Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

browser hijacked with tab "searchnu.com/406"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

browser hijacked with tab "searchnu.com/406"

Unread postby dermot » June 7th, 2013, 12:46 pm

Hello, I am new to this forum and very grateful for it. My laptop has recently been infected with malware / adware and my browsing is adversely affected. I was using chrome but it was hijacked in a similar way (the tab I couldn't get rid of was then "search.babylon.com") so I uninstalled it and tried using IE. However the same thing has happened, but the tab is now "searchnu.com/406" - I can't control this first tab that opens up when I launch IE and I keep getting pop up ads on the bottom and sidebar (right), despite having pop up blocker enabled and at highest security level. Also when moving the cursor over some links on websites, an ad appears -usually to enter some competition to win something! Having looked on other posts on here I see I'm not the first to have this problem! And like others, my problems seem to have started when I downloaded iLivid which I subsequently uninstalled. However, the damage was done. My AVG scans picked up and secured a Trojan horse threat which may be unconnected but it has not picked up the malware / adware.

I hope you can help, thank you!

Here are the logs you asked for:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Dermot at 17:22:39 on 2013-06-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.7658.3634 [GMT 1:00]
.
AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Dermot\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Common Files\HP\Digital Imaging\Bin\hpqPhotoCrm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrUI.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_202_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=119776 ... E9D3D0FEA7
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll
TB: Search-Results Toolbar: {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Yontoo Desktop] "C:\Users\Dermot\AppData\Roaming\Yontoo\YontooDesktop.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [SMART Board Service] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe" -d
mRun: [SMART Board Tools] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe"
mRun: [SMART Ink] "C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe" -a
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [sbsdk-server] "C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe"
mRun: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
StartupFolder: C:\Users\Dermot\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{078DAC39-51BF-4723-8E72-2E34A73FE62E} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~3\Wincert\WIN32C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
LSA: Notification Packages = scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
x64-BHO: SMART Notebook Download Utility: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-22 45856]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-9-21 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-29 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-4-10 1428472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-4-10 168592]
R2 DatamngrCoordinator;Datamngr Coordinator;C:\Program Files (x86)\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe [2013-6-2 3022848]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe [2011-8-26 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-2-15 34872]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-31 2413056]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]
R2 SMARTHelperService;SMART Helper Service;C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe [2012-10-17 582552]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-5-7 23552]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2011-7-16 96896]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-3-31 46136]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2011-7-16 214144]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-3-31 133672]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-3-31 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-3-31 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-3-31 39976]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-31 338536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-31 428136]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2012-3-21 13168]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2012-3-21 16368]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2012-3-21 24944]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-4 19456]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-4 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-4 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-06-04 22:01:08 92256 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2013-06-04 21:47:49 362029 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2013-06-02 19:28:06 -------- d-----w- C:\ProgramData\Browser Manager
2013-06-02 17:23:22 -------- d-----w- C:\Program Files (x86)\Mysearchdial
2013-06-02 17:14:53 -------- d-----w- C:\ProgramData\Wincert
2013-06-02 17:14:38 -------- d-----w- C:\ProgramData\Datamngr
2013-06-02 17:14:38 -------- d-----w- C:\Program Files (x86)\Search Results Toolbar
2013-05-14 21:33:10 983912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-14 21:33:10 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-14 21:33:04 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-14 21:33:03 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-14 21:33:03 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-14 21:33:03 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-14 21:32:55 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-14 21:32:55 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-14 21:32:54 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-12 09:59:02 114176 ----a-w- C:\Users\Dermot\AppData\Roaming\BabMaint.exe
.
==================== Find3M ====================
.
2013-05-20 16:53:40 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-05-15 20:47:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 20:47:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-03-29 01:53:48 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-21 02:08:24 240952 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 17:23:04.15 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 23/08/2012 18:22:28
System Uptime: 07/06/2013 10:37:43 (7 hours ago)
.
Motherboard: Hewlett-Packard | | 1807
Processor: AMD A8-3530MX APU with Radeon(tm) HD Graphics | Socket FS1 | 1900/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 906 GiB total, 843.698 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.308 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.077 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4500 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4500 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
RP75: 10/05/2013 11:16:24 - Scheduled Checkpoint
RP76: 15/05/2013 20:59:27 - Windows Update
RP77: 16/05/2013 01:52:21 - Windows Update
RP78: 23/05/2013 20:40:03 - Scheduled Checkpoint
RP79: 03/06/2013 00:20:35 - Scheduled Checkpoint
RP80: 04/06/2013 22:41:11 - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Fuel
AMD Steady Video Plug-In
AMD System Monitor
AMD VISION Engine Control Center
AuthenTec TrueAPI
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
AVG Security Toolbar
Bejeweled 3
Bing Bar
Bing Desktop
Blackhawk Striker 2
Blio
Broadcom 802.11 Wireless LAN Adapter
Broadcom Bluetooth Software
Broadcom InConcert Maestro
BrowserProtect
BufferChm
C4500
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Copy
Cradle of Rome 2
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Delta Chrome Toolbar
Delta toolbar
Destinations
DeviceDiscovery
Dora's World Adventure
ESU for Microsoft Windows 7 SP1
Evernote v. 4.6.3
Farm Frenzy
Farmscapes
FATE
Final Drive Fury
FirstRowSportApp
GPBaseService2
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP 3D DriveGuard
HP Auto
HP Client Services
HP CoolSense
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Documentation
HP DVB-T TV Tuner 8.0.64.43
HP Games
HP Imaging Device Functions 13.0
HP Launch Box
HP On Screen Display
HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
HP Photosmart Essential 3.5
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP SimplePass 2012
HP Smart Web Printing 4.51
HP Software Framework
HP Solution Center 13.0
HP Support Assistant
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
IDT Audio
Jewel Match 3
Jewel Quest Mysteries: The Seventh Gate Collector's Edition
John Deere Drive Green
Junk Mail filter update
Letters from Nowhere 2
Luxor HD
Magic Desktop
Mah Jong Medley
MarketResearch
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mysearchdial
Network64
opensource
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
PS_AIO_04_C4500_Software_Min
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
RollerCoaster Tycoon 3: Platinum
Scan
Search-Results Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shop for HP Supplies
Skype Click to Call
Skype™ 6.3
SMART Common Files
SMART English (United Kingdom) Language Pack
SMART Ink
SMART Notebook
SMART Product Drivers
SmartWebPrinting
SolutionCenter
Status
swMSM
Synaptics TouchPad Driver
The Treasures of Mystery Island: The Ghost Ship
Toolbox
Torchlight
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
Validity WBF DDK
Virtual Villagers 4 - The Tree of Life
Visual Studio 2010 x64 Redistributables
WebReg
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Toolbar
Yontoo 2.053
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
07/06/2013 10:37:17, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
07/06/2013 08:58:19, Error: Service Control Manager [7031] - The BrowserProtect service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
07/06/2013 08:55:35, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.
02/06/2013 18:14:49, Error: Service Control Manager [7030] - The Datamngr Coordinator service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
02/06/2013 14:31:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
dermot
Active Member
 
Posts: 14
Joined: June 7th, 2013, 12:01 pm
Advertisement
Register to Remove

Re: browser hijacked with tab "searchnu.com/406"

Unread postby Cypher » June 8th, 2013, 1:24 pm

Hi,
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: browser hijacked with tab "searchnu.com/406"

Unread postby Cypher » June 8th, 2013, 1:31 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Adobe Reader X (10.1.7) MUI
AVG Security Toolbar
Delta Chrome Toolbar
Delta toolbar
Search-Results Toolbar

Next.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Next.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.
Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • JRT.txt.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: browser hijacked with tab "searchnu.com/406"

Unread postby dermot » June 8th, 2013, 5:34 pm

Thank you Cypher.
I followed your instructions and all logs requested are posted below. There was only one tricky bit and that was trying to uninstall the toolbars and Adobe Reader X (10.1.7) MUI. There were lots of pop up instructions but I think I dealt with each OK, although there was a worrying one I've seen before which started as follows:
"C:\Users\Dermot\AppData\Local\Temp\PROPSYS.dll is either not designed to run on Windows or it contains an error. Try installing the program again...etc." I have no idea what this is and not sure if it is part of the infection or something else! On a plus note, the symptoms of the infection have disappeared so I'm hoping it's sorted :) I would like to reinstall Chrome as my browser but will hold back until you've confirmed my laptop is now clean.

Here are the logs requested - I've had to send them in separate posts as together they exceed the max number of characters allowed. Thanks again for your help Cypher - it's very much appreciated.

AdwCleaner log

# AdwCleaner v2.303 - Logfile created 06/08/2013 at 20:51:47
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dermot - DERMOT-HP_LAP
# Boot Mode : Normal
# Running from : C:\Users\Dermot\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DatamngrCoordinator
Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Search Results Toolbar
Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Users\Dermot\AppData\Local\mysearchdial.crx
File Deleted : C:\Users\Dermot\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Delta
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Deleted : C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol
Folder Deleted : C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Dermot\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Dermot\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dermot\AppData\Roaming\Yontoo

***** [Registry] *****

Data Deleted : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\5d538ddee169ed40
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbajpeofkjjeiamcglnmldoboonfkiol
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [10938 octets] - [08/06/2013 20:51:47]

########## EOF - C:\AdwCleaner[S1].txt - [10999 octets] ##########



JRT LOG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dermot on 08/06/2013 at 21:09:30.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2E48E06E-E531-F396-F722-75A2621376C4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3DAD20A2-FF80-440B-BF0C-058263ADF7F7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BFB64F40-8E2D-4B59-9FCF-47126EAB692B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3DAD20A2-FF80-440B-BF0C-058263ADF7F7}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Successfully deleted: [Folder] "C:\Users\Dermot\appdata\locallow\datamngr"
Failed to delete: [Folder] "C:\Program Files (x86)\search results toolbar"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Dermot\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08/06/2013 at 21:15:07.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dermot
Active Member
 
Posts: 14
Joined: June 7th, 2013, 12:01 pm

Re: browser hijacked with tab "searchnu.com/406"

Unread postby dermot » June 8th, 2013, 5:35 pm

OTL AND EXTRA LOGS

OTL logfile created on: 08/06/2013 21:18:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dermot\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.48 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 70.61% Memory free
14.96 Gb Paging File | 12.34 Gb Available in Paging File | 82.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905.92 Gb Total Space | 844.80 Gb Free Space | 93.25% Space Free | Partition Type: NTFS
Drive D: | 21.43 Gb Total Space | 2.31 Gb Free Space | 10.77% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.20% Space Free | Partition Type: FAT32

Computer Name: DERMOT-HP_LAP | User Name: Dermot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/08 21:17:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dermot\Desktop\OTL.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/10 17:11:52 | 002,387,088 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
PRC - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/03/02 11:33:04 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012/11/05 17:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/10/25 16:40:08 | 000,032,152 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\Office\SMARTInk-SBSDKProxy.exe
PRC - [2012/10/25 16:39:44 | 000,126,872 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInkPrivilegedAccess.exe
PRC - [2012/10/25 16:39:32 | 000,098,200 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe
PRC - [2012/10/17 08:42:56 | 005,282,200 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\SBWDKService.exe
PRC - [2012/10/17 08:41:18 | 000,582,552 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe
PRC - [2012/10/17 08:40:42 | 002,219,416 | ---- | M] (SMART Technologies) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe
PRC - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012/03/09 09:14:50 | 010,132,336 | ---- | M] (SMART Technologies ULC) -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe
PRC - [2012/02/15 12:58:00 | 000,577,408 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/10/08 04:10:48 | 000,169,528 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/09/28 23:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/09/20 19:53:26 | 000,148,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe
PRC - [2011/08/26 11:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 11:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 11:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/08/19 23:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 21:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2008/07/22 19:33:28 | 000,544,768 | ---- | M] (Hewlett-Packard Development Co. L.P.) -- C:\Program Files (x86)\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/15 21:50:16 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\7e0e59f1f0acf0078a8ed9c04947bcc2\System.IdentityModel.ni.dll
MOD - [2013/05/15 21:50:14 | 018,080,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\051d4dcae1aa316265d69ea0d3796b9c\System.ServiceModel.ni.dll
MOD - [2013/05/15 21:47:57 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\8e3479ab33dd0bc6a074003a28d9f28a\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/05/15 21:47:56 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d701cc56a037e8673e4880ae819b23bf\System.Runtime.Serialization.ni.dll
MOD - [2013/05/15 21:08:18 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cd97e72517bd9c1823db5b346aef00c5\PresentationFramework.ni.dll
MOD - [2013/05/15 21:08:00 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\955fd417feebe9b528db41bf0affcd14\PresentationCore.ni.dll
MOD - [2013/05/15 21:07:51 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\b2c0f91d4817a23f3fd07cd05ebd8e89\System.Windows.Forms.ni.dll
MOD - [2013/05/15 21:07:46 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\d5eb9579d1850678612625ab995629ea\System.Core.ni.dll
MOD - [2013/05/15 21:07:42 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1ef813dbb9dbbcf483007ed4c42472c9\WindowsBase.ni.dll
MOD - [2013/05/15 21:07:38 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\11dfbb7df959cb6dd5b57816141de355\System.Configuration.ni.dll
MOD - [2013/05/08 10:00:25 | 000,474,112 | ---- | M] () -- C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll
MOD - [2013/01/10 21:41:50 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\62d047ff6c2865139d95eb19545b1cc6\SMDiagnostics.ni.dll
MOD - [2013/01/10 21:40:59 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cbb7db665b3ba25a931258eb702527f5\System.Xaml.ni.dll
MOD - [2013/01/10 20:51:22 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/10 19:18:03 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7d6b122bee0977d953ee2409d74c3c25\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 19:17:58 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d884c684ee3f738a60e3c50dd5d88caa\System.Xml.ni.dll
MOD - [2013/01/10 19:17:56 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b83993cc955262507c8ead67567c8060\System.Drawing.ni.dll
MOD - [2013/01/10 19:17:53 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\df418085cedae9fa2efee87e20a419a4\System.ni.dll
MOD - [2013/01/10 19:17:46 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\60c214b6ad5691e368a16ec65d127c27\mscorlib.ni.dll
MOD - [2012/10/17 08:40:30 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\HWR.node
MOD - [2012/10/17 08:40:24 | 000,454,656 | ---- | M] () -- C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\node_modules\SBSDK.node
MOD - [2012/09/10 23:26:25 | 000,054,184 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_thread.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_472b4edec4bf8550\boost_thread-vc100-mt-1_44.dll
MOD - [2012/09/10 23:26:22 | 000,051,120 | ---- | M] () -- C:\Windows\winsxs\x86_smarttech.boost_date_time.vc100.1.44_9ca15c999435ee05_1.0.1.0_none_50d6b3902c95d15a\boost_date_time-vc100-mt-1_44.dll
MOD - [2012/09/08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/21 20:27:47 | 000,311,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/09/21 20:27:45 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/29 03:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/28 14:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/09/20 19:52:38 | 001,085,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/05/27 19:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/02/17 07:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 11:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/15 21:47:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 17:11:52 | 000,168,592 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/17 08:41:18 | 000,582,552 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files (x86)\SMART Technologies\Education Software\SMARTHelperService.exe -- (SMARTHelperService)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/10 23:56:51 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/08/23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/15 12:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/08/26 11:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/06/29 02:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/21 20:31:07 | 004,747,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/09/21 20:27:47 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/21 15:26:40 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2012/03/21 15:26:32 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2012/03/21 15:26:30 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/10 04:30:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/10 04:30:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/29 03:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/29 02:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/21 02:36:50 | 000,620,584 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2011/09/21 02:36:50 | 000,133,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2011/09/21 02:36:50 | 000,089,640 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwdpan.sys -- (BTWDPAN)
DRV:64bit: - [2011/09/21 02:36:44 | 000,178,728 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/09/21 02:36:44 | 000,167,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/09/21 02:36:44 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/09/21 02:36:44 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/07/16 13:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/07/16 13:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/06/10 03:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/31 01:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 19:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 19:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/04/16 11:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 11:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/17 17:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 18:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 17:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 17:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/07/04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{3DAD20A2-FF80-440B-BF0C-058263ADF7F7}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-11109 ... html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-11109 ... html?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=UP35&ocid=UP35DHP
IE - HKCU\..\SearchScopes,DefaultScope = {D944BB61-2E34-4DBF-A683-47E505C587DC}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-11109 ... html?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dermot\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dermot\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/16 21:08:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/03/16 21:08:20 | 000,000,000 | ---D | M]

[2013/06/02 18:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dermot\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/06/02 18:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dermot\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2013/06/02 18:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dermot\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions
[2013/06/02 18:23:30 | 000,000,000 | ---D | M] (MySearchDial) -- C:\Users\Dermot\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2013/06/02 18:23:29 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Dermot\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0\extensions\ffxtlbr@mysearchdial.com
[2013/06/02 18:23:29 | 000,000,000 | ---D | M] (MySearchDial) -- C:\Users\Dermot\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
[2013/06/02 18:23:28 | 000,000,000 | ---D | M] (mysearchdial.com) -- C:\Users\Dermot\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@mysearchdial.com
[2013/05/07 21:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.4_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\bipbkjijodkkdkilghhekodmoagkcdnc\2_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppdehaogjdmkkiaiokmjdjmjnjicddk\2.0.0.77_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkfggacklibaabdomphfdpcodjgihgon\1.0_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnjdjjiobjicmlhnjlogfgbibihjhkeo\1.2.0.0_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\8.0.1_0\
CHR - Extension: No name found = C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll (SMART Technologies ULC.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SMART Notebook Download Utility) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win32\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [sbsdk-server] C:\Program Files (x86)\SMART Technologies\Education Software\sbsdk-server\NodeLauncher.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART Board Tools] C:\Program Files (x86)\SMART Technologies\Education Software\SMARTBoardTools.exe (SMART Technologies ULC)
O4 - HKLM..\Run: [SMART Ink] C:\Program Files (x86)\SMART Technologies\Education Software\SMARTInk.exe (SMART Technologies)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Users\Dermot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{078DAC39-51BF-4723-8E72-2E34A73FE62E}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/08 21:17:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dermot\Desktop\OTL.exe
[2013/06/08 21:09:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/08 21:08:54 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/08 21:04:13 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dermot\Desktop\JRT.exe
[2013/06/07 17:20:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dermot\Desktop\dds.scr
[2013/06/07 08:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/06/04 22:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/06/02 20:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/06/02 18:14:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2013/05/18 06:51:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2013/06/08 21:22:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2113397619-2856157810-947063236-1002UA.job
[2013/06/08 21:17:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dermot\Desktop\OTL.exe
[2013/06/08 21:04:13 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dermot\Desktop\JRT.exe
[2013/06/08 21:03:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 21:03:28 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 20:55:54 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/06/08 20:55:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/08 20:55:36 | 1727,455,231 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/08 20:49:47 | 000,648,201 | ---- | M] () -- C:\Users\Dermot\Desktop\adwcleaner.exe
[2013/06/08 20:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/08 19:24:11 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/08 19:24:11 | 000,664,780 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/08 19:24:11 | 000,125,484 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/08 14:22:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2113397619-2856157810-947063236-1002Core.job
[2013/06/07 17:20:44 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dermot\Desktop\dds.scr
[2013/06/07 08:55:29 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/06/04 22:47:49 | 000,362,029 | ---- | M] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/06/04 19:51:03 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDERMOT-HP_LAP$.job
[2013/06/03 17:57:20 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDermot.job
[2013/06/02 18:24:18 | 000,000,244 | ---- | M] () -- C:\Windows\wininit.ini
[2013/06/02 18:23:17 | 000,001,135 | ---- | M] () -- C:\Users\Dermot\Desktop\FirstRowSportApp.lnk
[2013/05/23 17:40:30 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\SMART Ink Document Viewer.lnk
[2013/05/23 17:39:09 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\SMART Notebook 11.lnk
[2013/05/15 21:32:22 | 000,357,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/06/08 20:49:46 | 000,648,201 | ---- | C] () -- C:\Users\Dermot\Desktop\adwcleaner.exe
[2013/06/04 22:47:49 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/06/02 18:24:18 | 000,000,244 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/16 21:02:48 | 000,197,527 | ---- | C] () -- C:\Windows\hpoins30.dat
[2013/03/16 21:02:48 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat
[2012/03/31 01:29:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/03/31 01:20:07 | 000,764,746 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/31 01:08:36 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/11/10 05:06:17 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/09/28 14:49:36 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011/09/06 20:34:28 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/10 03:17:36 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/22 20:42:33 | 000,000,000 | ---D | M] -- C:\Users\Dermot\AppData\Roaming\AVG
[2012/10/22 20:50:52 | 000,000,000 | ---D | M] -- C:\Users\Dermot\AppData\Roaming\AVG2013
[2012/08/31 15:40:18 | 000,000,000 | ---D | M] -- C:\Users\Dermot\AppData\Roaming\Blio
[2012/09/11 07:07:40 | 000,000,000 | ---D | M] -- C:\Users\Dermot\AppData\Roaming\SMART Technologies
[2012/09/10 23:29:44 | 000,000,000 | ---D | M] -- C:\Users\Dermot\AppData\Roaming\SMART Technologies Inc
[2012/08/23 18:29:56 | 000,000,000 | ---D | M] -- C:\Users\Dermot\AppData\Roaming\Synaptics
[2012/10/22 20:50:12 | 000,000,000 | ---D | M] -- C:\Users\Dermot\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >




OTL Extras logfile created on: 08/06/2013 21:18:23 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dermot\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.48 Gb Total Physical Memory | 5.28 Gb Available Physical Memory | 70.61% Memory free
14.96 Gb Paging File | 12.34 Gb Available in Paging File | 82.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905.92 Gb Total Space | 844.80 Gb Free Space | 93.25% Space Free | Partition Type: NTFS
Drive D: | 21.43 Gb Total Space | 2.31 Gb Free Space | 10.77% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.20% Space Free | Partition Type: FAT32

Computer Name: DERMOT-HP_LAP | User Name: Dermot | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E883A02-9EA3-4CA8-9693-D79FC1A7DD58}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{123FCB64-15B8-4324-A60C-CC29B0C51394}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CC52774-647A-4BB9-BE7E-8DB0CEACFB20}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{247A7F57-1460-4277-932F-4F8315B490C8}" = rport=139 | protocol=6 | dir=out | app=system |
"{2985957B-0156-4C71-9046-5B1D0F872627}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3551DCEF-9575-420F-BEAA-0C5EB7445D82}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{387591CB-522A-4CCB-9D0F-1010CEBF62D0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3C5F5B27-F2BE-4A37-8083-953756FDAAB9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{498F8A3E-1203-4929-9C9E-309A1326EE9B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49F8AA3C-52FE-4AC0-AC43-2E1E7CD52533}" = lport=139 | protocol=6 | dir=in | app=system |
"{7287C086-17E6-4A2F-A5C7-B7DF65C1090D}" = lport=138 | protocol=17 | dir=in | app=system |
"{752B614C-0AAA-404A-A964-1EE27CC343A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83547136-A9C1-4451-8E5E-9EE763CE2556}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{9470A70F-2A8C-476A-ABCB-3E93D7AAC822}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B5F1EE7-72A4-4657-80B5-BA02564AD6A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{A416B5E2-3751-417D-9DF4-7D5A1A50D55D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6B68DFC-2190-48E8-AE66-F4BDD9F78171}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CC7EB950-9487-4F72-83BE-03A92F6554E4}" = lport=137 | protocol=17 | dir=in | app=system |
"{D46235BC-A783-468F-B763-FD4D3F983CE9}" = rport=137 | protocol=17 | dir=out | app=system |
"{D67A37C7-4B6A-48AC-9204-7792AFF7C716}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D687529E-96FD-4238-8518-9EFB6F4C1CDC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E2BE1FA6-9543-4B48-9301-E9EE8DCB6DBB}" = lport=445 | protocol=6 | dir=in | app=system |
"{E80875D6-F1D1-4308-BFD7-15261AC858E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F5DD510D-FC08-4198-99D6-7F196865B648}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FBA6E177-93D7-4062-9978-95DEBD90825C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FE8DC333-44B5-40CC-A694-54F7EFFC78B3}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0003B0CB-808D-4A85-8997-59B98B965FC6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{01104817-F2C1-4DF9-97F2-DE0968A1CA9B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{031698E6-89D7-4E90-9143-3C8BA8A75512}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{046CA1B6-BA03-4F91-9856-672D8F989168}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0E2A919C-D52D-4310-89F8-4B640BF34F2C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{12B66FCD-72F2-4296-93FE-794A28D14715}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{182DD6B6-973A-4285-8EC9-BB7D3CC99D07}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{1BB1283A-8668-4BBC-98BE-8E3BFEA99C15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{25809CFC-A800-447B-AFEB-C764DE367FEA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{25F3BA33-D6AC-4686-9141-BC61EDFDA3DF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2A3B1148-6A7D-418F-A7DC-D2F0CA985A61}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{2A8EBC48-CA30-4332-A2CA-5CB24FD52018}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{40DDB57C-735D-47CC-9F45-ED29D4D6413B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{410DE91F-7A62-437B-BEF3-80E8FA1E791C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{41BA488D-C484-47E4-BA46-166D8337F9DE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{4801BF44-9852-4A20-8756-4B80ADBF36B4}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\smartsnmpagent.exe |
"{4AF9535F-D6A0-4043-ACD5-4B4722413E01}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{50B3A0CB-68FA-478B-8284-2B8DF93CA5E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{56C96725-969E-4F67-9DA7-506DA369861A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59BC7659-71C0-4B23-BC10-D2F5B3DDDE44}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{5C7261D1-0FC6-44D3-8D61-9434FF0BD0BB}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{6090F9E1-69F1-4AA9-BB3D-9A7539CC2592}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{63B2C8FD-3931-4710-B8CB-1E18DF73E3CD}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{67155D54-99D5-42B2-9895-B18E9F286B8E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{6986C748-64E7-433C-B6B9-8703F3174DCB}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucservice.exe |
"{6D2D1616-DDF3-46C9-A549-AF1852E90623}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{73FA0339-02F4-42F9-8A70-684DA180D370}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{746E3382-4281-405E-99DC-D191F7E258FC}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{756288CB-B99A-4E2A-8366-7F5415AA5038}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{75CB296E-5DF1-4AF7-B7D7-9B0259B5C62C}" = protocol=6 | dir=out | app=system |
"{7EC8D5FD-DFDD-458F-B6A5-9B37E77C7DC0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{839690CE-2CD6-4829-932B-B66032DB0487}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{855DC2ED-7902-4373-A26A-F4F1197E113A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{85A41A23-77AC-470A-838C-83B045FB7A4D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{86FD1962-BBB2-47E8-9046-630B7B847BC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8AB1AC7F-37AE-4D0B-A141-6AF43A15279F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{8E35EA71-5DCD-42BE-BDC8-68DCF2980682}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\vantageservice.exe |
"{8F9735F4-9413-4683-A883-BB03FC21D2D2}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\smartsnmpagent.exe |
"{9046FBC6-96F5-4185-8983-2AF4113E3681}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{946E702D-65EC-4728-BE55-24CB43C392FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98977AA6-0F1C-4F66-95DF-92F85EE09521}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{9BDC908E-E89C-456A-A54E-EFBE4EA833F8}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{A4C5DCE0-36A3-431E-B857-295947AA04A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{A692C234-6F2F-4386-97B7-46EE33B6C2DF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A811B4BD-79EA-40DA-AC28-79E0B61AAD13}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB250BDC-5DB4-4A72-9055-F1D2DBB4444F}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucgui.exe |
"{AB990F20-720F-4A25-BB81-2071BC08EB24}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucservice.exe |
"{B007F5D3-650C-4D21-BD97-776C4C0C0492}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B03F827B-2655-4313-B1B8-5DE3BEF8B1FF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{B0F4EBFD-AE1A-4B8E-BA23-2272D540C577}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{BB3CA075-17D7-4738-B676-25D601A46099}" = dir=in | app=c:\users\dermot\appdata\local\temp\7zs6535\setup\hpznui40.exe |
"{BE7CBE3A-9159-4CD4-A9DE-856FF2A4840F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2564774-7757-4B22-AB97-6E3F6B24610E}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\education software\ucgui.exe |
"{C5F03ED0-E935-48F0-9226-28592F1F9654}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{CAC7BAF5-F1B4-4FF7-8CB1-C5CAA1D796EC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{CC1C279A-CB1B-449E-9F56-700BC12FA79C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D1E88625-67FE-4078-BACA-1F0F20F22DFB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DAE2F343-859C-427C-BBBE-BAB2447EB27D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{E0968095-CBC0-4C3C-8FA0-1637E0E827B6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E46B6516-6C85-4ABC-98A2-800009A72774}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3CE3AFB-D2CB-4E4F-87AF-CDF48F2C194A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0576788F-2993-455F-80CD-980114095103}" = HP Security Assistant
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{119EEB4B-F32F-4D71-B9C0-E42403F91C9A}" = AVG 2013
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2FD3DC87-EC8D-78D2-1D3A-F4D6E7531BAF}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = Broadcom Bluetooth Software
"{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A9614BE8-EDB6-4151-81F0-DF2B9F4D8ABE}" = AVG 2013
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{ACD449FA-9DF3-779D-DA68-11D486963225}" = AMD Catalyst Install Manager
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{BF92729B-1505-55D8-DAD4-4727CDB02FF6}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}" = HP 3D DriveGuard
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2013
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0535D679-6FFB-2CAB-F7FF-7B05D6D6CAB5}" = CCC Help Chinese Standard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{16F1B95A-F813-7600-EFA5-A97CB11222BC}" = CCC Help French
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17A5CB1F-712A-41D2-FBBB-4A881EBA9B17}" = CCC Help Polish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}" = HP Software Framework
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20DBF540-DF10-0A5C-7443-F139A84CC1F5}" = CCC Help Dutch
"{21CC6030-B1EA-3E53-DF36-38054A1596B4}" = CCC Help Turkish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29819186-C15B-D50E-AB2E-8C24E2619273}" = CCC Help Portuguese
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{314F8264-25FB-C833-1017-3A0E0846112C}" = CCC Help Hungarian
"{3167966F-9811-30EF-6093-B7B95E2F19B7}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{346DAD45-38D4-B63C-C372-1E2BC136DE69}" = CCC Help Finnish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3A83B36C-17B9-4832-445A-7A9DF377BB12}" = CCC Help Swedish
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{423FBEB8-21C6-4720-A8DA-B19B06FDB607}" = HP SimplePass 2012
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A1F2472-6164-43FA-9D2F-B35E71A8DF32}" = SMART Ink
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4C8BBCC8-8363-11E2-A3F4-984BE15F174E}" = Evernote v. 4.6.3
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58A2F6F8-6009-CC35-2A83-DB5F922003DE}" = CCC Help Czech
"{5E21F3A1-9E84-DC22-1C62-0DB056EC7344}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{81C9D048-B677-3CDD-7E20-3AF8DBFC4A0A}" = Catalyst Control Center Localization All
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{870163D1-4D3A-198C-5414-889F1F4347AE}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93335AAC-9F8B-54DF-7DB5-2C98D0DC2111}" = CCC Help Chinese Traditional
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9BCA64E3-D180-4F13-8014-5E62947150C1}" = HP Documentation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{9EAAB95B-17B6-43CF-B4E9-4A90937C83FD}" = Blio
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AD0AAA4D-9A81-8B10-EB28-3C1372987DE7}" = CCC Help Italian
"{AD53E305-0F31-426E-85D1-35C63D913639}" = SMART English (United Kingdom) Language Pack
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFE024C7-7CA7-4C8E-90EE-D877C7CD96A3}" = SMART Notebook
"{B4F17D6A-12A3-5403-6050-32A5B4A31F31}" = Catalyst Control Center InstallProxy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C55C2A19-BAD2-287A-1D7A-9D5FF5FD526E}" = AMD VISION Engine Control Center
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46914D5-CA39-1A40-3CEC-9368E9C28568}" = CCC Help Greek
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA477E5-F916-973D-E1AB-3CDC735FDB58}" = CCC Help Norwegian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3189F44-F7BD-4F96-B756-A0AEFAF61D3A}" = SMART Product Drivers
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA0E4DD2-7CD7-9583-0BE6-AFF3DF09E3E4}" = CCC Help Thai
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED2455F7-6AA6-4D3C-85E9-A72297DD7051}" = SMART Common Files
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0A76517-2D1D-8DE3-F3B7-121B6A1990E8}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F35C5FE9-57EC-9936-5738-D7EB3EA73B28}" = CCC Help Spanish
"{F4708461-A1E0-0657-1FC6-FACFEEA55CBE}" = CCC Help Russian
"{F4EB5AE1-0065-0752-FF11-1E45ABCD443A}" = CCC Help Danish
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
"{FC2150C5-A1AF-6238-9632-E5BB8739C0BC}" = CCC Help German
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG PC TuneUp" = AVG PC TuneUp
"EasyBits Magic Desktop" = Magic Desktop
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0b38cfc6-f060-4e05-89c8-ab2dc626a91c" = Dora's World Adventure
"WTA-118a4a84-2f31-4531-a0fc-c5abf4e85847" = Farmscapes
"WTA-2118b018-d90d-47e7-a442-b24b97e8a5e8" = Mah Jong Medley
"WTA-2c25743c-b586-4948-8826-df3fd3a9ce18" = Poker Superstars III
"WTA-340492ad-bc0a-4087-89ba-0a42389e3e4e" = John Deere Drive Green
"WTA-3cfe9798-bfa3-4186-80b5-f7dde7cabf3a" = Jewel Match 3
"WTA-4d782534-2cd4-41e2-81d7-4ee863ce2edd" = Zuma's Revenge
"WTA-596ae0b8-61c2-41d2-984e-98812a61ce5a" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-5e296bbd-69f9-4ce4-b7dd-e7a03deffa38" = Luxor HD
"WTA-5f86a101-da5d-4060-93a5-5173b00998de" = Hoyle Card Games
"WTA-60ba3e23-334e-44f8-817e-030913308c79" = Chuzzle Deluxe
"WTA-68c1fd60-fda6-4016-aa7c-6f89db69d4c1" = Blackhawk Striker 2
"WTA-70de5fec-0f85-4420-8c29-1fdd78336c38" = Farm Frenzy
"WTA-7f04eecd-7101-4271-bd0c-6e4019a4a280" = Plants vs. Zombies - Game of the Year
"WTA-800adf93-a219-4222-8df8-cc5cd779d653" = RollerCoaster Tycoon 3: Platinum
"WTA-8213ede3-05c3-4fd7-be43-ed8ae04c4376" = The Treasures of Mystery Island: The Ghost Ship
"WTA-8b690642-253b-44ff-a661-48f23559bdf9" = Letters from Nowhere 2
"WTA-aff9a773-4330-48da-b653-9c30877159df" = Virtual Villagers 4 - The Tree of Life
"WTA-bb74e9ec-7625-4c1e-941d-389328e5155c" = Bejeweled 3
"WTA-c79ecfbe-5004-402b-b587-953023e4f268" = Torchlight
"WTA-c7d03945-516a-4918-8ea5-3fdf1e139e1d" = Final Drive Fury
"WTA-d05dd978-ea64-49ba-8d19-fcb8407abf7e" = Polar Golfer
"WTA-d8b7bd46-ea81-4ce2-8922-5e95f1ba48c7" = FATE
"WTA-e5f72d2a-30f7-48ab-9a76-2fb66132197a" = Polar Bowler
"WTA-e85fc3cb-ae53-4856-99ac-cbc7dfa6a446" = Cradle of Rome 2
"WTA-ef92efed-af66-4314-9555-92b85df92700" = Penguins!
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Hewlett-Packard Events ]
Error - 30/08/2012 05:58:14 | Computer Name = Dermot-HP_Lap | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/ad989142_381c_4997_8326_3df449982a12/q+10m6snd0netmpqttym6q9n_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 7657 Ram Utilization: 20 TargetSite: Void UpdateDetail(System.String)

Error - 21/09/2012 15:16:31 | Computer Name = Dermot-HP_Lap | Source = HPSF.exe | ID = 4000
Description =

[ HP Software Framework Events ]
Error - 23/08/2012 13:25:30 | Computer Name = Dermot-HP_Lap | Source = CaslWmi | ID = 5
Description = 2012/08/23 18:25:30.954|0000067C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23/08/2012 13:25:31 | Computer Name = Dermot-HP_Lap | Source = CaslSmBios | ID = 5
Description = 2012/08/23 18:25:31.485|0000067C|Error |[CaslWmi]CommandDiags::A{hpCasl.enReturnCode(System.DateTime&)}|Error
attempting to parse year 0, month 0, day 0: Year, Month, and Day parameters describe
an un-representable DateTime.

Error - 23/08/2012 13:25:43 | Computer Name = Dermot-HP_Lap | Source = CaslWmi | ID = 5
Description = 2012/08/23 18:25:43.585|00000F10|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 23/08/2012 13:42:32 | Computer Name = Dermot-HP_Lap | Source = CaslWmi | ID = 5
Description = 2012/08/23 18:42:32.704|000013E8|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 30/08/2012 05:58:18 | Computer Name = Dermot-HP_Lap | Source = CaslWmi | ID = 5
Description = 2012/08/30 10:58:18.843|00000B40|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 30/08/2012 05:58:21 | Computer Name = Dermot-HP_Lap | Source = CaslWmi | ID = 5
Description = 2012/08/30 10:58:21.752|000006D0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

Error - 31/08/2012 15:38:43 | Computer Name = Dermot-HP_Lap | Source = CaslWmi | ID = 5
Description = 2012/08/31 20:38:43.830|00001D9C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state


< End of report >
dermot
Active Member
 
Posts: 14
Joined: June 7th, 2013, 12:01 pm

Re: browser hijacked with tab "searchnu.com/406"

Unread postby Cypher » June 9th, 2013, 11:20 am

Hi dermot,
Thank you Cypher.

You're most welcome.
C:\Users\Dermot\AppData\Local\Temp\PROPSYS.dll is either not designed to run on Windows or it contains an error

Well will deal with this issue later.
On a plus note, the symptoms of the infection have disappeared so I'm hoping it's sorted

The symptoms of the infection may be gone but stay with me, there will be remnants that we need to deal with.
I would like to reinstall Chrome as my browser but will hold back until you've confirmed my laptop is now clean.

Yes, please wait until i give you the all clean.



  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • Or click the select all button next to the codebox to select the entire script
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    
        

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: browser hijacked with tab "searchnu.com/406"

Unread postby dermot » June 9th, 2013, 11:40 am

Hi Cypher
I just followed your instructions but don't think it recognised the code. Here is the log:

Error: Unable to interpret <:filefind> in the current context!
Error: Unable to interpret <*Fun4IM*> in the current context!
Error: Unable to interpret <*Bandoo*> in the current context!
Error: Unable to interpret <*Searchnu*> in the current context!
Error: Unable to interpret <*Searchqu*> in the current context!
Error: Unable to interpret <*iLivid*> in the current context!
Error: Unable to interpret <*whitesmoke*> in the current context!
Error: Unable to interpret <*datamngr*> in the current context!
Error: Unable to interpret <*trolltech*> in the current context!
Error: Unable to interpret <*babylon*> in the current context!
Error: Unable to interpret <:folderfind> in the current context!
Error: Unable to interpret <*Fun4IM*> in the current context!
Error: Unable to interpret <*Bandoo*> in the current context!
Error: Unable to interpret <*Searchnu*> in the current context!
Error: Unable to interpret <*Searchqu*> in the current context!
Error: Unable to interpret <*iLivid*> in the current context!
Error: Unable to interpret <*whitesmoke*> in the current context!
Error: Unable to interpret <*datamngr*> in the current context!
Error: Unable to interpret <*trolltech*> in the current context!
Error: Unable to interpret <*babylon*> in the current context!
Error: Unable to interpret <:Regfind> in the current context!
Error: Unable to interpret <Fun4IM> in the current context!
Error: Unable to interpret <Bandoo> in the current context!
Error: Unable to interpret <Searchnu> in the current context!
Error: Unable to interpret <Searchqu> in the current context!
Error: Unable to interpret <iLivid> in the current context!
Error: Unable to interpret <whitesmoke> in the current context!
Error: Unable to interpret <datamngr> in the current context!
Error: Unable to interpret <kelkoopartners> in the current context!
Error: Unable to interpret <trolltech> in the current context!
Error: Unable to interpret <babylon> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 06092013_163819
dermot
Active Member
 
Posts: 14
Joined: June 7th, 2013, 12:01 pm

Re: browser hijacked with tab "searchnu.com/406"

Unread postby Cypher » June 9th, 2013, 11:57 am

Hi dermot,
I just followed your instructions but don't think it recognised the code. Here is the log:

Yes you're correct, there has been some sort of error.
Please try again, be careful to Copy and Paste the contents of this Quote box into the main textfield.
:filefind
*Fun4IM*
*Bandoo*
*Searchnu*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*
*babylon*
*conduit*

:folderfind
*Fun4IM*
*Bandoo*
*Searchnu*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*
*babylon*
*conduit*

:Regfind
Fun4IM
Bandoo
Searchnu
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech
babylon
conduit
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: browser hijacked with tab "searchnu.com/406"

Unread postby dermot » June 9th, 2013, 12:24 pm

Unfortunately, the same result - carefully copied and pasted your code. Tried it twice - here is the log again!

Error: Unable to interpret <:filefind> in the current context!
Error: Unable to interpret <*Fun4IM*> in the current context!
Error: Unable to interpret <*Bandoo*> in the current context!
Error: Unable to interpret <*Searchnu*> in the current context!
Error: Unable to interpret <*Searchqu*> in the current context!
Error: Unable to interpret <*iLivid*> in the current context!
Error: Unable to interpret <*whitesmoke*> in the current context!
Error: Unable to interpret <*datamngr*> in the current context!
Error: Unable to interpret <*trolltech*> in the current context!
Error: Unable to interpret <*babylon*> in the current context!
Error: Unable to interpret <*conduit*> in the current context!
Error: Unable to interpret <:folderfind> in the current context!
Error: Unable to interpret <*Fun4IM*> in the current context!
Error: Unable to interpret <*Bandoo*> in the current context!
Error: Unable to interpret <*Searchnu*> in the current context!
Error: Unable to interpret <*Searchqu*> in the current context!
Error: Unable to interpret <*iLivid*> in the current context!
Error: Unable to interpret <*whitesmoke*> in the current context!
Error: Unable to interpret <*datamngr*> in the current context!
Error: Unable to interpret <*trolltech*> in the current context!
Error: Unable to interpret <*babylon*> in the current context!
Error: Unable to interpret <*conduit*> in the current context!
Error: Unable to interpret <:Regfind> in the current context!
Error: Unable to interpret <Fun4IM> in the current context!
Error: Unable to interpret <Bandoo> in the current context!
Error: Unable to interpret <Searchnu> in the current context!
Error: Unable to interpret <Searchqu> in the current context!
Error: Unable to interpret <iLivid> in the current context!
Error: Unable to interpret <whitesmoke> in the current context!
Error: Unable to interpret <datamngr> in the current context!
Error: Unable to interpret <kelkoopartners> in the current context!
Error: Unable to interpret <trolltech> in the current context!
Error: Unable to interpret <babylon> in the current context!
Error: Unable to interpret <conduit> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 06092013_172142
dermot
Active Member
 
Posts: 14
Joined: June 7th, 2013, 12:01 pm

Re: browser hijacked with tab "searchnu.com/406"

Unread postby Cypher » June 9th, 2013, 12:53 pm

Hi dermot,
Sorry my mistake, i got my instructions mixed up :oops:
please try again using the instructions below.

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: browser hijacked with tab "searchnu.com/406"

Unread postby dermot » June 9th, 2013, 1:16 pm

No worries Cypher, I'm very grateful of your help.
Looks like you were right about the 'remnants still to deal with'! Here is the requested log:

SystemLook 04.09.10 by jpshortstuff
Log created at 18:02 on 09/06/2013 by Dermot
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage --a---- 430080 bytes [20:04 03/06/2013] [21:20 04/06/2013] AC3FA72C8F9FC9A023F9FA4841E062FB
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal --a---- 16384 bytes [20:04 03/06/2013] [21:20 04/06/2013] DA87CAD89E8F7ED4149026DF6B674CDB
C:\Documents and Settings\Dermot\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z3JL9XRW\www.searchnu[1].xml --a---- 166554 bytes [20:59 04/06/2013] [19:41 08/06/2013] 7650CD0D725DD76E7DF844E1BEB8CC9F
C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage --a---- 430080 bytes [20:04 03/06/2013] [21:20 04/06/2013] AC3FA72C8F9FC9A023F9FA4841E062FB
C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal --a---- 16384 bytes [20:04 03/06/2013] [21:20 04/06/2013] DA87CAD89E8F7ED4149026DF6B674CDB
C:\Users\Dermot\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z3JL9XRW\www.searchnu[1].xml --a---- 166554 bytes [20:59 04/06/2013] [19:41 08/06/2013] 7650CD0D725DD76E7DF844E1BEB8CC9F

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage --a---- 3072 bytes [17:14 02/06/2013] [17:14 02/06/2013] AD90888B79249A7E37F5ADB7FA5EAABF
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal --a---- 3608 bytes [17:14 02/06/2013] [17:14 02/06/2013] DE130C903FB7D90C249A7825B74C95C4
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage --a---- 3072 bytes [17:16 02/06/2013] [17:16 02/06/2013] 46D0D4AA149BE7E4EF026DCD14C4FA25
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage-journal --a---- 3608 bytes [17:16 02/06/2013] [17:16 02/06/2013] 8ADED5133C5201397F43606367A0276D
C:\Documents and Settings\Dermot\AppData\Local\Temp\qtsingleapp-iLivid-42b6-1-lockfile --a---- 0 bytes [17:16 02/06/2013] [17:16 02/06/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\Dermot\Downloads\iLividSetup-r284-n-bc.exe --a---- 1488280 bytes [17:13 02/06/2013] [17:13 02/06/2013] 468BBE0DC83496CAD49597A47341C786
C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage --a---- 3072 bytes [17:14 02/06/2013] [17:14 02/06/2013] AD90888B79249A7E37F5ADB7FA5EAABF
C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal --a---- 3608 bytes [17:14 02/06/2013] [17:14 02/06/2013] DE130C903FB7D90C249A7825B74C95C4
C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage --a---- 3072 bytes [17:16 02/06/2013] [17:16 02/06/2013] 46D0D4AA149BE7E4EF026DCD14C4FA25
C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage-journal --a---- 3608 bytes [17:16 02/06/2013] [17:16 02/06/2013] 8ADED5133C5201397F43606367A0276D
C:\Users\Dermot\AppData\Local\Temp\qtsingleapp-iLivid-42b6-1-lockfile --a---- 0 bytes [17:16 02/06/2013] [17:16 02/06/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Dermot\Downloads\iLividSetup-r284-n-bc.exe --a---- 1488280 bytes [17:13 02/06/2013] [17:13 02/06/2013] 468BBE0DC83496CAD49597A47341C786

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Documents and Settings\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQ1FELSZ\babylon[1].css --a---- 3055 bytes [05:34 16/05/2013] [05:34 16/05/2013] E297E191420B5519B04F74BD72EE36AC
C:\Documents and Settings\Dermot\AppData\Local\Temp\MybabylonTB.exe --a---- 11 bytes [19:28 02/06/2013] [19:28 02/06/2013] (Unable to calculate MD5)
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQ1FELSZ\babylon[1].css --a---- 3055 bytes [05:34 16/05/2013] [05:34 16/05/2013] E297E191420B5519B04F74BD72EE36AC
C:\Users\Dermot\AppData\Local\Temp\MybabylonTB.exe --a---- 11 bytes [19:28 02/06/2013] [19:28 02/06/2013] (Unable to calculate MD5)

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Program Files (x86)\Search Results Toolbar\Datamngr d------ [17:14 02/06/2013]

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com]
[HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com]

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dermot\AppData\Local\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dermot\AppData\Local\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r284-n-bc.exe]
[HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dermot\AppData\Local\iLivid]
[HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dermot\AppData\Local\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls]
"x86"="C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls]
"x64"="C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls]
"x86"="C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls]
"x64"="C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls]
"x86"="C:\Program Files (x86)\Search Results Toolbar\Datamngr\apcrtldr.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls]
"x64"="C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\apcrtldr.dll"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QBearerEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QBearerEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

-= EOF =-
dermot
Active Member
 
Posts: 14
Joined: June 7th, 2013, 12:01 pm

Re: browser hijacked with tab "searchnu.com/406"

Unread postby Cypher » June 9th, 2013, 3:01 pm

Hi dermot,
Good work that's what i needed :)

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • Or click the select all button next to the codebox to select the entire script
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE - HKCU\..\SearchScopes,DefaultScope = {D944BB61-2E34-4DBF-A683-47E505C587DC}
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com]
    [-HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dermot\AppData\Local\iLivid]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dermot\AppData\Local\iLivid]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r284-n-bc.exe]
    [-HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dermot\AppData\Local\iLivid]
    [-HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dermot\AppData\Local\iLivid]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls]
    "x86"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls]
    "x64"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls]
    "x86"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls]
    "x64"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls]
    "x86"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls]
    "x64"=-
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QBearerEngineFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech]
    [-HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QBearerEngineFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
    [-HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
    
    :files
    C:\Program Files (x86)\Search Results Toolbar
    C:\ProgramData\Browser Manager
    C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage
    C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal 
    C:\Documents and Settings\Dermot\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z3JL9XRW\www.searchnu[1].xml
    C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage
    C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal
    C:\Users\Dermot\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z3JL9XRW\www.searchnu[1].xml
    C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage
    C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal 
    C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage
    C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage-journ
    C:\Documents and Settings\Dermot\AppData\Local\Temp\qtsingleapp-iLivid-42b6-1-lockfile
    C:\Documents and Settings\Dermot\Downloads\iLividSetup-r284-n-bc.exe
    C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage 
    C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal
    C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage 
    C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage-journal 
    C:\Users\Dermot\AppData\Local\Temp\qtsingleapp-iLivid-42b6-1-lockfile 
    C:\Users\Dermot\Downloads\iLividSetup-r284-n-bc.exe
    C:\Documents and Settings\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQ1FELSZ\babylon[1].css
    C:\Documents and Settings\Dermot\AppData\Local\Temp\MybabylonTB.exe
    C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQ1FELSZ\babylon[1].css
    C:\Users\Dermot\AppData\Local\Temp\MybabylonTB.exe 
    
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please run SystemLook again.

  • Right-click SystemLook.exe and select " Run as administrator " to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • SystemLook log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: browser hijacked with tab "searchnu.com/406"

Unread postby dermot » June 9th, 2013, 3:31 pm

Hi Cypher, here are the logs requested:

OTL Fix log:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dermot\AppData\Local\iLivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dermot\AppData\Local\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetup-r284-n-bc.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Users\Dermot\AppData\Local\iLivid\ not found.
Registry key HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Users\Dermot\AppData\Local\iLivid\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls\\x86 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls\\x64 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls\\x86 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls\\x64 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x86 not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\x64 not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QBearerEngineFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QBearerEngineFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:\ not found.
Registry key HKEY_USERS\S-1-5-21-2113397619-2856157810-947063236-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
========== FILES ==========
C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Search Results Toolbar folder moved successfully.
Folder move failed. C:\ProgramData\Browser Manager scheduled to be moved on reboot.
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage moved successfully.
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal moved successfully.
C:\Documents and Settings\Dermot\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z3JL9XRW\www.searchnu[1].xml moved successfully.
File\Folder C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage not found.
File\Folder C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal not found.
File\Folder C:\Users\Dermot\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z3JL9XRW\www.searchnu[1].xml not found.
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage moved successfully.
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal moved successfully.
C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage moved successfully.
File\Folder C:\Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage-journ not found.
C:\Documents and Settings\Dermot\AppData\Local\Temp\qtsingleapp-iLivid-42b6-1-lockfile moved successfully.
C:\Documents and Settings\Dermot\Downloads\iLividSetup-r284-n-bc.exe moved successfully.
File\Folder C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage not found.
File\Folder C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal not found.
File\Folder C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage not found.
C:\Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage-journal moved successfully.
File\Folder C:\Users\Dermot\AppData\Local\Temp\qtsingleapp-iLivid-42b6-1-lockfile not found.
File\Folder C:\Users\Dermot\Downloads\iLividSetup-r284-n-bc.exe not found.
C:\Documents and Settings\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQ1FELSZ\babylon[1].css moved successfully.
File move failed. C:\Documents and Settings\Dermot\AppData\Local\Temp\MybabylonTB.exe scheduled to be moved on reboot.
File\Folder C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQ1FELSZ\babylon[1].css not found.
C:\Users\Dermot\AppData\Local\Temp\MybabylonTB.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dermot\Desktop\cmd.bat deleted successfully.
C:\Users\Dermot\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dermot
->Temp folder emptied: 9271011 bytes
->Temporary Internet Files folder emptied: 682974128 bytes
->Google Chrome cache emptied: 443518590 bytes
->Flash cache emptied: 13997 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1257178 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42287446 bytes
RecycleBin emptied: 1011174 bytes

Total Files Cleaned = 1,126.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06092013_200437

Files\Folders moved on Reboot...
C:\ProgramData\Browser Manager folder moved successfully.
File\Folder C:\Documents and Settings\Dermot\AppData\Local\Temp\MybabylonTB.exe not found!
C:\Users\Dermot\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dermot\AppData\Local\Temp\HPVE763.tmp.vdf moved successfully.
C:\Users\Dermot\AppData\Local\Temp\HPVE764.tmp.vdf moved successfully.
C:\Users\Dermot\AppData\Local\Temp\HPVE7F1.tmp.vdf moved successfully.
C:\Users\Dermot\AppData\Local\Temp\HPVE9EB.tmp.vdf moved successfully.
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DF073B1A4685F3027B.TMP not found!
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DF3282F7C91C8419C4.TMP not found!
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DF36794319394FC19C.TMP not found!
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DF523D8A0CAAE295AD.TMP not found!
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DF5AF603A2C9415777.TMP not found!
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DFBF132312C4503689.TMP not found!
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DFCA02E1E19513FE4C.TMP not found!
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DFD0ECA90794C50D3E.TMP not found!
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DFEF0E2014ACCE824F.TMP not found!
File\Folder C:\Users\Dermot\AppData\Local\Temp\~DFFBA79BE3E9073301.TMP not found!
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YICSNIJM\ai[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YICSNIJM\ai[2].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YICSNIJM\viewtopic[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YICSNIJM\xd_arbiter[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X3NO6QJ5\Passport[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X3NO6QJ5\sck[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQ1FELSZ\ai[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JTGIXAHD\like[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JB7NR3XQ\hp-notebook_us_msn_com[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JB7NR3XQ\hub[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JB7NR3XQ\hub[2].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IBRVQ4P4\ai[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FUWTOZB2\ai[3].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D9OK9SV4\aiCA121PEL.htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D9OK9SV4\aiCAVQBL3G.htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D9OK9SV4\ai[2].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D9OK9SV4\DroidSans[1].woff moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CD9K4A7A\facebook_com[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CD9K4A7A\follow_button.1370380126[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CD9K4A7A\sck[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CD9K4A7A\script[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CD9K4A7A\xd_arbiter[1].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\09XL9J6R\ai[4].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\09XL9J6R\ai[6].htm moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


SYSTEMLOOK LOG:

SystemLook 04.09.10 by jpshortstuff
Log created at 20:16 on 09/06/2013 by Dermot
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
C:\_OTL\MovedFiles\06092013_200437\C_Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage --a---- 430080 bytes [20:04 03/06/2013] [21:20 04/06/2013] AC3FA72C8F9FC9A023F9FA4841E062FB
C:\_OTL\MovedFiles\06092013_200437\C_Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal --a---- 16384 bytes [20:04 03/06/2013] [21:20 04/06/2013] DA87CAD89E8F7ED4149026DF6B674CDB
C:\_OTL\MovedFiles\06092013_200437\C_Documents and Settings\Dermot\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z3JL9XRW\www.searchnu[1].xml --a---- 166554 bytes [20:59 04/06/2013] [19:41 08/06/2013] 7650CD0D725DD76E7DF844E1BEB8CC9F

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\_OTL\MovedFiles\06092013_200437\C_Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage --a---- 3072 bytes [17:14 02/06/2013] [17:14 02/06/2013] AD90888B79249A7E37F5ADB7FA5EAABF
C:\_OTL\MovedFiles\06092013_200437\C_Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal --a---- 3608 bytes [17:14 02/06/2013] [17:14 02/06/2013] DE130C903FB7D90C249A7825B74C95C4
C:\_OTL\MovedFiles\06092013_200437\C_Documents and Settings\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage --a---- 3072 bytes [17:16 02/06/2013] [17:16 02/06/2013] 46D0D4AA149BE7E4EF026DCD14C4FA25
C:\_OTL\MovedFiles\06092013_200437\C_Documents and Settings\Dermot\AppData\Local\Temp\qtsingleapp-iLivid-42b6-1-lockfile --a---- 0 bytes [17:16 02/06/2013] [17:16 02/06/2013] D41D8CD98F00B204E9800998ECF8427E
C:\_OTL\MovedFiles\06092013_200437\C_Documents and Settings\Dermot\Downloads\iLividSetup-r284-n-bc.exe --a---- 1488280 bytes [17:13 02/06/2013] [17:13 02/06/2013] 468BBE0DC83496CAD49597A47341C786
C:\_OTL\MovedFiles\06092013_200437\C_Users\Dermot\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ilivid.com_0.localstorage-journal --a---- 3608 bytes [17:16 02/06/2013] [17:16 02/06/2013] 8ADED5133C5201397F43606367A0276D

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\_OTL\MovedFiles\06092013_200437\C_Documents and Settings\Dermot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MQ1FELSZ\babylon[1].css --a---- 3055 bytes [05:34 16/05/2013] [05:34 16/05/2013] E297E191420B5519B04F74BD72EE36AC
C:\_OTL\MovedFiles\06092013_200437\C_Users\Dermot\AppData\Local\Temp\MybabylonTB.exe --a---- 11 bytes [19:28 02/06/2013] [19:28 02/06/2013] D2B48C62D4E77881DF37119BBADB8A0F

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\06092013_200437\C_Program Files (x86)\Search Results Toolbar\Datamngr d------ [17:14 02/06/2013]

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

-= EOF =-
dermot
Active Member
 
Posts: 14
Joined: June 7th, 2013, 12:01 pm

Re: browser hijacked with tab "searchnu.com/406"

Unread postby Cypher » June 10th, 2013, 4:53 am

Hi dermot,
Your logs look much better now, but i would like you to run one more scan for me please.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: browser hijacked with tab "searchnu.com/406"

Unread postby dermot » June 10th, 2013, 3:44 pm

Hi Cypher, not sure how long the scan should take but I stopped it when it seemed to stall at 7 % despite running for 25 mins. I did not touch mouse pad or keyboard.(typing this from a mobile device) . I have just restarted the scan and again it seems painfully slow. Is this normal? I will just let it run and see what happens! One thing that may be the issue was that at the start (1st time) it did detect the AVG antivirus even though it is currently disabled.
dermot
Active Member
 
Posts: 14
Joined: June 7th, 2013, 12:01 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 287 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware