searchqu removal

waddler_8

After uninstalling the above:

• Right click OTL.exe & choose "Run as Administrator" to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code:

:processes
v4barsvc.exe
v4SrchMn.exe
v4brmon.exe
datamngrUI.exe

:services
DictionaryBossService

:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =   http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Produtools Maps Customized Web Search"
FF - prefs.js..browser.search.defaulturl:  "http://search.conduit.com/ResultsExt.aspx?ctid=CT3042917&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Produtools Maps Customized Web Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" 
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll (MindSpark)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens  ions\\v4ffxtbr@DictionaryBoss.com: C:\Program  Files\DictionaryBoss\bar\1.bin [2012/02/27 20:58:32 | 000,000,000 | ---D | M]
[2011/05/27 18:00:10 | 000,000,000 | ---D | M] (Yontoo Layers) --  C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vxqax3ct.default\extensions\plugin@yontoo.com
[2012/01/25 19:35:48 | 000,000,933 | ---- | M] () --  C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vxqax3ct.default\searchplugins\conduit.xml
[2012/02/27 22:25:05 | 000,009,650 | ---- | M] () --  C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vxqax3ct.default\searchplugins\my-web-search.xml
[2011/10/04 19:13:10 | 000,002,520 | ---- | M] () --  C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vxqax3ct.default\searchplugins\SearchResults.xml
[2012/02/26 14:06:41 | 000,002,519 | ---- | M] () --  C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vxqax3ct.default\searchplugins\Search_Results.xml
[2011/10/04 19:13:10 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/02/26 14:06:41 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url =  http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&sr=0&q={searchTerms}
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll
O2 - BHO: (Search Assistant BHO) -  {58376892-60e7-4f63-aca0-0f686af554d6} - C:\Program  Files\DictionaryBoss\bar\1.bin\v4SrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {6eb534fb-2001-45c4-b860-bc904865a379} -  C:\Program Files\DictionaryBoss\bar\1.bin\v4bar.dll (MindSpark)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} -  C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} -  C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -  C:\Program Files\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) -  {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [DictionaryBoss Browser Plugin Loader] C:\Program Files\DictionaryBoss\bar\1.bin\v4brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [DictionaryBoss Search Scope Monitor] C:\Program  Files\DictionaryBoss\bar\1.bin\DictionaryBoss Browser (MindSpark)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media,inc)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_29)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -  C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -  C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:1957F8A9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:8C885EDD

:files
C:\Program Files\Windows iLivid Toolbar
C:\Program Files\Yontoo Layers
C:\PROGRA~1\WI371A~1
C:\Users\Family\Documents\iLividSetupV1(1).exe
C:\Users\Family\Documents\iLividSetupV1.exe
C:\ProgramData\~1
c:\Users\Family\AppData\LocalLow\searchquband
c:\Users\Family\AppData\LocalLow\searchqutoolbar
c:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vxqax3ct.default\searchqutoolbar

:commands
[CREATERESTOREPOINT]
[REBOOT]

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

RedBern

waddler_8 wrote: »

Whilst i go through that in detail, uninstall these:

Windows iLivid Toolbar
Yontoo Layers 1.10.01

done

Done that? Uninstall this too - DictionaryBossbar

http://www.threatexpert.com/report.a...4c6fc064046e0a - Mywebsearch

done

After uninstalling the above:

• Right click OTL.exe & choose "Run as Administrator" to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code:

done

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

all going well - OTL rebooted but there's nothing in notepad - not sure where to look for it?

thanks for your help so far though.....

waddler_8

Look in C:\_OTL\MovedFiles\ddmmyyy_hhmss.log

RedBern

OTL logfile created on: 02/03/2012 22:39:36 - Run 2
OTL by OldTimer - Version 3.2.35.0 Folder = C:\Users\Family\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 53.64% Memory free
5.70 Gb Paging File | 4.25 Gb Available in Paging File | 74.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.04 Gb Total Space | 32.13 Gb Free Space | 22.62% Space Free | Partition Type: NTFS
Drive F: | 142.04 Gb Total Space | 110.38 Gb Free Space | 77.71% Space Free | Partition Type: NTFS

Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/02 22:39:01 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Documents\OTL(4).exe
PRC - [2012/03/02 09:20:51 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/02/17 17:50:10 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/11 12:49:14 | 001,179,648 | ---- | M] (W3i, LLC) -- C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/06/28 14:38:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/06/24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/27 21:16:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/23 00:39:24 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/12/21 12:04:30 | 000,987,704 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2010/12/21 12:04:30 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2010/12/21 12:04:30 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/07/26 13:15:26 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/04/11 06:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/12/04 12:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/10/01 19:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/10/01 19:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/10/01 19:43:56 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/07/30 01:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/30 01:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/05/21 01:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/03/26 05:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 20:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 20:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2008/01/21 02:24:46 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Speech\Common\sapisvr.exe
PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 17:50:10 | 001,911,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 03:36:53 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MOD - [2012/02/16 03:30:28 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012/02/16 03:30:18 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012/02/16 03:29:14 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2012/02/16 03:09:06 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\dbc78bf6ea5ba346651f88cd45febe94\System.Management.ni.dll
MOD - [2012/02/16 03:07:28 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\47a28c9724ca2af1e8a808b6a4492fdc\System.Runtime.Remoting.ni.dll
MOD - [2012/02/16 03:07:19 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ecf7f8a10cf3e6c3944936c7562ffd69\System.Xaml.ni.dll
MOD - [2012/02/16 03:04:15 | 018,000,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\de7b98adae0cf9ef3ee34eba29b9e0d9\PresentationFramework.ni.dll
MOD - [2012/02/16 03:03:57 | 011,450,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7d0085af8163b715488f2ed72d2b404\PresentationCore.ni.dll
MOD - [2012/02/16 03:03:46 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\8f178c27be36f9a08ab5ef6b26edd53c\System.Windows.Forms.ni.dll
MOD - [2012/02/16 03:03:44 | 003,857,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ed88e619ee2f7890f095327c9e6c4f47\WindowsBase.ni.dll
MOD - [2012/02/16 03:03:43 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e6a421765ab129b5a12db40f1ad11b33\System.Core.ni.dll
MOD - [2012/02/16 03:03:41 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\8bddd0d3155a3edec42e3039493095c7\PresentationFramework.Aero.ni.dll
MOD - [2012/02/16 03:03:36 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\48763e13ab42d7d355deba3265ea3223\System.Drawing.ni.dll
MOD - [2012/02/16 03:03:34 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dc9a87796af6bbda69eb6415f081d7d5\System.ni.dll
MOD - [2011/12/27 16:47:32 | 000,055,816 | ---- | M] () -- C:\Users\Family\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
MOD - [2011/10/13 02:38:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/13 02:09:52 | 014,408,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e360aa959e1b83be7026670d129c0a93\mscorlib.ni.dll
MOD - [2011/09/26 21:27:23 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/01/07 19:48:38 | 000,235,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2009/01/09 18:29:27 | 000,573,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3011.0__739b31b1908c49e5\Framework.UIComponent.dll
MOD - [2009/01/09 18:29:27 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3011.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009/01/09 18:29:27 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3011.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009/01/09 18:29:27 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3011.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
MOD - [2009/01/09 18:29:26 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3011.0__672b450de5a7e94a\Framework.Host.dll
MOD - [2008/12/03 13:05:26 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/26 09:56:02 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008/10/01 19:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
MOD - [2008/10/01 19:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008/10/01 19:43:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll
MOD - [2008/10/01 19:43:36 | 001,822,720 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll
MOD - [2008/07/30 01:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/28 14:38:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/27 21:16:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/21 12:04:30 | 000,987,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010/12/21 12:04:30 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010/07/26 13:15:26 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008/10/01 19:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/30 01:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/05/21 01:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/29 20:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 20:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - [2011/06/28 14:38:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 14:38:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/06/07 11:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/02/23 01:57:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/11/11 23:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/09/01 08:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/07/26 13:15:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/06/21 03:26:36 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010/06/21 03:26:36 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010/06/21 03:26:36 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
DRV - [2010/06/21 03:26:36 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/12 10:14:58 | 000,098,152 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV - [2010/04/27 02:25:20 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2010/04/27 02:25:20 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2010/04/27 02:25:20 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/10/01 18:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/01/25 12:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/12/04 13:50:56 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2007/10/12 08:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2003/10/23 00:23:00 | 000,016,848 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ctpdusb.sys -- (Jukebox3)

RedBern

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x1300
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x1300
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1006&m=aspire_x1300
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0906EB1A-D0D5-47C2-A539-7271DB82D268}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0906EB1A-D0D5-47C2-A539-7271DB82D268}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_enGB348
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=E30TFkkxV3Q66H1exWZnQ4_1Ulg?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/!!!!!!!!!!,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/!!!!!!!!!!,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/02 09:21:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/17 17:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/02 09:22:03 | 000,000,000 | ---D | M]

[2012/03/02 22:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Extensions
[2012/03/02 22:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vxqax3ct.default\extensions
[2010/06/25 08:00:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\vxqax3ct.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/02 22:19:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/02 09:21:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/02/17 17:50:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/22 17:17:20 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 14:08:59 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/29 13:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 14:08:59 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/01/29 14:08:59 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/29 14:08:59 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Family\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Surf Canyon = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\3.3.7_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Poppit = C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - !{3042df7a-e900-4389-9b94-923df0daa57e} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DVDtoiPodConverter_upgrade] C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe (E-Z soft)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MontiorGeo] c:\Acer\MonitorGeo.cmd File not found
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Setresolution] C:\ACER\config\1366x768.cmd File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON SX210 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify] C:\Users\Family\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Startw3i] C:\Program Files\PC Speed Maximizer\Startw3i.exe File not found
O4 - Startup: C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e-Speaking Voice and Speech Recognition Software.appref-ms ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O10 - NameSpace_Catal!!!\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{197B649D-B446-4689-8DDE-B1AB0396C4D9}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EE42708-4341-45B3-A356-099CA861B2F0}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Family\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Family\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

RedBern

========== Standard Registry (SafeList) ==========
========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 22:38:54 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\Family\Documents\OTL(4).exe
[2012/03/02 22:38:45 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{D4735339-5168-4366-9595-D8BE47590A0B}
[2012/03/02 22:32:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/02 22:30:16 | 000,585,216 | ---- | C] (OldTimer Tools) -- C:\Users\Family\Documents\OTL(3).exe
[2012/03/02 20:27:15 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Family\Documents\OTL(2).exe
[2012/03/02 20:16:38 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Family\Documents\OTL(1).exe
[2012/03/02 20:15:04 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Family\Documents\OTL.exe
[2012/03/02 09:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/03/02 07:37:37 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{2BB5341F-B59E-4E60-8B1B-8B985364A601}
[2012/03/02 07:37:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{07266CD6-F131-4217-BD2C-C57ED633715D}
[2012/02/27 07:53:53 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{7C590E16-031D-4A7E-96A2-2BC13D655495}
[2012/02/27 07:53:43 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{9C5E9529-8608-436B-8813-AC8E09A1F3C2}
[2012/02/26 14:20:35 | 002,364,504 | ---- | C] (Musiclab, LLC ) -- C:\Users\Family\Documents\BearShareV10.exe
[2012/02/25 13:59:43 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{FFED9DC3-8182-41FD-9228-884BE3E8A5AE}
[2012/02/25 13:59:33 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{BDC74B2D-9994-436C-8B1F-53BBC14BD42D}
[2012/02/25 13:11:52 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{4B43DD1F-BF70-43FC-8625-AF25E0A9B31F}
[2012/02/25 13:11:38 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{F3403B71-E43B-405F-9055-221A9D20456F}
[2012/02/20 17:53:09 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\waistcoat_files
[2012/02/18 10:14:27 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{34CA434B-8079-4A06-91C1-FA0C908CB0BA}
[2012/02/18 10:14:17 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{FB63E4A7-3719-4099-9B86-802509F22F01}
[2012/02/16 08:34:00 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{9CE2BBDF-0BFF-4373-A096-B1A49432A7A8}
[2012/02/16 08:33:50 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{FDE8C3C1-FDBB-48DD-9849-1AFC869269F0}
[2012/02/13 13:40:30 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{FA952211-A196-489F-9E2F-E0A0EF267BD2}
[2012/02/13 13:40:02 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{6BD9D9A6-E150-4546-A0AD-D5BD96033807}
[2012/02/10 09:35:55 | 000,000,000 | ---D | C] -- C:\Users\Family\Desktop\vintage web
[2012/02/10 09:29:34 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{FD6C78DE-DCDF-43E4-9D5B-F2EFB96E31FC}
[2012/02/10 09:29:24 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{06534A31-1329-4496-84BD-2DF2F13D2011}
[2012/02/09 17:42:19 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{2ED4896D-D76C-42F9-86F8-1561D4A4F2AE}
[2012/02/09 17:42:00 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{A23E250A-0F6E-49BE-821F-041D5AA77636}
[2012/02/05 13:37:01 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{FB975BE7-8619-4F3C-8280-E796050673B6}
[2012/02/05 13:36:51 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{BD4F3496-29BC-4B4A-B74B-E4F01917AE5D}
[2012/02/05 12:08:20 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{04151520-5576-4376-857F-0DC7E18E2EF2}
[2012/02/05 12:08:03 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{6D5A6175-D95A-4A44-B7E1-48A02339F313}
[2012/02/04 10:29:51 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{D92FB47A-7A31-4994-817F-0B56D2CCA80D}
[2012/02/04 10:29:41 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{F9471317-F26A-4B9A-9FBD-6F7B64D214BC}
[2 C:\Users\Family\Documents\*.tmp files -> C:\Users\Family\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/02 22:41:04 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/02 22:41:04 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/02 22:39:01 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Documents\OTL(4).exe
[2012/03/02 22:35:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/02 22:34:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 22:34:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/02 22:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/02 22:34:49 | 2951,208,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/02 22:30:19 | 000,585,216 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Documents\OTL(3).exe
[2012/03/02 22:08:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/02 20:27:17 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Documents\OTL(2).exe
[2012/03/02 20:16:40 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Documents\OTL(1).exe
[2012/03/02 20:15:07 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Documents\OTL.exe
[2012/03/02 10:08:00 | 000,029,696 | ---- | M] () -- C:\Users\Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 09:21:55 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\Free Offers.lnk
[2012/03/02 09:21:55 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/03/02 09:21:01 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/02/27 15:11:12 | 000,119,408 | ---- | M] () -- C:\Users\Family\Desktop\DANS CV...rtf
[2012/02/27 15:07:41 | 000,119,314 | ---- | M] () -- C:\Users\Family\Desktop\DANS CV 8-6-11.rtf
[2012/02/26 14:20:40 | 002,364,504 | ---- | M] (Musiclab, LLC ) -- C:\Users\Family\Documents\BearShareV10.exe
[2012/02/23 08:41:01 | 002,969,352 | ---- | M] () -- C:\Users\Family\Documents\Tyler The Creator - Yonkers.mp3
[2012/02/23 08:40:56 | 002,419,736 | ---- | M] () -- C:\Users\Family\Documents\Earl Sweatshirt - EARL.mp3
[2012/02/23 08:40:55 | 003,683,226 | ---- | M] () -- C:\Users\Family\Documents\Damian Marley - Me Name Jr. Gong.mp3
[2012/02/23 08:40:45 | 000,013,398 | -HS- | M] () -- C:\Users\Family\Documents\Folder.jpg
[2012/02/23 08:40:45 | 000,013,398 | -HS- | M] () -- C:\Users\Family\Documents\AlbumArt_{75D18E15-4F27-4D33-84DD-572DBF2EFFD0}_Large.jpg
[2012/02/23 08:40:44 | 000,003,086 | -HS- | M] () -- C:\Users\Family\Documents\AlbumArtSmall.jpg
[2012/02/23 08:40:44 | 000,003,086 | -HS- | M] () -- C:\Users\Family\Documents\AlbumArt_{75D18E15-4F27-4D33-84DD-572DBF2EFFD0}_Small.jpg
[2012/02/20 18:04:04 | 000,015,006 | ---- | M] () -- C:\Users\Family\Desktop\waistcoat pic.jpg
[2012/02/20 17:53:11 | 000,105,112 | ---- | M] () -- C:\Users\Family\Desktop\waistcoat.htm
[2012/02/17 05:09:22 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/16 03:27:52 | 000,306,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/14 20:01:26 | 000,007,282 | ---- | M] () -- C:\Users\Family\Desktop\good vintage header.jpg
[2012/02/03 23:23:38 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\Users\Family\Documents\*.tmp files -> C:\Users\Family\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/02 09:21:55 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/02/27 15:11:10 | 000,119,408 | ---- | C] () -- C:\Users\Family\Desktop\DANS CV...rtf
[2012/02/23 08:40:45 | 000,013,398 | -HS- | C] () -- C:\Users\Family\Documents\AlbumArt_{75D18E15-4F27-4D33-84DD-572DBF2EFFD0}_Large.jpg
[2012/02/23 08:40:45 | 000,003,086 | -HS- | C] () -- C:\Users\Family\Documents\AlbumArt_{75D18E15-4F27-4D33-84DD-572DBF2EFFD0}_Small.jpg
[2012/02/20 18:04:04 | 000,015,006 | ---- | C] () -- C:\Users\Family\Desktop\waistcoat pic.jpg
[2012/02/20 17:53:09 | 000,105,112 | ---- | C] () -- C:\Users\Family\Desktop\waistcoat.htm
[2012/02/14 19:55:29 | 000,007,282 | ---- | C] () -- C:\Users\Family\Desktop\good vintage header.jpg
[2012/02/13 13:45:35 | 002,419,736 | ---- | C] () -- C:\Users\Family\Documents\Earl Sweatshirt - EARL.mp3
[2012/02/13 13:45:01 | 002,969,352 | ---- | C] () -- C:\Users\Family\Documents\Tyler The Creator - Yonkers.mp3
[2012/02/13 13:43:16 | 003,683,226 | ---- | C] () -- C:\Users\Family\Documents\Damian Marley - Me Name Jr. Gong.mp3
[2012/02/03 23:23:38 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/03/31 16:42:18 | 000,000,680 | ---- | C] () -- C:\Users\Family\AppData\Local\d3d9caps.dat
[2011/01/24 21:34:00 | 000,127,348 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/09/17 19:32:17 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/09/17 19:32:17 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

========== LOP Check ==========

[2010/07/18 16:58:48 | 000,000,000 | -HSD | M] -- C:\Users\Family\AppData\Roaming\.#
[2011/12/27 16:12:01 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\4Media
[2009/10/05 17:15:51 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Acer
[2009/01/09 19:00:58 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Acer GameZone Console
[2009/10/22 10:08:35 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Anthropics
[2010/11/04 23:09:17 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\BitTorrent
[2011/07/01 10:09:11 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Blackberry Desktop
[2009/10/19 16:51:06 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Canneverbe_Limited
[2009/10/10 16:10:06 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Canon
[2011/12/27 15:57:55 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\E-Zsoft
[2011/10/27 12:48:26 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Epson
[2010/07/18 16:44:38 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\GARMIN
[2010/08/16 12:12:48 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\HandBrake
[2009/10/05 17:15:50 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Leadertech
[2009/11/20 15:50:02 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\LimeWire
[2010/08/09 14:03:39 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Oberonv1000
[2011/05/27 18:30:58 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\RegistryKeys
[2011/02/24 12:23:56 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Research In Motion
[2011/12/27 16:44:24 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Samsung
[2012/03/02 22:33:10 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Spotify
[2011/01/22 10:34:24 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\SystemRequirementsLab
[2009/10/11 13:53:04 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Template
[2011/05/27 18:08:34 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Titanium Gears
[2010/02/28 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Trusteer
[2011/02/24 12:31:17 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Uniblue
[2011/07/03 12:16:18 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Windows Live Writer
[2012/03/02 22:33:34 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 889 bytes -> C:\Users\Family\Documents\raffle - programme notes.eml:OECustomProperty

< End of report >

waddler_8

Most of it's gone - just a few stragglers left.

• Right click OTL.exe & choose "Run as Administrator" to start the program.
• Copy and Paste the following code into the textbox. Do not include the word Code:

:OTL
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=102&systemid=406&sr=0&q={searchTerms}
O3 - HKLM\..\Toolbar: (no name) - !{3042df7a-e900-4389-9b94-923df0daa57e} - No CLSID value found.

:commands
[CREATERESTOREPOINT]
[REBOOT]

• Then click the Run Fix button at the top.
• Click .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

RedBern

========== OTL ==========
Prefs.js: "http://www.searchqu.com/406&quot; removed from browser.startup.homepage
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{3042df7a-e900-4389-9b94-923df0daa57e} deleted successfully.
========== COMMANDS ==========

is that it? I think that's sorted it - have just reset my preferred option to google - and that's held firm!..

Thanks so much for your help - much appreciated.

waddler_8

Open Google Chrome, Click about:settings > Basics > search > click manage search engines.

Hover over: Search Results > http://dts.search-results.com & then click the X on the end.

Set google or something as the default.Then run a quick scan with Malwarebytes anti-malware as you have it installed.


I see this is a family PC? Who uses bearshare, limewire & other file sharing programs - the kids?That's how this junk gets on the pc.

RedBern

waddler_8 wrote: »

Open Google Chrome, Click about:settings > Basics > search > click manage search engines.

Hover over: Search Results > http://dts.search-results.com & then click the X on the end.



I see this is a family PC? Who uses bearshare, limewire & other file sharing programs - the kids?That's how this junk gets on the pc.

hmm - there's an X by all the other options but not dts.search-results.com ...

yes- have had words with son about downloading 'stuff' - again.