
2012-09-14 13:24:58 -------- dc----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-14 11:24:36 -------- dc----r- c:\users\mark\Dropbox
2012-09-14 11:21:56 -------- dc----w- c:\program files\Dropbox
2012-09-14 11:18:40 -------- dc----w- c:\users\mark\appdata\roaming\Dropbox
2012-09-04 10:46:28 -------- dc----w- c:\programdata\Premium
2012-09-04 10:46:15 -------- dc----w- c:\programdata\Codec
2012-09-04 10:45:19 -------- dc----w- c:\programdata\Codecv
2012-09-04 10:44:32 -------- dc----w- c:\programdata\InstallMate
2012-08-31 11:17:21 106496 -c--a-w- c:\windows\system32\TwnLib20.dll
2012-08-31 11:17:19 476320 -c----w- c:\windows\system32\ImagXpr7.dll
2012-08-31 11:17:19 471040 -c----w- c:\windows\system32\ImagXRA7.dll
2012-08-31 11:17:19 364544 -c----w- c:\windows\system32\TwnLib4.dll
2012-08-31 11:17:19 262144 -c----w- c:\windows\system32\ImagXR7.dll
2012-08-31 11:17:19 1568768 -c----w- c:\windows\system32\ImagX7.dll
2012-08-31 11:17:18 38912 -c----w- c:\windows\system32\picn20.dll
2012-08-31 11:17:16 155648 -c--a-w- c:\windows\system32\NeroCheck.exe
2012-08-29 14:06:20 -------- dc----w- c:\program files\AMD APP
.
==================== Find3M ====================
.
2012-09-28 09:40:43 49 -csha-w- c:\windows\system32\mmf.sys
2012-09-27 05:34:43 821736 -c--a-w- c:\windows\system32\npdeployJava1.dll
2012-09-27 05:34:43 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-09-21 13:23:40 696240 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 13:23:39 73136 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 07:04:46 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59:17 1800704 -c--a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 -c--a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 -c--a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 -c--a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 -c--a-w- c:\windows\system32\mshtml.tlb
2012-08-21 03:01:22 106928 -c--a-w- c:\windows\system32\GEARAspi.dll
2012-07-30 14:34:05 172032 -c--a-w- c:\windows\system32\AniGIF.ocx
2012-07-30 14:26:29 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2012-07-30 14:26:29 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2012-07-27 12:47:36 159232 -c--a-w- c:\windows\system32\clinfo.exe
2012-07-27 12:47:16 65024 -c--a-w- c:\windows\system32\OpenVideo.dll
2012-07-27 12:47:06 56320 -c--a-w- c:\windows\system32\OVDecode.dll
2012-07-27 12:46:06 13013504 -c--a-w- c:\windows\system32\amdocl.dll
2012-07-09 03:42:56 4547984 -c--a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 03:42:56 44032 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-04 14:02:46 2047488 -c--a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 23:51:42.36 ===============
You do not have the required permissions to view the files attached to this post.
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am
Advertisement
Register to Remove

Re: Strange links appearing on web pages

Unread postby Cypher » October 1st, 2012, 1:07 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


When you ran DDS two logs should have been created, DDS.txt and Attach.txt.
Please post the Attach.txt log, if it's no longer on your desktop run DDS again.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Strange links appearing on web pages

Unread postby m2thef2thec » October 1st, 2012, 11:18 pm

Hi Cypher

Thanks for your reply. I must apologise. I thought I had posted both reports. Here are both:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Mark at 13:13:24 on 2012-10-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3326.1439 [GMT 10:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Windows\runservice.exe
D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
D:\Program Files\LogMeIn\x86\RaMaint.exe
D:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\DeltaIITray.exe
C:\Program Files\Lenovo\file32\hotkey.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
D:\Program Files\Steam\steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = https://www.google.com.au/
mDefault_Page_URL = hxxp://www.lenovo.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\search~1\datamngr\BROWSE~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\search~1\datamngr\toolbar\searchqudtx.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [SpeedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup
uRun: [Spotify Web Helper] "c:\users\mark\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [UVS11 Preload] d:\program files\video studio\uvPL.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [M-Audio Taskbar Icon] c:\windows\system32\DeltaIITray.exe
mRun: [Lenovokey] c:\program files\lenovo\file32\hotkey.exe
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [DeltaIITaskbarApp] c:\windows\system32\DeltaIITray.exe
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] c:\program files\checkpoint\zonealarm\zatray.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "d:\itunes\iTunesHelper.exe"
mRun: [LogMeIn GUI] "d:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\mark\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mark\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{74C65298-7B6A-4716-B1FF-8589C6780BB3} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\search~1\datamngr\datamngr.dll c:\progra~1\search~1\datamngr\IEBHO.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\i0zxhjrq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/421
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... 21&sr=0&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\netscape6\nppl3260.dll
FF - plugin: d:\program files\netscape6\nprjplug.dll
FF - plugin: d:\program files\netscape6\nprpjplug.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-28 63960]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-5-28 217600]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-6-24 21504]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-7-25 27016]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-7-25 493184]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2010-10-26 2560]
R2 LMIGuardianSvc;LMIGuardianSvc;d:\program files\logmein\x86\LMIGuardianSvc.exe [2012-7-5 374184]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2012-6-8 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-9-26 47640]
R2 OKAV Agent Service;OKAV Agent Service;c:\program files\trend micro\okavagent\OKAVAgent.exe [2008-2-2 66824]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-5-28 9334784]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-5-28 275968]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\deltaII.sys [2009-6-24 302728]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-7-14 1443584]
R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-7-25 36744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-17 135664]
S2 SkypeUpdate;Skype Updater;d:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-25 250288]
S3 BCMIDI;BCMIDI;c:\windows\system32\drivers\bcmidi2.sys [2005-10-19 22432]
S3 BEHRINGER_PT_MIDI;Behringer MIDI driver service (pt);c:\windows\system32\drivers\bhrngr_m.sys [2010-3-20 35904]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-17 135664]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-6-24 21504]
S3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2011-4-6 16472]
S3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2011-4-6 11104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-29 15:44:36 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b560a821-f443-49bd-a461-13b1a28721d5}\offreg.dll
2012-09-29 02:43:28 -------- dc----w- c:\users\mark\appdata\local\NeoSmart_Technologies
2012-09-29 02:36:35 -------- dc----w- c:\program files\NeoSmart Technologies
2012-09-29 01:04:23 6980552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b560a821-f443-49bd-a461-13b1a28721d5}\mpengine.dll
2012-09-27 05:35:06 93672 -c--a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-26 11:36:29 -------- dc----w- c:\users\mark\appdata\local\LogMeIn
2012-09-26 11:36:25 52128 -c--a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-09-26 11:36:25 30624 -c--a-w- c:\windows\system32\LMIport.dll
2012-09-26 11:36:24 83392 -c--a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-09-26 11:36:24 47640 -c--a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-09-26 11:36:21 87456 -c--a-w- c:\windows\system32\LMIinit.dll
2012-09-26 11:36:16 -------- dc----w- c:\programdata\LogMeIn
2012-09-24 15:44:49 -------- dc----w- c:\users\mark\appdata\roaming\Flickr
2012-09-24 15:44:49 -------- dc----w- c:\users\mark\appdata\local\Flickr
2012-09-14 13:26:10 26840 -c--a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-14 13:25:01 -------- dc----w- c:\program files\iPod
2012-09-14 13:24:58 -------- dc----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-14 11:24:36 -------- dc----r- c:\users\mark\Dropbox
2012-09-14 11:21:56 -------- dc----w- c:\program files\Dropbox
2012-09-14 11:18:40 -------- dc----w- c:\users\mark\appdata\roaming\Dropbox
2012-09-04 10:46:28 -------- dc----w- c:\programdata\Premium
2012-09-04 10:46:15 -------- dc----w- c:\programdata\Codec
2012-09-04 10:45:19 -------- dc----w- c:\programdata\Codecv
2012-09-04 10:44:32 -------- dc----w- c:\programdata\InstallMate
.
==================== Find3M ====================
.
2012-09-29 03:01:03 49 -csha-w- c:\windows\system32\mmf.sys
2012-09-27 05:34:43 821736 -c--a-w- c:\windows\system32\npdeployJava1.dll
2012-09-27 05:34:43 746984 -c--a-w- c:\windows\system32\deployJava1.dll
2012-09-21 13:23:40 696240 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 13:23:39 73136 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 07:04:46 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 06:59:17 1800704 -c--a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 -c--a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 -c--a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 -c--a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 -c--a-w- c:\windows\system32\mshtml.tlb
2012-08-21 03:01:22 106928 -c--a-w- c:\windows\system32\GEARAspi.dll
2012-07-30 14:34:05 172032 -c--a-w- c:\windows\system32\AniGIF.ocx
2012-07-30 14:26:29 499712 -c--a-w- c:\windows\system32\msvcp71.dll
2012-07-30 14:26:29 348160 -c--a-w- c:\windows\system32\msvcr71.dll
2012-07-27 12:47:36 159232 -c--a-w- c:\windows\system32\clinfo.exe
2012-07-27 12:47:16 65024 -c--a-w- c:\windows\system32\OpenVideo.dll
2012-07-27 12:47:06 56320 -c--a-w- c:\windows\system32\OVDecode.dll
2012-07-27 12:46:06 13013504 -c--a-w- c:\windows\system32\amdocl.dll
2012-07-09 03:42:56 4547984 -c--a-w- c:\windows\system32\usbaaplrc.dll
2012-07-09 03:42:56 44032 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2012-07-04 14:02:46 2047488 -c--a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:14:45.06 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 26/04/2008 10:30:54 PM
System Uptime: 29/09/2012 1:00:05 PM (72 hours ago)
.
Motherboard: LENOVO | | LENOVO
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | CPU 1 | 2403/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 39 GiB total, 4.004 GiB free.
D: is FIXED (NTFS) - 409 GiB total, 166.774 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (NTFS) - 75 GiB total, 53.492 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP825: 1/10/2012 1:11:22 AM - Scheduled Checkpoint
RP826: 1/10/2012 8:12:03 PM - Installed Microsoft Visual C++ 2005 Redistributable
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Registration
AudioShell 1.3.5
BEHRINGER USB MIDI DRIVER
Bonjour
Cakewalk XL Pack
CamStudio OSS Desktop Recorder
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility
CCC Help English
Codecv
Conduit Engine
Delta
DivX Setup
Driver & Application Installation
Dropbox
EasyBCD 2.2
eMusic Download Manager
ESET Online Scanner v3
File Type Assistant
Flickr Uploadr 3.2.1
Gemini Rue
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Intel(R) PRO Network Connections 12.1.12.0
InterVideo DeviceService
iTunes
Jamstix 3.1.0
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 29
JavaFX 2.0.3
Just Sudoku - Professional Edition 1.1
Just Trains - Bristol-Exeter Scenario Pack
Just Trains - Voyager
Just Trains Bristol to Exeter for RailWorks & Railworks 2
K-Lite Codec Pack 4.0.0 (Full)
Lenovo Media Studio
Lenovo PC Type Configuration
LogMeIn
LVT
LXH-RAS79 Hotkey driver
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Automated Troubleshooting Services Shim
Microsoft Fix it Center
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
MiniTool Partition Wizard Home Edition 5.2
Mobipocket Creator 4.2
Mobipocket Reader 6.2
Mozilla Firefox 7.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
NVIDIA PhysX
OGA Notifier 1.7.0105.35.0
OKAVAgent
PaperPort Image Printer
PC Tune-Up
PIXresizer 2.0.4
PMB
QuickTime
RailWorks
realMyst
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
ScanSoft PaperPort 11
Searchqu Toolbar
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Serif PhotoPlus Starter Edition
Skype™ 5.10
SONAR Home Studio 6
Sony USB Driver
SpeedBit Video Accelerator
Spotify
Steam
The Lord of the Rings FREE Trial
Traffic Travis 4.1.0
Ulead VideoStudio 11
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.6195
VideoStudio
VoiceOver Kit
Windows Live OneCare safety scanner
Windows Media Player Firefox Plugin
Wings of Prey 1.0.4.1
WinRAR 4.01 (32-bit)
Xvid Video Codec
yuPlay client 0.7.28
ZoneAlarm Antivirus
ZoneAlarm DataLock
ZoneAlarm Extreme Security
ZoneAlarm Firewall
ZoneAlarm Security
.
==== End Of File ===========================

Regards
Mark Chaney
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: Strange links appearing on web pages

Unread postby Cypher » October 2nd, 2012, 4:08 am

Hi m2thef2thec,
Thanks for your reply.

You're welcome.
I must apologise. I thought I had posted both reports.

No problem :)
Continue with the instructions below then post the requested logs.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Conduit Engine
Java(TM) 6 Update 29
Searchqu Toolbar

Next.

Please right-click on the filename link below and select "Save target as..." or "Save Link as...", choose the Desktop location, and choose to save as the filename :Fix.txt

SQW7-Vista_x32.TXT

---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.

---------------------------------------------
Perform a Custom Fix with OTL
Double Click the OTL icon (Right click and choose "Run as administrator" in Vista/Win7)
  • Click the Run Fix button at the top.
  • You will see a popup dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on OK
  • When the Open dialog comes up, Navigate to the Desktop, scroll to find the file named Fix.txt and click Open
  • Some text will appear in the Custom scans/Fixes box.
  • Click the Run Fix button.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply. The file will also be available as
    C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

Next.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • SystemLook log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Strange links appearing on web pages

Unread postby m2thef2thec » October 3rd, 2012, 8:18 am

I have removed the selected programs but when I run OTL it stops responding. I have tried three times with the same result. The program does not finish and when I restart there is no log available, only a desktop.ini file. I have included the contents of this file for your reference. When OTL runs, Windows Explorer shuts down and all that's left on my desktop is the Windows Sidebar. Is this correct operation?

Contents of desktop.ini file:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Windows Mail.lnk=@%ProgramFiles%\Windows Mail\WinMail.exe,-225

I have not completed the next steps yet.

Regards
Mark
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: Strange links appearing on web pages

Unread postby Cypher » October 3rd, 2012, 10:39 am

Hi Mark,
Sorry you had problems running OTL, this can happen on some systems.
Go ahead and run SystemLook, then post the resulting log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Strange links appearing on web pages

Unread postby m2thef2thec » October 4th, 2012, 9:34 am

Hi Cypher

Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 23:25 on 04/10/2012 by Mark
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\10032012_012434\C_Users\Mark\AppData\Local\Temp\Searchqu.ini --a--c- 357 bytes [00:36 29/08/2012] [00:36 29/08/2012] 24864CD94B7F53B343690D08F0FDF73E
C:\_OTL\MovedFiles\10032012_012434\C_Users\Mark\AppData\Local\Temp\searchqutoolbar-manifest.xml --a--c- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=421&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=421&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-1473491835-2877683959-1440569699-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=101&systemid=421&qu={searchTerms}&ft=json"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{235AAF68-8994-4735-AE4C-5AF16F53DC0F}]
"AppPath"="C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF2F38F5-F4A3-4C5E-9058-132B29351D16}]
"AppPath"="C:\PROGRA~1\WI83E4~1\Datamngr\ToolBar"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: Strange links appearing on web pages

Unread postby Cypher » October 4th, 2012, 10:47 am

Hi Mark,
Please delete the copy of OTL you download previously, apparently there was a fault in the version you have.
Then download a new copy from Here and save it to your desktop.

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :processes
    killallprocesses
    
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_USERS\S-1-5-21-1473491835-2877683959-1440569699-1004\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{235AAF68-8994-4735-AE4C-5AF16F53DC0F}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AF2F38F5-F4A3-4C5E-9058-132B29351D16}]
    
    :files
    C:\PROGRA~1\SEARCH~1\Datamngr
    C:\PROGRA~1\WI83E4~1\Datamngr
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • OTL scan log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Strange links appearing on web pages

Unread postby m2thef2thec » October 5th, 2012, 4:51 pm

Hi Cypher

I've tried to run the new OTL program but I'm having a similar problem to the last time: it reaches a point where [emptytemp] and [resethosts] remain in the text box and it stops responding. I tried restarting my machine and running it again, but to no avail.

Regards
Mark
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: Strange links appearing on web pages

Unread postby Cypher » October 6th, 2012, 5:39 am

Hi Mark,
Ok sorry about this, there is still a problem with OTL and the developer is working on it.
Again please delete the copy of OTL you download previously.
Then download a new copy from Here and save it to your desktop. This is an older Stable copy of OTL.

Next.

  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • SystemLook log.
  • OTL scan log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Strange links appearing on web pages

Unread postby m2thef2thec » October 6th, 2012, 8:47 am

Hi Cypher

Here are the requested logs:

SystemLook

SystemLook 30.07.11 by jpshortstuff
Log created at 22:03 on 06/10/2012 by Mark
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\10032012_012434\C_Users\Mark\AppData\Local\Temp\Searchqu.ini --a--c- 357 bytes [00:36 29/08/2012] [00:36 29/08/2012] 24864CD94B7F53B343690D08F0FDF73E
C:\_OTL\MovedFiles\10032012_012434\C_Users\Mark\AppData\Local\Temp\searchqutoolbar-manifest.xml --a--c- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-

OTL.Txt

OTL logfile created on: 6/10/2012 10:27:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 58.67% Memory free
4.04 Gb Paging File | 1.96 Gb Available in Paging File | 48.60% Paging File free
Paging file location(s): c:\pagefile.sys 200 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 2.61 Gb Free Space | 6.68% Space Free | Partition Type: NTFS
Drive D: | 408.64 Gb Total Space | 162.36 Gb Free Space | 39.73% Space Free | Partition Type: NTFS

Computer Name: MNMSPUTER | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 22:00:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2012/09/25 19:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/08/27 14:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/08/18 22:02:26 | 001,193,176 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/07/31 00:34:06 | 001,494,216 | ---- | M] (SpeedBit LTD) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
PRC - [2012/07/31 00:34:06 | 000,265,928 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2012/07/31 00:26:30 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/05 18:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/07/05 18:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2012/06/08 12:06:24 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2012/05/28 23:52:35 | 000,451,072 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/05/28 23:51:17 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/07/29 09:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/25 22:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/07/25 22:57:14 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/07/22 09:43:08 | 000,072,336 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/03/15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/10/26 23:10:54 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/03 10:13:50 | 000,236,040 | ---- | M] () -- C:\Windows\System32\DeltaIITray.exe
PRC - [2008/02/02 04:27:36 | 000,066,824 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe
PRC - [2007/09/28 03:48:18 | 000,080,240 | ---- | M] () -- C:\Program Files\Lenovo\file32\hotkey.exe
PRC - [2007/08/17 15:27:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 19:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 19:42:57 | 012,278,808 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 19:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 19:41:39 | 000,578,072 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 19:41:38 | 000,123,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 19:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 19:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 19:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012/08/18 22:02:26 | 001,193,176 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/07/21 09:39:12 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9104e78d8897df008eed3a2af3bda6a2\WindowsFormsIntegration.ni.dll
MOD - [2012/07/21 08:50:25 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/07/21 08:48:29 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/07/21 08:48:21 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/07/21 08:48:06 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/07/21 08:47:34 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/28 23:50:59 | 000,037,376 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll
MOD - [2012/05/12 00:20:54 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\5fd0071c259b92078ced7cd752a14730\UIAutomationProvider.ni.dll
MOD - [2012/05/12 00:19:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 00:18:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/12 00:17:15 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/12 00:16:34 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/05/12 00:16:29 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 00:16:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/12 00:15:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/12 00:15:37 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/04/05 22:00:20 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/07/29 09:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 09:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/07/22 09:42:50 | 000,074,896 | ---- | M] () -- C:\Program Files\CheckPoint\ZoneAlarm\fde\fde_api.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/03/03 10:13:50 | 000,236,040 | ---- | M] () -- C:\Windows\System32\DeltaIITray.exe
MOD - [2007/09/28 03:48:18 | 000,080,240 | ---- | M] () -- C:\Program Files\Lenovo\file32\hotkey.exe
MOD - [2007/09/10 23:24:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Lenovo\file32\KEYHOOK.DLL


========== Services (SafeList) ==========

SRV - [2012/09/22 21:55:23 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/21 23:23:40 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/31 00:34:06 | 000,265,928 | ---- | M] (SpeedBit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2012/07/28 06:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/05 18:09:38 | 000,136,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/07/05 18:09:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- D:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2012/05/28 23:51:17 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/07/25 22:57:16 | 000,493,184 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011/07/22 09:44:44 | 002,413,936 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/26 23:10:54 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2010/08/13 09:12:02 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2008/02/02 04:27:36 | 000,066,824 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe -- (OKAV Agent Service)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/06 10:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/05 18:10:02 | 000,083,392 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2012/06/08 12:06:24 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- D:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2012/05/28 23:53:01 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2012/05/28 23:53:01 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/05/28 23:53:01 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/05/28 23:51:55 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/07/25 22:57:10 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/07/25 22:57:08 | 000,036,744 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2011/05/07 17:51:26 | 000,451,160 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/10/14 17:08:38 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/10/14 17:08:38 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/09/21 16:51:56 | 000,318,040 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/08/16 15:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/08/16 15:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/06/22 12:51:14 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/03/21 00:38:35 | 000,022,432 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcmidi2.sys -- (BCMIDI)
DRV - [2009/12/15 20:46:40 | 000,035,904 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bhrngr_m.sys -- (BEHRINGER_PT_MIDI)
DRV - [2009/07/14 20:44:22 | 001,443,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2008/03/03 10:13:46 | 000,302,728 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\deltaII.sys -- (DELTAII)
DRV - [2006/11/02 17:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2925418

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\Misc
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 34 44 43 BE 82 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/421"
FF - prefs.js..extensions.enabledAddons: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd}:3.7.0.6
FF - prefs.js..extensions.enabledAddons: seo4firefox@seobook.com:3.5.6
FF - prefs.js..extensions.enabledAddons: seotoolbar@seobook.com:1.1.19
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.6.1.01
FF - prefs.js..extensions.enabledAddons: {C3949AC2-4B17-43ee-B4F1-D26B9D42404D}:15.0.5
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=101&systemid=421&sr=0&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.90: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012/03/10 01:06:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/31 00:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/13 22:30:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/31 00:27:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 21:07:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/08/16 22:40:56 | 000,000,000 | ---D | M]

[2012/10/03 01:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2012/09/25 01:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2012/10/03 01:22:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions
[2011/01/20 01:14:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/16 00:59:29 | 000,000,000 | ---D | M] (ZoneAlarm Extreme Security Community Toolbar) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions\{a94e8dc9-07aa-45a7-8af2-a0375473a5cd}
[2012/09/14 23:22:08 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions\5045d8f65ca4e@5045d8f65ca87.info
[2011/10/16 00:59:28 | 000,081,013 | ---- | M] () (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions\seo4firefox@seobook.com.xpi
[2011/10/16 00:59:28 | 000,219,022 | ---- | M] () (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\extensions\seotoolbar@seobook.com.xpi
[2011/10/06 15:19:57 | 000,002,497 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\searchplugins\SearchResults.xml
[2012/08/29 10:36:24 | 000,002,519 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\i0zxhjrq.default\searchplugins\Search_Results.xml
[2012/10/03 01:22:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/15 13:41:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/07/31 00:27:34 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
File not found (No name found) -- C:\USERS\MARK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I0ZXHJRQ.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[2012/04/13 22:30:19 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- D:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011/09/29 17:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/07/31 00:26:38 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2011/09/29 11:30:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/09/29 11:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/29 11:30:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/09/29 11:30:22 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/06 15:19:57 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/08/29 10:36:24 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/09/29 11:30:22 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=cr ... 21&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: getPlusPlus for Adobe 16290 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.6 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Codecv = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbbadfnppehacgnbbpjjbajahlhhkem\1.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [DeltaIITaskbarApp] C:\Windows\System32\DeltaIITray.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Lenovokey] C:\Program Files\Lenovo\file32\hotkey.exe ()
O4 - HKLM..\Run: [LogMeIn GUI] D:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UVS11 Preload] D:\Program Files\Video Studio\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (SpeedBit LTD)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 00 00 00 02 [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\SpeedBit Video Accelerator\SBLSP.dll (SpeedBit)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74C65298-7B6A-4716-B1FF-8589C6780BB3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mark\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 06:19:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/10/03 01:24:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/29 12:43:28 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\NeoSmart_Technologies
[2012/09/29 12:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
[2012/09/29 12:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies
[2012/09/27 17:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/26 21:36:29 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\LogMeIn
[2012/09/26 21:36:25 | 000,030,624 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2012/09/26 21:36:24 | 000,083,392 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2012/09/26 21:36:24 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\LMIRfsDriver.sys
[2012/09/26 21:36:21 | 000,087,456 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2012/09/26 21:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2012/09/25 01:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Flickr
[2012/09/25 01:44:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Flickr
[2012/09/14 23:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/09/14 23:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/14 23:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/14 21:24:36 | 000,000,000 | R--D | C] -- C:\Users\Mark\Dropbox
[2012/09/14 21:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/09/14 21:21:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/09/14 21:18:40 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Dropbox
[2012/09/14 21:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

========== Files - Modified Within 30 Days ==========

[2012/10/06 22:33:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/06 22:23:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/06 22:00:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2012/10/06 20:42:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 20:42:07 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 14:33:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/06 06:49:05 | 000,645,088 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/06 06:49:05 | 000,123,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/06 06:42:28 | 000,000,049 | -HS- | M] () -- C:\Windows\System32\mmf.sys
[2012/10/06 06:42:23 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012/10/06 06:42:20 | 000,000,330 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterTask{8E2ED869-7D25-4836-92D0-9F000815237E}.job
[2012/10/06 06:42:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/03 22:10:41 | 000,139,264 | ---- | M] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/10/01 23:03:35 | 000,007,680 | ---- | M] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/01 20:18:39 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\SONAR Home Studio 6.lnk
[2012/09/29 12:40:20 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2012/09/29 12:36:45 | 000,020,480 | ---- | M] () -- C:\Users\Mark\Documents\EasyBCD Backup (2012-09-29).bcd
[2012/09/27 09:36:49 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/26 22:35:33 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/26 21:36:20 | 000,001,024 | ---- | M] () -- C:\.rnd
[2012/09/14 23:26:21 | 000,001,402 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/14 21:24:36 | 000,000,940 | ---- | M] () -- C:\Users\Mark\Desktop\Dropbox.lnk
[2012/09/14 21:22:43 | 000,000,950 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/10/03 22:10:37 | 000,139,264 | ---- | C] () -- C:\Users\Mark\Desktop\SystemLook.exe
[2012/09/29 12:36:45 | 000,020,480 | ---- | C] () -- C:\Users\Mark\Documents\EasyBCD Backup (2012-09-29).bcd
[2012/09/26 21:36:18 | 000,001,024 | ---- | C] () -- C:\.rnd
[2012/09/26 21:35:53 | 000,000,671 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2012/09/25 01:43:02 | 000,000,790 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flickr Uploadr.lnk
[2012/09/14 23:26:21 | 000,001,402 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/09/14 21:24:36 | 000,000,940 | ---- | C] () -- C:\Users\Mark\Desktop\Dropbox.lnk
[2012/09/14 21:22:43 | 000,000,950 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/08/31 13:50:52 | 000,923,648 | -HS- | C] () -- C:\Users\Mark\ehthumbs_vista.db
[2012/08/04 13:49:04 | 000,000,011 | ---- | C] () -- C:\Users\Mark\.DLMSave_back.xml
[2012/08/04 13:49:04 | 000,000,011 | ---- | C] () -- C:\Users\Mark\.DLMSave.xml
[2012/08/04 13:47:16 | 000,001,215 | ---- | C] () -- C:\Users\Mark\.Setting.ini
[2012/07/27 22:47:36 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/01/11 07:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/11/18 01:50:10 | 000,005,120 | ---- | C] () -- C:\Users\Mark\AppData\Local\Databases.db
[2011/09/15 00:24:29 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/15 00:24:29 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/13 08:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/05/23 01:14:27 | 000,000,049 | -HS- | C] () -- C:\Windows\System32\mmf.sys
[2011/04/09 01:12:14 | 000,711,168 | ---- | C] () -- C:\Windows\is-MF9H2.exe
[2011/04/06 01:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/06 00:24:23 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/04/06 00:24:23 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/04/06 00:24:22 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/03/29 20:11:56 | 000,236,040 | ---- | C] () -- C:\Windows\System32\DeltaIITray.exe
[2011/02/23 10:48:29 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/02/23 10:44:11 | 000,000,280 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/02/23 10:44:11 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/02/23 10:44:11 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2011/02/23 10:35:11 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2011/02/16 16:23:09 | 000,000,460 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/16 16:23:09 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/12/22 22:58:31 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat
[2010/12/22 22:57:50 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/12/22 22:57:47 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/10/26 23:10:54 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2010/10/26 23:10:54 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2010/08/14 21:23:49 | 000,001,356 | ---- | C] () -- C:\Users\Mark\AppData\Local\d3d9caps.dat
[2009/07/30 21:56:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/06/24 00:08:00 | 000,007,680 | ---- | C] () -- C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/24 00:02:24 | 000,017,089 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\UserTile.png

========== ZeroAccess Check ==========

[2006/11/02 22:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 03:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 16:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 16:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/12/12 21:30:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\#ISW.FS#
[2009/12/26 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AnvSoft
[2012/09/26 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Any Video Converter
[2011/06/17 23:51:58 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Archon Media
[2009/09/10 21:38:46 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Cakewalk
[2009/10/05 22:31:08 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\CheckPoint
[2012/10/06 06:44:17 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Dropbox
[2011/05/20 23:51:37 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\EurekaLog
[2012/09/25 01:44:49 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Flickr
[2010/12/22 00:30:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Free-backup.info
[2012/08/29 10:36:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FreeBurner
[2009/06/24 00:05:13 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\gtk-2.0
[2010/12/23 22:12:29 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LogMate
[2009/07/05 01:14:34 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\MailFrontier
[2011/06/21 23:08:32 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/10/13 00:30:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Mobipocket
[2009/06/24 00:05:18 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Moyea
[2009/06/23 07:02:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Opera
[2011/02/23 10:54:51 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ScanSoft
[2010/01/05 21:39:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SecondLife
[2011/04/03 22:20:40 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Serif
[2009/06/24 00:06:52 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SPAMfighter
[2012/08/18 22:37:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Spotify
[2011/05/20 14:58:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TeamViewer
[2012/03/21 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Traffic Travis v4
[2009/06/24 00:06:53 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ulead Systems
[2009/06/23 07:05:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Uniblue

========== Purity Check ==========



< End of report >

Extras.Txt

OTL Extras logfile created on: 6/10/2012 10:27:26 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 58.67% Memory free
4.04 Gb Paging File | 1.96 Gb Available in Paging File | 48.60% Paging File free
Paging file location(s): c:\pagefile.sys 200 4000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 2.61 Gb Free Space | 6.68% Space Free | Partition Type: NTFS
Drive D: | 408.64 Gb Total Space | 162.36 Gb Free Space | 39.73% Space Free | Partition Type: NTFS

Computer Name: MNMSPUTER | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C7E8A8-40FF-4933-8520-08CD09D17DDB}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\real myst\realmyst.exe |
"{08096EC0-62F2-4DB0-A1AC-817D77B74E9C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0EB82CD5-7992-4B2D-A1FF-160A8535D6F1}" = dir=in | app=c:\program files\lenovo\lenovo media studio\pdr.exe |
"{185EAB7C-2E41-44B5-A415-C7F58EC400C7}" = protocol=17 | dir=in | app=d:\program files\wings of prey\launcher.exe |
"{1A550AC2-6403-4D6C-87D1-1350C318CA2B}" = protocol=6 | dir=in | app=c:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe |
"{1CB2ADA1-7979-4365-AA1E-EA3C6BC0F990}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2107A69E-368F-4ED7-8BCB-793086D93DCC}" = dir=in | app=d:\program files\skype\phone\skype.exe |
"{2173B96C-FB5D-49E9-842A-4E9C032C0AFE}" = protocol=6 | dir=in | app=d:\program files\wings of prey\yuplay\yuplay.exe |
"{29F6B561-30B5-4B91-A7DB-9531DF9CBB0B}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\railworks\railworks.exe |
"{3D609D46-F16B-4AD2-AFE8-E096F38BC36C}" = protocol=17 | dir=in | app=d:\program files\wings of prey\acess.exe |
"{4069C9D5-F704-4FB2-A992-AC38A343F88F}" = protocol=6 | dir=in | app=d:\program files\wings of prey\launcher.exe |
"{51725E9C-5365-470B-9F2B-62575AA5AF11}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\real myst\realmyst.exe |
"{5611E9CB-9989-41EA-8328-C4DCB453D941}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5701A23D-7085-4C70-8A00-CA1EF041F9FC}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\real myst\realmystsetup.exe |
"{5BC9CCBD-F968-4914-9DC3-2F322EBD1664}" = protocol=6 | dir=in | app=d:\program files\wings of prey\acess.exe |
"{65F19041-4647-4AD3-8A03-F46238E771A7}" = dir=in | app=d:\itunes\itunes.exe |
"{6A3D48EA-7C37-400B-A6B0-75134C24ED04}" = protocol=17 | dir=in | app=c:\users\mark\appdata\roaming\dropbox\bin\dropbox.exe |
"{6C0A4F78-AEB6-4318-8C3D-925D74B54436}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\real myst\realmystsetup.exe |
"{771D2946-7A0B-430F-A26A-B7AC2DCD53B1}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"{790101FF-9268-4565-A063-82F87D158F2A}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\railworks\railworks.exe |
"{BD29621B-0CB2-4A93-A15E-A1C03339C9F0}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{D9C67F22-F741-4932-8709-751C38F5022E}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{E14E7F00-D1FD-4208-9BC0-F85EBB9AFC05}" = protocol=17 | dir=in | app=d:\program files\wings of prey\yuplay\yuplay.exe |
"{EEF35367-CAE6-4042-9DA3-71A6780900B6}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe |
"TCP Query User{DA79DC9A-E471-4DD5-AFC0-9462605B3F14}D:\program files\second life\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=d:\program files\second life\secondlifeviewer2\slvoice.exe |
"UDP Query User{A9E83950-D433-4F5A-87AF-2F49AEF90D08}D:\program files\second life\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=d:\program files\second life\secondlifeviewer2\slvoice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{22461A1C-BD68-4D90-9897-1DB146D55ECB}" = LogMeIn
"{24C898EC-4181-7812-5644-4E348533B532}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{364AD023-F22D-4380-88D0-F9C6A778E194}" = Driver & Application Installation
"{3671991B-E558-8A57-BBBF-D9C56B6F6AE4}" = CCC Help English
"{3BB1501C-1670-4b53-8B67-B1C368BC7227}" = Lenovo PC Type Configuration
"{3BB4634D-CEE5-7AB0-D78D-EA263389A8AB}" = Catalyst Control Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{81C6F110-7958-4442-B308-C7C9CAEF8CCF}" = ZoneAlarm DataLock
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{98856675-ABD3-41C6-8BAE-35A3DAA0B971}" = LXH-RAS79 Hotkey driver
"{9919E625-F1EC-4945-AC40-83BEE74B78CC}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0765939-76F5-48D8-82B1-8D0BBFAD0702}" = Serif PhotoPlus Starter Edition
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF1B2B2E-03E3-458A-9DEB-32F8C7637374}" = ZoneAlarm Security
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1" = Wings of Prey 1.0.4.1
"{BF9D2E61-64C4-64EA-6AF7-29EB5A110C26}" = AMD Catalyst Install Manager
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C180FAEF-61D5-4A03-8328-A58D9CDD1C4C}" = ZoneAlarm Firewall
"{C41E46F9-0F37-8379-E792-B323021FA4BB}" = Catalyst Control Center Localization All
"{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"{C6D445E8-98B7-436D-85FD-3C8FE999D151}" = Just Trains - Bristol-Exeter Scenario Pack
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CA4EECED-20F3-4C2B-8A93-F39CB2063E71}" = ZoneAlarm Antivirus
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = Lenovo Media Studio
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA1BC-CD6A-49A5-8D48-9B808C276EDE}" = Just Trains - Voyager
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DBBFDD7B-71FC-443D-95C2-D014FED556CB}" = LVT
"{DF088F13-9C0D-486B-9A6A-A6BA2BCCBAD6}" = Just Trains Bristol to Exeter for RailWorks & Railworks 2
"{E12ABE6F-830C-AE8F-29EA-76FEC5F2D376}" = Catalyst Control Center Graphics Previews Common
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioShell_is1" = AudioShell 1.3.5
"Cakewalk XL Pack_is1" = Cakewalk XL Pack
"conduitEngine" = Conduit Engine
"DivX Setup" = DivX Setup
"EasyBCD" = EasyBCD 2.2
"eMusic Download Manager 5.0.5" = eMusic Download Manager
"ESET Online Scanner" = ESET Online Scanner v3
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Gemini Rue" = Gemini Rue
"Google Chrome" = Google Chrome
"InstallShield_{C5BF6436-2E5B-4090-BA6B-28DE1BDC2107}" = OKAVAgent
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = Lenovo Media Studio
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"Jamstix 3_is1" = Jamstix 3.1.0
"Just Sudoku - Professional Edition_is1" = Just Sudoku - Professional Edition 1.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 7.0.1 (x86 en-GB)" = Mozilla Firefox 7.0.1 (x86 en-GB)
"PIXresizer_is1" = PIXresizer 2.0.4
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"RealPlayer 15.0" = RealPlayer
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"SONAR Home_is1" = SONAR Home Studio 6
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"Steam App 24010" = RailWorks
"Steam App 63600" = realMyst
"Traffic Travis 4.1 Setup Wizard_is1" = Traffic Travis 4.1.0
"Trusted Software Assistant_is1" = File Type Assistant
"USB_AUDIO_DEusb-audio.deBehringerMIDI" = BEHRINGER USB MIDI DRIVER
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"yuPlay клиент_is1" = yuPlay client 0.7.28
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2012 6:21:03 AM | Computer Name = MnMsPuter | Source = Application Hang | ID = 1002
Description = The program VstScan.exe version 4.6.0.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1560 Start Time: 01cd9fbe623a8904 Termination Time: 8

Error - 1/10/2012 6:23:37 AM | Computer Name = MnMsPuter | Source = Application Hang | ID = 1002
Description = The program SONARHS.exe version 15.2.2.386 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: be8 Start Time: 01cd9fbe61e42ba4 Termination Time: 60000

Error - 1/10/2012 8:27:44 AM | Computer Name = MnMsPuter | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(44:2a:60:7d:61:48@fe80::462a:60ff:fe7d:6148._apple-mobdev._tcp.local.)
active for over two minutes. This places considerable burden on the network.

Error - 1/10/2012 6:07:48 PM | Computer Name = MnMsPuter | Source = MatSvc | ID = 262152
Description = The MATS service encountered a failure when loading SAP. hr=0x80092003

SAP folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.32


Error - 1/10/2012 6:07:50 PM | Computer Name = MnMsPuter | Source = MatSvc | ID = 262159
Description = The scheduled MATS task encountered a failure when collecting configuration
data. hr=0x80092003 .

Error - 2/10/2012 5:56:43 PM | Computer Name = MnMsPuter | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.70.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 9cc Start Time: 01cda0b2e68cbd04 Termination Time: 5

Error - 2/10/2012 10:33:03 PM | Computer Name = MnMsPuter | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.70.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1b44 Start Time: 01cda0ebf4cda2b4 Termination Time: 86

Error - 5/10/2012 4:17:07 PM | Computer Name = MnMsPuter | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.70.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1a0c Start Time: 01cda30afbb27f00 Termination Time: 15

Error - 5/10/2012 4:39:39 PM | Computer Name = MnMsPuter | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.70.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 788 Start Time: 01cda336e3bc8220 Termination Time: 0

Error - 6/10/2012 8:03:26 AM | Computer Name = MnMsPuter | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1b9c Start Time: 01cda3ba3f03c47d Termination Time: 4

[ System Events ]
Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 23/06/2009 9:56:58 AM | Computer Name = MnMsPuter | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >

It's difficult to tell but my computer does seem to be running a bit more smoothly. Applications are opening a bit faster too.

Regards
Mark
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: Strange links appearing on web pages

Unread postby Cypher » October 6th, 2012, 11:20 am

Hi Mark,
Strange links appearing on web pages

Can you give me an update on this issue please, are you still seeing these strange links?
I need you to run another scan for me.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on the strange links.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Strange links appearing on web pages

Unread postby m2thef2thec » October 8th, 2012, 9:10 am

Hi Cypher

I've run ESET scanner but no log file has been generated that I can see. Nothing popped up after the scan finished and there is no log.txt file in the ESET scanner folder. The scan completed with no threats found.

There is an interesting thing with these links: They are only appearing when I use Google Chrome. They don't appear in IE or Firefox.

Regards
Mark
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am

Re: Strange links appearing on web pages

Unread postby Cypher » October 8th, 2012, 10:47 am

Hi Mark,
If the ESET scan detected no threats that's fine.
There is an interesting thing with these links: They are only appearing when I use Google Chrome. They don't appear in IE or Firefox.

In that case uninstall Google Chrome then reinstall it again.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Google Chrome

Then download and reinstall Google Chrome from Here

Post back and let me know if that solves the problem.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Strange links appearing on web pages

Unread postby m2thef2thec » October 9th, 2012, 8:07 am

Hi Cypher

This did not solve the problem.

Regards
Mark
m2thef2thec
Regular Member
 
Posts: 21
Joined: October 13th, 2011, 11:21 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware