Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

windows can't check for updates

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

windows can't check for updates

Unread postby llanedeyrnjack » December 22nd, 2013, 11:48 am

Hi, this is my niece's pc & she asked me to help her with it. after switch on i noticed the homepage was set to safesearch.net. I removed this via control panel but it seemed like it was still there.

i then googled it & used adwcleaner to remove it.

the last check for windows update was 13th sept 2012 & when i tried to update i got the above message. i tried the windows update troubleshooter which completed but did not fix the problem.

when i run windows update i eventually get an error 8000FFFF message.



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16448
Run by Robyn at 15:18:04 on 2013-12-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3000.1771 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=i ... 8F4A9444F4
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.safesearch.net/?utm_medium=i ... 8F4A9444F4
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: FCToolbarURLSearchHook Class: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - c:\program files\nectar search toolbar\Helper.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Nectar Search Toolbar BHO: {B7C2F0D8-2209-4693-A15D-5A537211D48B} - c:\program files\nectar search toolbar\Toolbar.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - c:\program files\nectar search toolbar\Toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - c:\program files\nectar search toolbar\Toolbar.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [VideoWebCamera] "c:\program files\videowebcamera\VideoWebCamera.exe" -a
mRun: [PLFSetI] c:\program files\PLFSetI.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\packard bell mybackup\BackupManagerTray.exe" -k
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [Acer ePower Management] c:\program files\packard bell\packard bell powersave solution\ePowerTrayLauncher.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RegWork] c:\program files\regwork\RegWork.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... AA4ADYARwA"&"inst=NwA3AC0ANAAxADQANQAxADAAMwAyADkALQBGAFAAOQAyACsANgAtAEIAQQBSADkARwArADEALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQAxADAAQQArADEALQBYAE8AOQArADEALQBGADkATQAyACsAMQAtAEQARABUACsAMgA4ADYANgAxAC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEALQBGADkAMABNADEAMgBEAFQAKwAxAC0AVABCAE4AKwAxAC0ATAA5ADAATQBJACsAMQAtAEYAOQAwAE0AMQAyAEkATgArADEALQBGADkAMABNADEAMgBUAEMAKwAxAC0ARgA5ADAATQAxADIAVABBACsAMQAtAEYAOQAwAE0AMQAyAFIAKwAxAC0AVgBJAFAAMQAyACsAMQA"&"prod=90"&"ver=9.0.894
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://bq.kp.2020.net/planner/Core/Play ... _Win32.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{A78465FB-FD0C-4F33-A52F-FADC92B59617} : DHCPNameServer = 194.168.4.100 194.168.8.100
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= AVGRSSTX.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\robyn\appdata\roaming\mozilla\firefox\profiles\iqjp8ite.default\
FF - prefs.js: browser.startup.homepage - http://www.google.co.uk
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-20 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-20 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-1-18 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-1-18 410528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-10 120088]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-1-18 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-1-18 50344]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 ePowerSvc;Acer ePower Service;c:\program files\packard bell\packard bell powersave solution\ePowerSvc.exe [2009-7-6 703008]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\packard bell mybackup\IScheduleSvc.exe [2009-3-9 44800]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-6 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca51c12d8e3990;Google Update Service (gupdate1ca51c12d8e3990);c:\program files\google\update\GoogleUpdate.exe [2009-10-20 133104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-12-22 11:02:13 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-12-22 11:01:55 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9952e1db-d0cb-4c04-9c2e-bc27b1ffe202}\mpengine.dll
2013-12-22 11:01:50 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-12-22 09:50:36 -------- d-----w- c:\windows\pss
2013-12-22 08:14:32 -------- d-----w- c:\users\robyn\appdata\roaming\SUPERAntiSpyware.com
2013-12-22 08:14:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-12-22 08:14:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-12-22 07:54:45 -------- d-----w- c:\users\robyn\appdata\roaming\Malwarebytes
2013-12-22 07:54:07 -------- d-----w- c:\programdata\Malwarebytes
2013-12-22 07:54:03 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-22 07:54:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-22 07:15:46 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2013-12-21 22:59:43 -------- d-----w- c:\users\robyn\appdata\roaming\AVAST Software
2013-12-21 22:36:28 -------- d-----w- c:\programdata\AVAST Software
.
==================== Find3M ====================
.
2013-12-21 22:37:53 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-21 22:37:53 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-21 22:37:53 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-21 22:37:53 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-21 22:37:52 43152 ----a-w- c:\windows\avastSS.scr
.
============= FINISH: 15:18:49.16 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 06/07/2009 04:32:49
System Uptime: 22/12/2013 14:47:47 (1 hours ago)
.
Motherboard: Packard Bell | | SJV50MV
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | U2E1 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 145.564 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Backup Manager Basic
Bing Bar
Bonjour
Broadcom Gigabit NetLink Controller
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink PowerDVD 8
DivX Setup
Epson Easy Photo Print 2
EPSON Scan
EPSON Stylus SX100_TX100 Manual
EPSON SX100 Series Printer Uninstall
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Identity Card
Infocenter
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
MetaBoli
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2010 - English
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 26.0 (x86 en-US)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nectar Search Toolbar
neroxml
OGA Notifier 2.0.0048.0
Packard Bell Customer Registration
Packard Bell MyBackup
Packard Bell PowerSave Solution
Packard Bell Recovery Management
PackardBell ScreenSaver
PC Connectivity Solution
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
SetUpMyPC
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Updator
VC80CRTRedist - 8.0.50727.6195
Video Web Camera
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== End Of File ===========================



thanks for looking


colin
User avatar
llanedeyrnjack
Regular Member
 
Posts: 17
Joined: September 3rd, 2009, 5:00 pm
Location: cardiff, wales
Advertisement
Register to Remove

Re: windows can't check for updates

Unread postby nunped » December 23rd, 2013, 6:57 am

Hello llanedeyrnjack, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: windows can't check for updates

Unread postby nunped » December 23rd, 2013, 8:09 am

Hi llanedeyrnjack,

Please run the following scans:
Step 1 - Junkware Removal Tool Image
  • Please download jrt.exe by thisisu and save it to your desktop. Alternate download here.
  • Please temporarily disable your security/protection software as found here, to avoid potential conflicts.
  • Right-click jrt.exe and select "Run as Administrator"
    The tool will open and start scanning your system. Please be patient, it can take a while depending on your system.
    On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  • Please copy and paste the contents of JRT.txt and post in your next reply.

Step 2 - SystemLook
Please download SystemLook from the link below and save it to your Desktop.

For 32 bit Systems

  • Right-click SystemLook.exe and select "Run as Administrator" to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).

    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *safesearch*
    *nectar*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *safesearch*
    *nectar*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    safesearch
    nectar
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 3 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: windows can't check for updates

Unread postby llanedeyrnjack » December 23rd, 2013, 5:13 pm

Hi nunped & thanks for reviewing my logs & also helping me.

A quick update before i post the logs you requested.

When i turned pc on tonight the windows update ran & offered me 51 updates available to download. I have not done that yet as i wanted to hear what you have to say about it. Should i go ahead & download them now or wait until i am hopefully clean? Anyway, onto the logs you wanted.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Robyn on 23/12/2013 at 20:16:35.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\regwork
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\freecauseurlsearchhook.fctoolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ae46c09-2ab8-4ee5-88fb-08cd0ff7f2df}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.FCTB000061465Pos
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.FCTB000061465Pos.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\FCTB000061465.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.FCTB000061465Pos
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.FCTB000061465Pos.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.JSOptionsImpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\FCTB000061465.JSOptionsImpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\regwork.job
Successfully deleted: [File] C:\Windows\system32\sho7C52.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Users\Robyn\AppData\LocalLow\FCTB000061465
Successfully deleted: [Folder] "C:\ProgramData\regwork"
Successfully deleted: [Folder] "C:\Users\Robyn\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\Robyn\appdata\locallow\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2013 at 20:21:19.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



SystemLook 04.09.10 by jpshortstuff
Log created at 20:28 on 23/12/2013 by Robyn
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Users\Robyn\AppData\Local\Temp\jrt\datamngr_del.reg --a---- 386 bytes [20:15 23/12/2013] [03:41 22/08/2013] 95F42A3D43416D3BB978F174C83F494C

Searching for "*trolltech*"
No files found.

Searching for "*safesearch*"
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\325A5VG0\safesearch_net[2].htm --a---- 7807 bytes [09:17 29/05/2013] [09:18 29/05/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch[1].net --a---- 0 bytes [14:56 22/09/2013] [14:56 22/09/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[1].htm --a---- 7807 bytes [14:51 15/08/2013] [14:52 15/08/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[2].htm --a---- 0 bytes [13:02 22/09/2013] [13:02 22/09/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[3].htm --a---- 0 bytes [14:56 22/09/2013] [14:56 22/09/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[4].htm --a---- 8086 bytes [14:56 06/10/2013] [14:56 06/10/2013] 46BC2721F48B65160AF2159AB1B7C3D7
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[5].htm --a---- 0 bytes [15:35 06/10/2013] [15:35 06/10/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[6].htm --a---- 0 bytes [15:35 06/10/2013] [15:35 06/10/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6D3GVLSV\safesearch_net[7].htm --a---- 0 bytes [23:53 21/12/2013] [23:53 21/12/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZK1FO7J\safesearch-net-removal[1].htm --a---- 40178 bytes [08:30 22/12/2013] [08:30 22/12/2013] C42CE351B2E587D1E2B0B21DF5A0889F
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6ZK1FO7J\safesearch_net[1].htm --a---- 0 bytes [12:12 08/09/2013] [12:12 08/09/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\745JQNGM\safesearch_net[2].htm --a---- 7807 bytes [14:03 30/07/2013] [14:03 30/07/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HOBS0A4\safesearch_net[1].htm --a---- 7807 bytes [15:29 16/07/2013] [15:29 16/07/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7HOBS0A4\safesearch_net[2].htm --a---- 7807 bytes [18:48 24/07/2013] [18:52 24/07/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7Y8W9BSH\safesearch_net[1].htm --a---- 7807 bytes [07:23 13/06/2013] [07:24 13/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7Y8W9BSH\safesearch_net[2].htm --a---- 0 bytes [12:51 13/06/2013] [12:51 13/06/2013] D41D8CD98F00B204E9800998ECF8427E
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DI7069CD\safesearch_net[1].htm --a---- 7807 bytes [18:28 10/06/2013] [18:30 10/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[1].htm --a---- 7807 bytes [11:10 30/05/2013] [11:11 30/05/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[2].htm --a---- 7807 bytes [18:33 18/06/2013] [18:35 18/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[4].htm --a---- 7807 bytes [18:39 18/06/2013] [18:40 18/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[5].htm --a---- 7807 bytes [18:39 18/06/2013] [18:40 18/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FAPZC85E\safesearch_net[6].htm --a---- 7807 bytes [18:39 18/06/2013] [18:40 18/06/2013] 38C682CAA6EDD987839A50BA126824EB
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P4SSF3GQ\safesearch_net[1].htm --a---- 7807 bytes [09:39 07/09/2013] [09:39 07/09/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\P4SSF3GQ\safesearch_net[2].htm --a---- 7807 bytes [09:49 07/09/2013] [09:50 07/09/2013] BA3FFBD84A9D435BBF842AE85C1B7A7B
C:\Users\Robyn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6N1J6845\safesearch[1].net --a---- 66 bytes [11:23 09/03/2013] [11:26 09/03/2013] ECA8CC1975EF30102D912E19374F5B78
C:\Users\Robyn\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\6N1J6845\safesearch_net[1].htm --a---- 7206 bytes [11:21 09/03/2013] [11:26 09/03/2013] C5ECFE080DAAB9D958E3AA079245585E

Searching for "*nectar*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*safesearch*"
No folders found.

Searching for "*nectar*"
C:\Program Files\Nectar Search Toolbar d------ [19:58 21/05/2013]
C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nectar Search Toolbar d------ [19:58 21/05/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QStyleFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QStyleFactoryInterface:]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.4\com.trolltech.Qt.QTextCodecFactoryInterface:]

Searching for "safesearch"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\SafeSearch]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\SafeSearch\domains]
"www.safesearch.net"="safesearch.net|green|Safe"
[HKEY_CURRENT_USER\Software\AVSoftware\SafeSearch]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="safesearch.net"
[HKEY_LOCAL_MACHINE\SOFTWARE\AVSoftware\SafeSearch]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\SafeSearch]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\SafeSearch\domains]
"www.safesearch.net"="safesearch.net|green|Safe"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AVSoftware\SafeSearch]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="safesearch.net"

Searching for "nectar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Layouts\61465]
@="Nectar Search Toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"toolbar_name"="Nectar Search Toolbar"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"firstURL"="http://www.nectar.com/collect/toolbar/thankyou.points"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"toolbar_version"="Nectar Search Toolbar 1.703.3"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"AutoSearch"="http://uk.search.yahoo.com/search?ourmark=3&ei=utf-8&fr=nectar-tb-v2&slv8-&type=%toolid&p=%s"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\SafeSearch\domains]
"www.nectar.com"="nectar.com|green|OK"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68b9bf52-98b4-4bba-b725-4ba3d6268f99}]
"AppPath"="C:\Program Files\Nectar Search Toolbar"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Nectar Search Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2549B5EE-B8B6-4F73-BBE3-59298A8CE2EE}\InprocServer32]
@="C:\Program Files\Nectar Search Toolbar\Toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8020143D-5926-4394-A04D-DD0B649DA121}]
@="Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8020143D-5926-4394-A04D-DD0B649DA121}\InprocServer32]
@="C:\Program Files\Nectar Search Toolbar\Toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADA2AC0D-15C6-4611-BA5D-5B0A8B52FD6D}\InprocServer32]
@="C:\Program Files\Nectar Search Toolbar\Helper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7C2F0D8-2209-4693-A15D-5A537211D48B}]
@="Nectar Search Toolbar BHO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7C2F0D8-2209-4693-A15D-5A537211D48B}\InprocServer32]
@="C:\Program Files\Nectar Search Toolbar\Toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}\1.0\0\win32]
@="C:\Program Files\Nectar Search Toolbar\Toolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{22466F1F-0B10-41B0-A971-3A28599AA7C7}\1.0\HELPDIR]
@="C:\Program Files\Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}\1.0\0\win32]
@="C:\Program Files\Nectar Search Toolbar\Helper.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8021825B-2FBA-43AA-8FC9-1289DCD80B76}\1.0\HELPDIR]
@="C:\Program Files\Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68b9bf52-98b4-4bba-b725-4ba3d6268f99}]
"AppPath"="C:\Program Files\Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nectar Search Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nectar Search Toolbar]
"DisplayName"="Nectar Search Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nectar Search Toolbar]
"DisplayIcon"="C:\Program Files\Nectar Search Toolbar\Uninst.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nectar Search Toolbar]
"UninstallString"="C:\Program Files\Nectar Search Toolbar\Uninst.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{424529D3-F551-4C1E-A7D9-076CE25BD3CC}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B1A2D8-BDDB-4027-B239-5B05008E35A2}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet084\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{424529D3-F551-4C1E-A7D9-076CE25BD3CC}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet084\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B1A2D8-BDDB-4027-B239-5B05008E35A2}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{424529D3-F551-4C1E-A7D9-076CE25BD3CC}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B1A2D8-BDDB-4027-B239-5B05008E35A2}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Nectar Search Toolbar\TroubleShooter.exe|Name=Nectar Search Toolbar (Helper)|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Layouts\61465]
@="Nectar Search Toolbar"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"toolbar_name"="Nectar Search Toolbar"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"firstURL"="http://www.nectar.com/collect/toolbar/thankyou.points"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"toolbar_version"="Nectar Search Toolbar 1.703.3"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\FCTB000061465\Toolbar]
"AutoSearch"="http://uk.search.yahoo.com/search?ourmark=3&ei=utf-8&fr=nectar-tb-v2&slv8-&type=%toolid&p=%s"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\SafeSearch\domains]
"www.nectar.com"="nectar.com|green|OK"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68b9bf52-98b4-4bba-b725-4ba3d6268f99}]
"AppPath"="C:\Program Files\Nectar Search Toolbar"
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Nectar Search Toolbar]

-= EOF =-



OTL logfile created on: 23/12/2013 20:43:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robyn\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 61.15% Memory free
6.07 Gb Paging File | 4.84 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 145.37 Gb Free Space | 65.15% Space Free | Partition Type: NTFS

Computer Name: ROBYN-PC | User Name: Robyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/23 20:03:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Robyn\Desktop\Desktop\OTL.exe
PRC - [2013/12/21 22:37:49 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/21 22:37:49 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/12/05 19:34:42 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
PRC - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE
PRC - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/15 15:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTray.exe
PRC - [2009/04/15 15:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe
PRC - [2009/04/15 15:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerEvent.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/02 07:31:34 | 001,552,497 | ---- | M] (Suyin) -- C:\Program Files\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/03/18 08:46:30 | 001,160,736 | ---- | M] (Acer Incorporated) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
PRC - [2009/03/09 23:53:08 | 000,250,624 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009/03/09 23:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009/02/19 03:42:50 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008/11/06 03:53:58 | 000,474,168 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2008/10/17 09:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/08/28 23:20:22 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/21 22:37:51 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/12/05 19:36:56 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/03/01 20:54:46 | 000,040,960 | ---- | M] () -- C:\Program Files\VideoWebCamera\Utility.dll
MOD - [2009/02/01 21:28:14 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2009/01/12 15:11:40 | 000,626,688 | ---- | M] () -- C:\Program Files\VideoWebCamera\Image.dll
MOD - [2003/06/07 21:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


========== Services (SafeList) ==========

SRV - [2013/12/21 22:37:49 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/10/10 22:54:44 | 000,120,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/07/23 01:46:22 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/07/23 01:46:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/02 09:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/04/15 15:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/03/11 20:43:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/09 23:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/12/21 22:37:53 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/12/21 22:37:53 | 000,410,528 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/12/21 22:37:53 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/12/21 22:37:53 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/12/21 22:37:53 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/12/21 22:37:53 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/12/21 22:37:53 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2011/10/01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/03/17 18:28:50 | 000,452,096 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/01/10 03:38:36 | 000,190,512 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/29 22:57:56 | 000,952,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/09/22 13:49:36 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/09/04 04:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {4B51C980-C6B0-11E1-9136-AED16088709B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\URLSearchHook: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files\Nectar Search Toolbar\Helper.dll ()
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\SearchScopes\{1D0568E9-E764-44B6-BBED-17CE69183499}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_en
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/09 20:17:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/21 22:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/12/22 10:22:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robyn\AppData\Roaming\Mozilla\Extensions
[2013/12/22 10:21:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/22 10:21:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/21 22:37:54 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Nectar Search Toolbar BHO) - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" File not found
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\Toolbar\WebBrowser: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe File not found
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2735283499-926857205-4134287148-1000..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Acer Incorporated)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.kp.2020.net/planner/Core/Play ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A78465FB-FD0C-4F33-A52F-FADC92B59617}: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Robyn\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Robyn\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/23 20:16:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/23 19:45:18 | 000,000,000 | R--D | C] -- C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013/12/22 12:27:32 | 000,000,000 | ---D | C] -- C:\Users\Robyn\Desktop\Desktop
[2013/12/22 11:01:50 | 000,230,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/12/22 10:21:38 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Roaming\Mozilla
[2013/12/22 10:21:38 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Local\Mozilla
[2013/12/22 10:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/22 09:50:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/12/22 08:14:32 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Roaming\SUPERAntiSpyware.com
[2013/12/22 08:14:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/12/22 08:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/12/22 08:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/12/22 07:54:45 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Roaming\Malwarebytes
[2013/12/22 07:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/22 07:54:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/22 07:54:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/12/22 07:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/22 07:15:46 | 001,414,440 | ---- | C] (Nero AG) -- C:\Windows\System32\ShellManager310E2D762.dll
[2013/12/21 22:59:43 | 000,000,000 | ---D | C] -- C:\Users\Robyn\AppData\Roaming\AVAST Software
[2013/12/21 22:38:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/12/21 22:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

========== Files - Modified Within 30 Days ==========

[2013/12/23 20:42:52 | 000,000,562 | ---- | M] () -- C:\Users\Robyn\Desktop\SystemLook - Shortcut (2).lnk
[2013/12/23 20:14:56 | 000,000,521 | ---- | M] () -- C:\Users\Robyn\Desktop\OTL - Shortcut.lnk
[2013/12/23 20:14:48 | 000,000,562 | ---- | M] () -- C:\Users\Robyn\Desktop\SystemLook - Shortcut.lnk
[2013/12/23 20:14:41 | 000,000,521 | ---- | M] () -- C:\Users\Robyn\Desktop\JRT - Shortcut.lnk
[2013/12/23 19:52:28 | 000,609,640 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/23 19:52:28 | 000,108,858 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/23 19:44:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/23 19:44:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/23 19:44:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/23 19:44:40 | 3146,612,736 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/22 12:49:43 | 078,300,634 | ---- | M] () -- C:\Users\Robyn\Desktop\cmponents.reg
[2013/12/22 10:21:31 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/22 09:42:54 | 000,306,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/22 08:14:30 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/12/22 08:00:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/22 07:14:46 | 000,001,024 | ---- | M] () -- C:\Users\Robyn\.rnd
[2013/12/22 07:14:10 | 000,000,000 | ---- | M] () -- C:\Windows\Irremote.ini
[2013/12/21 22:38:04 | 000,001,875 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/21 22:38:04 | 000,001,356 | ---- | M] () -- C:\Users\Robyn\AppData\Local\d3d9caps.dat
[2013/12/21 22:37:53 | 000,775,952 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013/12/21 22:37:53 | 000,410,528 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013/12/21 22:37:53 | 000,180,248 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/12/21 22:37:53 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013/12/21 22:37:53 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013/12/21 22:37:53 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2013/12/21 22:37:53 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/12/21 22:37:52 | 000,270,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013/12/21 22:37:52 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/12/21 22:36:18 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/12/21 22:33:09 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/12/21 22:33:08 | 000,027,136 | ---- | M] () -- C:\Users\Robyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/26 12:25:54 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2013/12/23 20:42:52 | 000,000,562 | ---- | C] () -- C:\Users\Robyn\Desktop\SystemLook - Shortcut (2).lnk
[2013/12/23 20:14:56 | 000,000,521 | ---- | C] () -- C:\Users\Robyn\Desktop\OTL - Shortcut.lnk
[2013/12/23 20:14:48 | 000,000,562 | ---- | C] () -- C:\Users\Robyn\Desktop\SystemLook - Shortcut.lnk
[2013/12/23 20:14:41 | 000,000,521 | ---- | C] () -- C:\Users\Robyn\Desktop\JRT - Shortcut.lnk
[2013/12/22 12:49:37 | 078,300,634 | ---- | C] () -- C:\Users\Robyn\Desktop\cmponents.reg
[2013/12/22 10:21:31 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/22 10:21:31 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/22 08:14:30 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/12/22 07:54:10 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/22 07:15:46 | 000,773,120 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2013/12/22 07:14:44 | 000,001,024 | ---- | C] () -- C:\Users\Robyn\.rnd
[2013/12/22 07:14:10 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2013/12/22 06:32:06 | 3146,612,736 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/21 22:33:09 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2013/03/20 20:07:33 | 000,180,248 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/20 20:07:33 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/01/18 12:34:47 | 000,000,258 | RHS- | C] () -- C:\Users\Robyn\ntuser.pol
[2012/02/18 22:48:25 | 000,000,081 | ---- | C] () -- C:\Users\Robyn\CTX.DAT
[2010/03/06 12:49:19 | 000,004,670 | ---- | C] () -- C:\Users\Robyn\AppData\Roaming\wklnhst.dat
[2010/01/11 20:31:38 | 000,001,356 | ---- | C] () -- C:\Users\Robyn\AppData\Local\d3d9caps.dat
[2009/10/15 21:16:09 | 000,027,136 | ---- | C] () -- C:\Users\Robyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 17:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 06:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 06:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



OTL Extras logfile created on: 23/12/2013 20:43:56 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Robyn\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 61.15% Memory free
6.07 Gb Paging File | 4.84 Gb Available in Paging File | 79.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.12 Gb Total Space | 145.37 Gb Free Space | 65.15% Space Free | Partition Type: NTFS

Computer Name: ROBYN-PC | User Name: Robyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4A506057-5F24-4953-ACA4-806443882324}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A27E7E53-60A1-4C80-84FE-57CB1759E051}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E444C548-0F94-4575-8003-EF2FBF8AD55B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1175B3B5-3AF5-4514-A147-FD3BF48B0C26}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{14B1A2D8-BDDB-4027-B239-5B05008E35A2}" = protocol=17 | dir=in | app=c:\program files\nectar search toolbar\troubleshooter.exe |
"{35FD9824-7A6D-42C6-888D-9167FFAA9C79}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{3D6C2454-DDE2-4A1E-90CB-D7B10AA7261F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{424529D3-F551-4C1E-A7D9-076CE25BD3CC}" = protocol=6 | dir=in | app=c:\program files\nectar search toolbar\troubleshooter.exe |
"{5ED598F9-7189-44B8-9E1D-C5E416C9CCE1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D57E7F6-7B60-44A5-B729-CAB927EB6746}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7303EEEE-902D-4BD0-9C0D-1FB4DEF67D20}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AF9986AB-E034-4899-8FE2-99D41EE1F5EC}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{D4294A24-A857-4F39-9406-E7176608B1D5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F19CB24F-2781-4480-9C39-A1600F9BEE66}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F8B05436-DB95-46CF-B2DB-F26F51CA960B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{B52265A4-ECA4-4ECB-8251-636E5A72DD76}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{86EEB1A8-B7CD-4CB5-B188-7C5A751B918C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell PowerSave Solution
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{709817E4-5439-4206-8738-796B34B623BD}" = MetaBoli
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0061-0409-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Video Web Camera
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"avast" = avast! Free Antivirus
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DivX Setup" = DivX Setup
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 User’s Guide" = EPSON Stylus SX100_TX100 Manual
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"Infocenter" = Infocenter
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"Nectar Search Toolbar" = Nectar Search Toolbar
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Packard Bell Customer Registration" = Packard Bell Customer Registration
"PackardBell Screensaver" = PackardBell ScreenSaver
"SetUpMyPC" = SetUpMyPC
"Updator" = Updator
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ OSession Events ]
Error - 20/07/2012 08:59:53 | Computer Name = Robyn-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 90
seconds with 0 seconds of active time. This session ended with a crash.


< End of report >
User avatar
llanedeyrnjack
Regular Member
 
Posts: 17
Joined: September 3rd, 2009, 5:00 pm
Location: cardiff, wales

Re: windows can't check for updates

Unread postby nunped » December 26th, 2013, 8:01 am

Hello llanedeyrnjack!

You are very welcome.

Sorry for the delay. I thought I was going to have some free time during the holidays but was wrong. I hope you had a great Christmas!
Please, hold on to the updates for now. Let's just clean what we found:

Step 1 - Uninstall Program
  • Click on Start
  • Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  • Locate the following program:
    Nectar Search Toolbar
  • Select the program and click on Uninstall to uninstall it.
  • Reboot your computer after this.

Step 2 - OTL fix
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Do not include the words "Code: Select all". Press "Select all" to automatically select all the text on the box.
Code: Select all
:commands
[createrestorepoint]

:OTL
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\URLSearchHook: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - C:\Program Files\Nectar Search Toolbar\Helper.dll ()
O2 - BHO: (Nectar Search Toolbar BHO) - {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()
O3 - HKU\S-1-5-21-2735283499-926857205-4134287148-1000\..\Toolbar\WebBrowser: (Nectar Search Toolbar) - {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files\Nectar Search Toolbar\Toolbar.dll ()

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14B1A2D8-BDDB-4027-B239-5B05008E35A2}"=-
"{424529D3-F551-4C1E-A7D9-076CE25BD3CC}"=-
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\SafeSearch]
[-HKEY_CURRENT_USER\Software\AVSoftware\SafeSearch]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVSoftware\SafeSearch]
[-HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\SafeSearch]
[-HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AVSoftware\SafeSearch]
[HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"=-

:files
C:\Program Files\Nectar Search Toolbar
C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nectar Search Toolbar
ipconfig /flushdns /c

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 3 - SystemLook
  • Right-click SystemLook.exe and select "Run as Administrator" to run it.
  • Copy and paste the content of the following codebox into the main textfield: Do not include the words Code: select all
  • (Click the select all button next to code to select the entire script).

    Code: Select all
    :filefind
    *trolltech*
    *safesearch*
    *nectar*
    
    :folderfind
    *trolltech*
    *safesearch*
    *nectar*
    
    :Regfind
    trolltech
    safesearch
    nectar
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: windows can't check for updates

Unread postby llanedeyrnjack » December 26th, 2013, 9:21 am

Hello nunped & a merry christmas to you.

no problem with delay as i did not expect a reply due to RL at this time of year. I have had a nice christmas thank you, hope you did too!

ok, i have uninstalled nectar search toolbar.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d}\ not found.
File C:\Program Files\Nectar Search Toolbar\Helper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7C2F0D8-2209-4693-A15D-5A537211D48B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7C2F0D8-2209-4693-A15D-5A537211D48B}\ not found.
File C:\Program Files\Nectar Search Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8020143D-5926-4394-A04D-DD0B649DA121} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8020143D-5926-4394-A04D-DD0B649DA121}\ not found.
File C:\Program Files\Nectar Search Toolbar\Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8020143D-5926-4394-A04D-DD0B649DA121} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8020143D-5926-4394-A04D-DD0B649DA121}\ not found.
File C:\Program Files\Nectar Search Toolbar\Toolbar.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{14B1A2D8-BDDB-4027-B239-5B05008E35A2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14B1A2D8-BDDB-4027-B239-5B05008E35A2}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{424529D3-F551-4C1E-A7D9-076CE25BD3CC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424529D3-F551-4C1E-A7D9-076CE25BD3CC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\SafeSearch\ not found.
Registry key HKEY_CURRENT_USER\Software\AVSoftware\SafeSearch\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DoNotAskAgain not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\AVSoftware\SafeSearch\ not found.
Registry key HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AppDataLow\Software\SafeSearch\ not found.
Registry key HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\AVSoftware\SafeSearch\ not found.
Registry value HKEY_USERS\S-1-5-21-2735283499-926857205-4134287148-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DoNotAskAgain not found.
========== FILES ==========
File\Folder C:\Program Files\Nectar Search Toolbar not found.
File\Folder C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nectar Search Toolbar not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Robyn\Desktop\Desktop\cmd.bat deleted successfully.
C:\Users\Robyn\Desktop\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Robyn
->Temp folder emptied: 925694840 bytes
->Temporary Internet Files folder emptied: 281009574 bytes
->Java cache emptied: 40689745 bytes
->FireFox cache emptied: 17832322 bytes
->Flash cache emptied: 107995 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5413381703 bytes
RecycleBin emptied: 64160650 bytes

Total Files Cleaned = 6,431.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12262013_124941

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...





SystemLook 04.09.10 by jpshortstuff
Log created at 13:08 on 26/12/2013 by Robyn
Administrator - Elevation successful

========== filefind ==========

Searching for "*trolltech*"
No files found.

Searching for "*safesearch*"
No files found.

Searching for "*nectar*"
No files found.

========== folderfind ==========

Searching for "*trolltech*"
No folders found.

Searching for "*safesearch*"
No folders found.

Searching for "*nectar*"
No folders found.

========== Regfind ==========

Searching for "trolltech"
No data found.

Searching for "safesearch"
No data found.

Searching for "nectar"
No data found.

-= EOF =-
User avatar
llanedeyrnjack
Regular Member
 
Posts: 17
Joined: September 3rd, 2009, 5:00 pm
Location: cardiff, wales

Re: windows can't check for updates

Unread postby nunped » December 26th, 2013, 12:27 pm

Hi llanedeyrnjack,

I had a nice one too, thank you :)

Ok, How is your computer behaving?


One more scan, please:
ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then right click on it and select "run as administrator" to install.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Do NOT use the computer while the scan is running... make sure all other programs and windows are closed!


Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
  • Click the [Run ESET Online Scanner] button.
  • Read the End User License Agreement and check the box: [Yes, I accept the terms of use].
  • Click the green [Start] button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
    If your browser blocks or halts a download, please allow it to download any required files.
  • Under scan settings:
    • Check "Scan archives"
    • Remove found threats is UNCHECKED
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the [Start] button.
    ESET will install itself, download virus signature database updates and begin scanning your computer.
    The scan will take a while so please be patient. Do NOT use the computer while the scan is running.
  • When the scan completes, press the text: Image
  • Press the text: Image ... then save the file to your desktop as ESETScan.txt.
  • Press the [Back] button, then press the [Finish] button.
  • Copy and paste the contents of ESETScan.txt in your next reply.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.

Remember to enable your Anti-virus protection before continuing!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: windows can't check for updates

Unread postby llanedeyrnjack » December 26th, 2013, 2:45 pm

Hi again nunped,

as you probably expected there were no threats found & the computer appears to be booting quicker without the previous problems, although i have not used it since we started this cleaning as i want to install the windows updates first.

I also want to install some decent protection as well before surfing the net

So, what next?
User avatar
llanedeyrnjack
Regular Member
 
Posts: 17
Joined: September 3rd, 2009, 5:00 pm
Location: cardiff, wales

Re: windows can't check for updates

Unread postby nunped » December 26th, 2013, 3:49 pm

Hi llanedeyrnjack,

I think we are good to go. As far as I can see, your computer is clean from malware :)

You can install the updates and follow the next steps for uninstalling the tools we used:

OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL Save it to your Desktop.
  1. Double click on OTL.exe to run it.
    Vista-W7 users: Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

Create a System Restore Point
  1. Right-click on Computer and select Properties.
  2. In the left pane under Tasks, click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection and choose Create.
  4. In the System Restore dialog box, type a description for the restore point, like "All-clean", click Create.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK and close the System Restore dialog.
    Now you have a clean restore point.
Perform Disk Cleanup
Note: You have to have administrative rights to run Disk Cleanup for "All" users.
  1. Click Start button. Type disk in the Start Search text entry box.
  2. Double click the Disk Cleanup entry, from the matching program list.
  3. In the Disk Cleanup options select "Files from all users on this computer"
    If the Disk Cleanup: Drive Selection dialog box appears:
    • Select the drive where Windows is installed. (Normally, this would be C:\ drive)
    • Press the "OK"...button.
    Disk Cleanup will begin space saving calculations.
  4. When the calculations are finished... Press the More Options tab.
  5. In the "System Restore and Shadow Copies" section... select "Clean up" button.
  6. Press the "Delete"... button, at the "Are you sure..." prompt.
    Disk Cleanup will begin cleaning up old files and restore points.
  7. Exit Disk Cleanup.
    This will remove all restore points except the one you just created.

Don't forget to re-enable your security programs!

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: windows can't check for updates

Unread postby llanedeyrnjack » December 27th, 2013, 2:24 pm

Hello again nunped,

Thanks for the all clear & just want to say how much i appreciate your time.

Take care & have a Happy New Year

llanedeyrnjack
User avatar
llanedeyrnjack
Regular Member
 
Posts: 17
Joined: September 3rd, 2009, 5:00 pm
Location: cardiff, wales

Re: windows can't check for updates

Unread postby deltalima » December 27th, 2013, 4:09 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 113 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware