[plastictaffy]

Afternoon all.
I really am at a loss with this one. My wife has taken to bringing machines home from work for me to look at. I'm currently fiddling with the Personnel Manager's machine, so I'd rather not [bleep] it up, hence posting on here. The original symptoms were that the C drive was full (it's an Acer Machine, got their stoopid partition thing on C) and that it was running very very slow. I've managed to cure the C drive issue, using G-Parted, (fantastic tool, that) so Windows is now trying to install updates and the like, now that it has the room. I've managed to install AVG too, (swear by it, don't try to convert me) and went to run it in Safe Mode, but it started a full scan, then hung out of it. It showed a screen when it hung, but it goes by so fast that I don't see it!!
Internet Explorer refuses to do very much in Safe Mode, and even less in Normal Mode. It appears to be re-directing, but never actually goes to a website. This is being posted on my own machine, with the OTL log moved between the machines on my dongle, as the laptop is unworkably slow. When I installed AVG, it tried to update itself, then hung two thirds of the way through. As I see it, there must be some kind of virus on there, but AVG refused to run all the way through. It doesn't appear that there has ever been any decent AV software on there (do Acer supply their machines with AV, I dunno......) so the machine must be absolutely crawling with nasties. I've not been supplied the Vista disc, so I can't really do a rebuild. Anyways, here's the OTL log, anyone got any ideas, as I'm stumped........
OTL logfile created on: 27/07/2012 17:00:13 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = F:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

765.45 Mb Total Physical Memory | 94.93 Mb Available Physical Memory | 12.40% Memory free
1.76 Gb Paging File | 0.79 Gb Available in Paging File | 44.70% Paging File free
Paging file location(s): d:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.08 Gb Total Space | 21.38 Gb Free Space | 44.47% Space Free | Partition Type: NTFS
Drive F: | 247.72 Mb Total Space | 247.15 Mb Free Space | 99.77% Space Free | Partition Type: FAT

Computer Name: PEGGYS-PC | User Name: Slatter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/27 15:17:16 | 000,597,504 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/07/27 14:19:04 | 000,830,048 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012/07/27 14:19:01 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/13 03:48:26 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/29 20:01:03 | 000,397,848 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2012/02/13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE
PRC - [2011/12/06 11:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/05/17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/07/16 17:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/07/16 17:54:07 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/06/11 15:14:51 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/27 14:19:05 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/07/27 14:19:01 | 001,147,488 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/04/23 12:01:12 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/22 12:02:38 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/02/18 08:48:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012/02/18 08:48:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012/02/18 08:40:53 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012/02/18 08:39:01 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/14 08:21:33 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011/10/14 08:17:39 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/07/16 17:54:10 | 000,025,264 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
MOD - [2007/07/16 17:54:07 | 000,434,864 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
MOD - [2007/05/02 10:11:55 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/02 10:11:55 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/02 10:10:58 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 13:20:25 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 13:19:51 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 13:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/03/23 20:41:43 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdiscw.dll
MOD - [2007/03/05 15:45:25 | 000,589,824 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdidatr.dll
MOD - [2006/12/28 16:47:42 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdicats.dll
MOD - [2001/04/16 17:39:02 | 000,037,808 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx


========== Win32 Services (SafeList) ==========

SRV - [2012/07/27 14:19:04 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/07/12 09:39:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/04/29 20:01:03 | 000,397,848 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/13 21:19:20 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.362.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/13 21:19:20 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.362.0\BBSvc.EXE -- (BBSvc)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/11 15:14:51 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/06/11 15:14:42 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/01/09 11:34:38 | 000,024,576 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eLock\service\eLockServ.exe -- (eLockService)
SRV - [2007/01/02 09:33:24 | 000,135,168 | ---- | M] (acer) [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2006/12/28 20:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/07/27 14:19:06 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/04/04 02:03:01 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2007/04/04 02:03:01 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2007/04/04 02:03:01 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/11/27 10:36:08 | 000,085,800 | ---- | M] (Acer, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2006/11/27 10:36:02 | 000,024,360 | ---- | M] (Acer, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eLock2burnerlockdriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006/08/04 03:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80506
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...id=80506&lng=en
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 42 33 6A 00 F9 6B CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-07-27 14:19:08&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Broadband\advisor\nprpspa.dll (Radialpoint Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/21 18:52:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/27 14:16:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/27 14:19:16 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [RegWork] C:\Program Files\RegWork\RegWork.exe (Honlyn (Macao Commercial Offshore) Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6903F874-BC61-48ED-B439-3C092CC2911F}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF1084F6-3144-460B-8FBE-0809306B354A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/27 14:20:18 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Roaming\AVG2012
[2012/07/27 14:19:34 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Local\AVG Secure Search
[2012/07/27 14:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/27 14:19:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/27 14:19:06 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/27 14:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/27 14:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/27 14:15:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/07/27 14:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/27 14:15:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/07/27 14:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/27 14:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/27 14:10:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/27 14:05:47 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Roaming\Adobe
[2012/07/27 14:01:27 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Roaming\Google
[2012/07/27 14:00:16 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Roaming\Yahoo!
[2012/07/27 13:59:44 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Local\Google
[2012/07/27 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Roaming\Real
[2012/07/27 13:50:18 | 000,000,000 | R--D | C] -- C:\Users\Slatter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/27 13:50:18 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Searches
[2012/07/27 13:50:18 | 000,000,000 | R--D | C] -- C:\Users\Slatter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/07/27 13:50:08 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Roaming\Identities
[2012/07/27 13:50:06 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Contacts
[2012/07/27 13:50:04 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Local\VirtualStore
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\AppData\Local\Temporary Internet Files
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\Templates
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\Start Menu
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\SendTo
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\Recent
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\PrintHood
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\NetHood
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\Documents\My Videos
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\Documents\My Pictures
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\Documents\My Music
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\My Documents
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\Local Settings
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\AppData\Local\History
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\Cookies
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\Application Data
[2012/07/27 13:49:52 | 000,000,000 | -HSD | C] -- C:\Users\Slatter\AppData\Local\Application Data
[2012/07/27 13:49:51 | 000,000,000 | --SD | C] -- C:\Users\Slatter\AppData\Roaming\Microsoft
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Videos
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Saved Games
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Pictures
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Music
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Links
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Favorites
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Downloads
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Documents
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\Desktop
[2012/07/27 13:49:51 | 000,000,000 | R--D | C] -- C:\Users\Slatter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/07/27 13:49:51 | 000,000,000 | -H-D | C] -- C:\Users\Slatter\AppData
[2012/07/27 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Local\Temp
[2012/07/27 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Local\Microsoft
[2012/07/27 13:49:51 | 000,000,000 | ---D | C] -- C:\Users\Slatter\AppData\Roaming\Macromedia
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/27 17:11:47 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/27 16:51:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/27 16:50:07 | 000,004,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 16:50:06 | 000,004,336 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/27 16:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/27 16:49:37 | 000,228,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/27 16:39:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/27 15:22:49 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/27 15:22:49 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/27 14:30:31 | 064,482,175 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/27 14:19:22 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/27 14:19:06 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/07/27 14:13:27 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/27 13:58:48 | 000,000,943 | ---- | M] () -- C:\Users\Slatter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/27 14:30:31 | 064,482,175 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/07/27 14:19:22 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/27 14:13:27 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/27 13:58:48 | 000,000,943 | ---- | C] () -- C:\Users\Slatter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/27 13:50:19 | 000,000,949 | ---- | C] () -- C:\Users\Slatter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/07/27 13:50:17 | 000,000,944 | ---- | C] () -- C:\Users\Slatter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/07/27 13:50:06 | 000,000,915 | ---- | C] () -- C:\Users\Slatter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/07/27 13:49:52 | 000,000,258 | ---- | C] () -- C:\Users\Slatter\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/07/27 13:49:52 | 000,000,240 | ---- | C] () -- C:\Users\Slatter\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/12/18 10:26:22 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/06/06 10:16:21 | 000,000,315 | ---- | C] () -- C:\ProgramData\lxdi

========== LOP Check ==========

[2012/07/27 14:20:18 | 000,000,000 | ---D | M] -- C:\Users\Slatter\AppData\Roaming\AVG2012
[2012/05/18 01:36:55 | 000,000,314 | ---- | M] () -- C:\Windows\Tasks\Regwork.job
[2012/07/27 16:41:06 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

And here are the results from the Extras.txt

OTL Extras logfile created on: 27/07/2012 17:00:13 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = F:\
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

765.45 Mb Total Physical Memory | 94.93 Mb Available Physical Memory | 12.40% Memory free
1.76 Gb Paging File | 0.79 Gb Available in Paging File | 44.70% Paging File free
Paging file location(s): d:\pagefile.sys 2000 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.08 Gb Total Space | 21.38 Gb Free Space | 44.47% Space Free | Partition Type: NTFS
Drive F: | 247.72 Mb Total Space | 247.15 Mb Free Space | 99.77% Space Free | Partition Type: FAT

Computer Name: PEGGYS-PC | User Name: Slatter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0059456D-61F0-44F5-BDE6-3BCB5198DB8D}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{0F549EC6-160C-424B-9AA6-22E4BA418342}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{11753F1A-4616-48E2-90C4-BBCE8C03BED3}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{11A58EEF-CE8A-413E-A67D-81516CB2620C}" = protocol=17 | dir=in | app=e:\libneap.dll |
"{11ECB058-B143-473E-A824-5CA4C1AE94A9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{1948CDDF-58B7-4FE5-9CA8-0C986380DDFA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{2DDA5583-C6FC-45C9-BF7E-0B8DD197A7DE}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{39C5EC7B-57E4-48EB-A7F1-EE28B60DCA9A}" = protocol=6 | dir=in | app=e:\dwizard615.exe |
"{3A6F9791-94A7-4AEA-8D09-28FEB720214F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{3D7F6395-1169-40AD-A59B-1C15C473C202}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{521AF48F-EA19-4BAE-B6D2-1B24CC8F30C3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5D92DE86-31DE-41DA-92BE-36D8695BF68F}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{6F70A7E2-0AC0-445C-81A3-748FFABC6ED7}" = protocol=17 | dir=in | app=e:\dwizard615.exe |
"{9220E386-1547-4EB4-A994-659EB022F5C2}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{9F22AC8F-753A-4471-A9D6-111A5D5C2FD2}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{A06E4480-D8FF-47C0-B2E9-430E21CC0B4C}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{B9E54787-2063-4378-A39E-E409185BC3B7}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{C6A26C8A-993B-4272-B739-EF762C47A9FE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{CBCA9CBA-B373-4129-A591-D2053ECC90B9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D7AD3B15-D38B-472A-8457-62B0C50DD4BC}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{D9DD61E0-440F-4135-842A-1219A7D0D42F}" = protocol=6 | dir=in | app=e:\libneap.dll |
"{DC985FD1-710B-44E5-8B58-58E1C68E2AC8}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{16F4F4EF-AB7C-467F-8A6A-5C2BD2CB1133}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"TCP Query User{1F5BAAF9-795A-40AB-9CC8-7F915D9ACDEA}C:\program files\lexmark 3500-4500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"TCP Query User{21789A9E-52C8-4EB0-81A9-6559C0A6B709}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"TCP Query User{5877E22F-C2EC-457E-BBA0-ED9D628A6C55}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7C84BFF9-0698-4891-8364-56561622C1E5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{BB5C0417-5C51-4B16-9E6D-7E253A2C04B8}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"TCP Query User{CA8AFB43-E8F8-4F6D-ADFC-C15540769AA0}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"TCP Query User{D931A536-D834-47DF-A94C-6D8C1FCEC753}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{F43E8437-DDA3-48B6-8D8E-C1CEE1955EDE}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{0E04E796-42D4-4A22-9B4B-A755F81AA102}C:\program files\nero\nero 7\nero showtime\showtime.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero showtime\showtime.exe |
"UDP Query User{173793EC-6B75-4E22-9166-3D87BD65AE66}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{33D82380-323F-41E8-9898-CEC929253C38}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"UDP Query User{3A3953F0-80AA-4399-BC63-A9DD0F4954E1}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"UDP Query User{3BD26C3A-F22E-4618-AB38-83CC28B61FE4}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{5327BAD5-F4C1-4F7E-9F88-4EC6BF19A35C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{55A6A1DA-9A03-4B43-9B93-AB60A249B2AE}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{B52F4DA8-023E-4E54-B5E0-3B6C397F7A00}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"UDP Query User{F816BE12-9239-4AA7-A8C4-7DCD22ADE2FF}C:\program files\lexmark 3500-4500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01B6480D-3937-4E82-AB2C-8E4C591BEFE5}" = Broadband Help
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{16793295-2366-40F7-A045-A3E42A81365E}" = Bing Bar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Premium
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{A7F42FF0-05F0-47E7-9758-D68C37EDE7EF}" = Tesco PhotoRestyle
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B143D835-EBAF-4A39-8B31-1868FF4166C1}" = AVG 2012
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{F55A5517-4AD4-4F5D-9290-2862E623C12B}" = Tesco Complete Office
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"AVG" = AVG 2012
"BroadJump Client Foundation" = BroadJump Client Foundation
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Google Updater" = Google Updater
"iLivid" = iLivid
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MWASPI" = MicroStaff WINASPI
"MyTomTom" = MyTomTom 3.1.0.530
"PricePeep" = PricePeep for Internet Explorer
"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.24
"RealPlayer 15.0" = RealPlayer
"RegWork" = RegWork
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tesco Personal Finance 1.0" = Tesco Personal Finance 1.0
"Updater Service" = Updater Service
"VooMuuSA" = VooMuu
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 16/10/2011 02:05:08 | Computer Name = Peggys-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/10/2011 02:05:08 | Computer Name = Peggys-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/10/2011 02:05:10 | Computer Name = Peggys-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/10/2011 02:05:10 | Computer Name = Peggys-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/10/2011 02:05:12 | Computer Name = Peggys-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/10/2011 02:05:12 | Computer Name = Peggys-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/10/2011 02:06:47 | Computer Name = Peggys-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 16/10/2011 02:06:47 | Computer Name = Peggys-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 28/10/2011 03:18:42 | Computer Name = Peggys-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 28/10/2011 03:33:41 | Computer Name = Peggys-PC | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 27/07/2012 09:26:40 | Computer Name = Peggys-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 27/07/2012 09:26:40 | Computer Name = Peggys-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/07/2012 09:28:00 | Computer Name = Peggys-PC | Source = DCOM | ID = 10005
Description =

Error - 27/07/2012 09:28:12 | Computer Name = Peggys-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 27/07/2012 09:28:12 | Computer Name = Peggys-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 27/07/2012 09:28:12 | Computer Name = Peggys-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 27/07/2012 09:28:12 | Computer Name = Peggys-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/07/2012 11:50:51 | Computer Name = Peggys-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 27/07/2012 11:50:51 | Computer Name = Peggys-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/07/2012 11:58:46 | Computer Name = Peggys-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >

[Advertisements]

Hi there you are running very tight on RAM, I would recommend at least 2GB for Vista

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
  O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
  O4 - HKLM..\Run: [RegWork] C:\Program Files\RegWork\RegWork.exe (Honlyn (Macao Commercial Offshore) Limited)
  O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files\Windows iLivid Toolbar
  C:\Program Files\PricePeep
  C:\Program Files\RegWork
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[Essexboy]

Hi there you are running very tight on RAM, I would recommend at least 2GB for Vista

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
  O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
  O4 - HKLM..\Run: [RegWork] C:\Program Files\RegWork\RegWork.exe (Honlyn (Macao Commercial Offshore) Limited)
  O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files\Windows iLivid Toolbar
  C:\Program Files\PricePeep
  C:\Program Files\RegWork
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply

[plastictaffy]

I thought the RAM was a little low, and that's a recommendation I'll make to the owner when it goes back, as well as a new hard-disk, as there's currently only 60gig capacity. All scans run (once I'd remembered to turn off the AV, d'oh!!) AVG flagged it up as a threat and stopped it running, schoolboy error)
Here are the relevant logs.
OTL log
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ not found.
File C:\Program Files\PricePeep\pricepeep.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegWork not found.
File C:\Program Files\RegWork\RegWork.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Slatter\Desktop\cmd.bat deleted successfully.
C:\Users\Slatter\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\PricePeep not found.
C:\Program Files\RegWork\Logs folder moved successfully.
C:\Program Files\RegWork folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Desktop

User: Grandad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Peggy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1681925182 bytes
->Java cache emptied: 4007748 bytes
->Flash cache emptied: 3175 bytes

User: Public

User: S******
->Temp folder emptied: 25498940 bytes
->Temporary Internet Files folder emptied: 1032202 bytes
->Flash cache emptied: 3328 bytes

User: TEMP

User: TEMP.Peggys-PC

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1070617 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,634.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07282012_165557

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ASWMbr log

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ not found.
File C:\Program Files\PricePeep\pricepeep.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegWork not found.
File C:\Program Files\RegWork\RegWork.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll deleted successfully.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll deleted successfully.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Slatter\Desktop\cmd.bat deleted successfully.
C:\Users\Slatter\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\PricePeep not found.
C:\Program Files\RegWork\Logs folder moved successfully.
C:\Program Files\RegWork folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Desktop

User: Grandad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Peggy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1681925182 bytes
->Java cache emptied: 4007748 bytes
->Flash cache emptied: 3175 bytes

User: Public

User: S******
->Temp folder emptied: 25498940 bytes
->Temporary Internet Files folder emptied: 1032202 bytes
->Flash cache emptied: 3328 bytes

User: TEMP

User: TEMP.P*****-PC

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1070617 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,634.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.55.0 log created on 07282012_165557

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

More windows updates installed, too. It's certainly running a lot better already. What next then??

[Essexboy]

If you could run aswMBR now please to check out the MBR and system files

[plastictaffy]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 17:18:48
-----------------------------
17:18:48.692 OS Version: Windows 6.0.6002 Service Pack 2
17:18:48.692 Number of processors: 1 586 0x4C02
17:18:48.692 ComputerName: PEGGYS-PC UserName: S******
17:20:17.579 Initialize success
17:20:39.426 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:20:39.426 Disk 0 Vendor: TOSHIBA_MK6034GSX AH101J Size: 57231MB BusType: 3
17:20:40.207 Disk 0 MBR read successfully
17:20:40.223 Disk 0 MBR scan
17:20:40.238 Disk 0 Windows VISTA default MBR code
17:20:40.301 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7993 MB offset 63
17:20:40.348 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 49237 MB offset 16371712
17:20:40.363 Disk 0 scanning sectors +117209088
17:20:40.488 Disk 0 scanning C:\Windows\system32\drivers
17:21:09.504 Service scanning
17:21:52.566 Modules scanning
17:22:38.098 Disk 0 trace - called modules:
17:22:38.129 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
17:22:38.129 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a43ac8]
17:22:38.207 3 CLASSPNP.SYS[861a78b3] -> nt!IofCallDriver -> [0x84311958]
17:22:38.207 5 acpi.sys[8060a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83985528]
17:22:38.223 Scan finished successfully
17:24:13.785 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
17:24:13.832 The log file has been saved successfully to "F:\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 13:14:05
-----------------------------
13:14:05.541 OS Version: Windows 6.0.6002 Service Pack 2
13:14:05.541 Number of processors: 1 586 0x4C02
13:14:05.544 ComputerName: PEGGYS-PC UserName: S******
13:14:17.539 Initialize success
13:14:47.774 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:14:47.813 Disk 0 Vendor: TOSHIBA_MK6034GSX AH101J Size: 57231MB BusType: 3
13:14:47.837 Disk 0 MBR read successfully
13:14:47.858 Disk 0 MBR scan
13:14:47.862 Disk 0 Windows VISTA default MBR code
13:14:47.865 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7993 MB offset 63
13:14:47.913 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 49237 MB offset 16371712
13:14:47.946 Disk 0 scanning sectors +117209088
13:14:48.049 Disk 0 scanning C:\Windows\system32\drivers
13:15:00.418 Service scanning
13:15:53.206 Modules scanning
13:16:17.209 Disk 0 trace - called modules:
13:16:17.254 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys
13:16:17.260 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84a43ac8]
13:16:17.300 3 CLASSPNP.SYS[861ac8b3] -> nt!IofCallDriver -> [0x84335918]
13:16:17.310 5 acpi.sys[806146bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83590528]
13:16:17.318 Scan finished successfully
13:18:00.779 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
13:18:00.842 The log file has been saved successfully to "F:\aswMBR.txt"


Thought I'd already run that one, sorry, clearly not!!!!
What next then?? I'm guessing that this machine had never been allowed to update windows, another 80+Mb upsate installed now.
I appreciate the help, you're a star!!

Just realised, I had run it, but never copied and pasted it to the posting!!! Sorry fella!!!

Edited by plastictaffy, 29 July 2012 - 06:23 AM.

[Essexboy]

I feel a quick run with Malwarebytes now to check for orphans, then look at any remaining problems

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[plastictaffy]

Lots of c**p removed this time. Here is the MBAM log............ Machine requested a reboot after it finished. More updates showing for Windows!!!!

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Slatter :: PEGGYS-PC [administrator]

29/07/2012 14:08:12
mbam-log-2012-07-29 (14-08-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231929
Time elapsed: 8 minute(s), 35 second(s)

Memory Processes Detected: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 2236 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\VooMuu (Adware.HotBar.VM) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VooMuuSA (Adware.HotBar.VM) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Program Files\VooMuu (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\Program Files\VooMuu\bin (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\Program Files\VooMuu\bin\1.0.36.0 (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\ProgramData\VooMuuSA (Adware.HotBar.VM) -> Quarantined and deleted successfully.

Files Detected: 7
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
C:\Program Files\VooMuu\bin\1.0.36.0\copyright.txt (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\Program Files\VooMuu\bin\1.0.36.0\VooMuuSAHook.dll (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\Program Files\VooMuu\bin\1.0.36.0\VooMuuUninstaller.exe (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\ProgramData\VooMuuSA\VooMuuSA.dat (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\ProgramData\VooMuuSA\VooMuuSAau.dat (Adware.HotBar.VM) -> Quarantined and deleted successfully.
C:\ProgramData\VooMuuSA\VooMuuSA_kyf_update.dat (Adware.HotBar.VM) -> Quarantined and deleted successfully.

(end)

[Essexboy]

When was the last time it was updated ?

I always follow with MBAM as it generally finds the bits I miss

How is the computer behaving now .. Between updates that is

[plastictaffy]

I'm not sure it has ever had a windows update, tbh. There was no room on the hard-disk to put them, as for some reason Acer laptops have the hard-disk partitioned into 2 chunks, one of around 10Gb for the OS, and everything else on another chunk that it calls D......... Bizarre, it is. But it won't install anything onto D, so I just use a tool called G-parted to remove the partition and have everything on C. Took me a while to do it, the MoBo doesn't support USB booting, which of course is the easiest way to get G-parted to run, as it starts up immediately after the splash screen!!!! Been ripping my hair out with it, I have.
Anyway, it is running a lot better now, well, as well as can be expected with Vista, a terrible OS, even by Microsoft's standards!!! Thanks very much. Do I just remove the tools I installed now then, or is there owt else to run on it??

[Essexboy]

Nope if you are happy I will remove the tools and tidy up as I go

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. For aswMBR just delete from the desktop

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

• Go to control panel
• Select folder options (Appearance > Folder options in category view)
• Select the View Tab.
• Under the Hidden files and folders heading select Do not show hidden files and folders.
• Click Yes to confirm.
• Click OK.

SPRING CLEAN

To manually create a new Restore Point

• Go to Control Panel and select System
• Select System
• On the left select System Protection and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name i.e. Clean
• Select Create

Now we can purge the infected ones

• GoStart > All programs > Accessories > system tools
• Right click Disc cleanup and select run as administrator
• Select Your main drive and accept the warning if you get one
• For a few moments the system will make some calculations
• Select the More Options tab
• In the System Restore and Shadow Backups select Clean up
• Select Delete on the pop up
• Select OK
• Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

• Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.