doubleclick.net

unit 1

Ok so this thing is wrecking my head when surfing boards.

Basically, sometimes when I right click the back button in top left hand corner I get the following, and would love to get rid.

http;//ad-emea.doubleclick.net/adi/N4892

Any help would be greatly appreciated, bearing in mind that I am only "reasonably tech savvy".

ASJ112

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings. The scan wont take long.
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files here

unit 1

OK so here's what i got.

OTL logfile created on: 28/11/2012 23:47:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cammilus\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.72% Memory free
6.00 Gb Paging File | 4.31 Gb Available in Paging File | 71.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.82 Gb Total Space | 8.00 Gb Free Space | 2.78% Space Free | Partition Type: NTFS
Drive | 10.27 Gb Total Space | 5.89 Gb Free Space | 57.30% Space Free | Partition Type: NTFS
Drive F: | 149.04 Gb Total Space | 0.02 Gb Free Space | 0.01% Space Free | Partition Type: NTFS
Drive L: | 7.41 Gb Total Space | 0.29 Gb Free Space | 3.95% Space Free | Partition Type: FAT32

Computer Name: CAMMILUS-PC | User Name: cammilus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 23:46:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cammilus\Downloads\OTL.exe
PRC - [2012/11/12 09:26:53 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/09/29 19:54:26 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/06 18:16:13 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/06 22:06:52 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/03/06 22:06:32 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/01/10 18:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/01/04 13:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/01/04 13:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/12/02 17:01:46 | 003,284,992 | ---- | M] (SoftPerfect) -- C:\Program Files\NetWorx\networx.exe
PRC - [2011/08/17 12:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/06/10 21:41:32 | 001,575,184 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/24 20:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/11/20 12:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/06/16 21:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009/07/07 11:21:28 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
PRC - [2009/07/07 11:21:28 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/10/18 15:53:54 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdvcoms.exe
PRC - [2007/10/18 15:53:42 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\System32\spool\drivers\w32x86\3\lxdvserv.exe
PRC - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/09/14 06:55:52 | 000,061,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
PRC - [2001/06/21 17:15:46 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 10:12:38 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 10:12:29 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 10:12:04 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/15 10:11:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/15 10:11:58 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 10:11:39 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/01/10 18:38:40 | 000,423,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/01/10 18:38:38 | 000,058,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/01/10 18:38:34 | 000,095,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
MOD - [2012/01/10 18:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/01/10 18:38:00 | 000,384,896 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtCore.dll
MOD - [2012/01/10 18:38:00 | 000,165,248 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2012/01/10 18:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/01/10 18:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/01/10 18:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/01/10 18:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/01/10 18:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/01/10 18:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/01/10 18:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/01/10 18:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/01/10 18:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/01/10 18:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/01/10 18:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/01/10 18:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/01/10 18:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/01/10 18:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/01/10 18:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/01/10 18:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2012/01/10 18:36:24 | 000,437,632 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012/01/10 18:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2012/01/10 18:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/01/05 16:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/17 12:18:22 | 000,480,256 | ---- | M] () -- C:\Program Files\NetWorx\sqlite.dll
MOD - [2010/06/16 21:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/07/07 11:21:28 | 000,455,336 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvmon.exe
MOD - [2009/07/07 11:21:28 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvamon.exe
MOD - [2007/10/08 03:59:24 | 000,036,864 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\app4r.monitor.core.dll
MOD - [2007/10/08 03:59:24 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\app4r.monitor.common.dll
MOD - [2007/10/08 03:58:32 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007/09/06 15:38:30 | 000,278,528 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\lxdvscw.dll
MOD - [2007/08/10 01:12:14 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark X5400 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007/07/20 06:30:02 | 000,188,416 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdvdatr.dll
MOD - [2006/12/28 10:47:42 | 000,073,728 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxdvcats.dll
MOD - [2001/06/21 16:56:16 | 000,118,784 | ---- | M] () -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\KeyHook.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/11/12 09:26:54 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/09/12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/27 20:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/08/17 12:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/06/10 21:41:32 | 001,575,184 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
SRV - [2011/05/21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/13 13:21:14 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/24 20:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/07/14 01:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/18 15:53:54 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdvcoms.exe -- (lxdv_device)
SRV - [2007/10/18 15:53:42 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdvserv.exe -- (lxdvCATSCustConnectService)
SRV - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - [2012/08/30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/07/30 12:32:08 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/07/30 12:32:08 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/03/07 00:06:00 | 011,407,680 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/22 16:38:52 | 000,051,976 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\networx.sys -- (networx)
DRV - [2011/07/28 18:37:10 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011/06/10 21:41:02 | 000,086,544 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\bckd.sys -- (bckd)
DRV - [2010/11/20 12:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 12:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 12:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 09:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 09:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/06/14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/30 23:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009/07/13 22:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/06/22 21:35:00 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=176&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-IE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 1A D0 1F 9C 9A CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111252&babsrc=SP_ss&mntrId=ee2701d1000000000000001e8c985815
IE - HKCU\..\SearchScopes\{12938AA7-0331-4942-AE9D-0EF4BEAC8702}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647960&src=kw&q={searchTerms}&locale=&apn_ptnrs=8R&apn_dtid=YYYYYYYYIE&apn_uid=23D0B094-0A4B-421A-B3BE-73BDD9FC8AAB&apn_sauid=60A18FF5-D6F6-4C7E-9C02-754D77F0E577&
IE - HKCU\..\SearchScopes\{8D96D42A-3899-40A6-A014-9CEC90F00FE0}: "URL" = http://uk.search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=937811&p={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=176&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2548838
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=VDJ&o=41647960&locale=en_EU&apn_uid=23D0B094-0A4B-421A-B3BE-73BDD9FC8AAB&apn_ptnrs=8R&apn_sauid=60A18FF5-D6F6-4C7E-9C02-754D77F0E577&apn_dtid=YYYYYYYYIE&&q="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.startup.homepage: "http://eu.ask.com/?l=dis&o=41647960&gct=hp"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\cammilus\AppData\Local\Roblox\Versions\version-322083e762564446\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/06 18:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/18 09:18:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\info@bflix.info: C:\Users\cammilus\AppData\Roaming\Mozilla\Firefox\Profiles\bx28i25c.default\extensions\info@bflix.info [2012/03/02 23:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/06 18:17:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/18 09:19:08 | 000,000,000 | ---D | M]

[2012/06/15 19:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cammilus\AppData\Roaming\mozilla\Extensions
[2012/06/15 19:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cammilus\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012/11/02 16:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions
[2012/03/18 22:34:28 | 000,000,000 | ---D | M] (uTorrentControl Community Toolbar) -- C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\{e9df9360-97f8-4690-afe6-996c80790da4}
[2012/03/04 01:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com
[2012/03/02 23:12:57 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\info@bflix.info
[2012/11/02 16:04:51 | 000,000,000 | ---D | M] (VirtualDJ Toolbar) -- C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\toolbar@ask.com
[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\cammilus\AppData\Roaming\mozilla\firefox\profiles\bx28i25c.default\searchplugins\askcom.xml
[2012/06/06 18:17:13 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\cammilus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\cammilus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\cammilus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\cammilus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TheBflix Class) - {21C9A6D6-852A-4B46-81E6-7793039B4725} - C:\ProgramData\TheBflix\bhoclass.dll (Injector)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (uTorrentControl Toolbar) - {e9df9360-97f8-4690-afe6-996c80790da4} - C:\Program Files\uTorrentControl\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (no name) - !{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{e9df9360-97f8-4690-afe6-996c80790da4} - No CLSID value found.
O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (TVersitybar Toolbar) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - C:\Program Files\TVersitybar\tbTVer.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark X5400 Series Fax Server] C:\Program Files\Lexmark X5400 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdvamon] C:\Program Files\Lexmark X5400 Series\lxdvamon.exe ()
O4 - HKLM..\Run: [lxdvmon.exe] C:\Program Files\Lexmark X5400 Series\lxdvmon.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Translate this web page with Babylon - Reg Error: Value error. File not found
O8 - Extra context menu item: Translate with Babylon - Reg Error: Value error. File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D499161C-E412-4834-A2E8-76A6605C063E}: DhcpNameServer = 208.67.222.222 208.67.220.220
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/28 21:34:28 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Roaming\Malwarebytes
[2012/11/28 21:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/28 21:33:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/28 21:33:10 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/28 21:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/26 20:58:02 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Local\{F6CEF7A7-9BCD-4749-836D-2C340C88F0BD}
[2012/11/17 19:09:58 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Local\{B2742968-CC46-4580-AB2B-BF65F91B3D03}
[2012/11/16 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Local\{E58A9FEA-F0DE-476A-8812-DC7125232EC9}
[2012/11/14 19:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/14 19:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/11/12 09:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/11/11 02:03:26 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Local\{C5889B3E-27EF-44C4-837E-8EBB7AB8124A}
[2012/11/07 19:43:12 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Roaming\OpenDNS Updater
[2012/11/07 19:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2012/11/03 17:56:21 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2012/11/02 22:03:12 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2012/11/02 16:04:14 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2012/11/02 16:04:03 | 000,000,000 | ---D | C] -- C:\Users\cammilus\Documents\VirtualDJ
[2012/11/01 13:35:53 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Local\{70B71216-BFAD-4634-AA57-BC36BE9FB42A}
[2012/10/31 15:26:38 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Local\{1AC0B5F7-EDFA-4F86-BCFD-0972ACF65928}
[2012/10/30 13:41:37 | 000,000,000 | ---D | C] -- C:\Users\cammilus\AppData\Local\{D922DAE5-A716-4393-AA82-9A5EA90BB2A5}
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/28 23:44:02 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/28 23:23:13 | 000,000,632 | RHS- | M] () -- C:\Users\cammilus\ntuser.pol
[2012/11/28 22:59:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/28 22:53:59 | 000,629,052 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/28 22:53:59 | 000,111,422 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/28 22:00:08 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/28 22:00:08 | 000,013,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/28 21:52:18 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/28 21:52:06 | 000,002,570 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2012/11/28 21:51:03 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/28 21:33:21 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 20:05:41 | 000,005,792 | ---- | M] () -- C:\Users\cammilus\Documents\screenshot 1.png
[2012/11/28 19:59:51 | 000,011,510 | ---- | M] () -- C:\Users\cammilus\Documents\screenshot.png
[2012/11/27 22:52:28 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/11/27 09:22:25 | 000,000,963 | ---- | M] () -- C:\Users\cammilus\Desktop\Netgear DG834 Router - Shortcut.lnk
[2012/11/26 18:47:19 | 000,002,326 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/15 10:10:25 | 000,346,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/14 19:05:51 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/12 10:22:35 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/11/11 19:59:29 | 000,001,679 | ---- | M] () -- C:\ProgramData\lxdv
[2012/11/03 17:56:21 | 000,001,362 | ---- | M] () -- C:\Users\cammilus\Desktop\ROBLOX Player.lnk
[2012/11/02 22:03:16 | 000,001,010 | ---- | M] () -- C:\Users\cammilus\Desktop\VirtualDJ Home FREE.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/28 21:33:21 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/28 20:05:41 | 000,005,792 | ---- | C] () -- C:\Users\cammilus\Documents\screenshot 1.png
[2012/11/28 19:59:51 | 000,011,510 | ---- | C] () -- C:\Users\cammilus\Documents\screenshot.png
[2012/11/27 09:22:25 | 000,000,963 | ---- | C] () -- C:\Users\cammilus\Desktop\Netgear DG834 Router - Shortcut.lnk
[2012/11/14 23:37:35 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 23:36:48 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/14 19:05:51 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/07 19:43:13 | 000,002,023 | ---- | C] () -- C:\Users\cammilus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2012/11/03 17:56:21 | 000,001,362 | ---- | C] () -- C:\Users\cammilus\Desktop\ROBLOX Player.lnk
[2012/11/02 21:49:37 | 000,001,010 | ---- | C] () -- C:\Users\cammilus\Desktop\VirtualDJ Home FREE.lnk
[2012/09/23 18:42:07 | 000,003,584 | ---- | C] () -- C:\Users\cammilus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/09 08:46:05 | 000,001,679 | ---- | C] () -- C:\ProgramData\lxdv
[2012/06/30 22:26:16 | 000,000,214 | ---- | C] () -- C:\Users\cammilus\.swfinfo
[2012/05/26 22:05:25 | 000,000,220 | ---- | C] () -- C:\Users\cammilus\AppData\Roaming\.ptbt1
[2012/01/21 15:19:22 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2012/01/21 15:19:21 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011/10/18 20:39:42 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/13 22:18:47 | 000,187,904 | ---- | C] () -- C:\Windows\System32\Lame.exe
[2011/08/13 22:18:47 | 000,166,912 | ---- | C] () -- C:\Windows\System32\Lame_enc.dll
[2011/08/13 21:59:29 | 000,679,936 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/13 21:59:29 | 000,155,648 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/04/22 20:57:53 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
[2011/04/14 20:14:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/14 19:50:53 | 000,006,136 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011/04/13 19:30:00 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdvoem.dll
[2011/04/13 19:30:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXDVPMON.DLL
[2011/04/13 19:30:00 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXDVFXPU.DLL
[2011/04/13 19:29:02 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdvserv.dll
[2011/04/13 19:29:02 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\lxdvusb1.dll
[2011/04/13 19:29:02 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\LXDVhcp.dll
[2011/04/13 19:29:02 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdvinpa.dll
[2011/04/13 19:29:02 | 000,348,160 | ---- | C] () -- C:\Windows\System32\LXDVinst.dll
[2011/04/13 19:29:02 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdviesc.dll
[2011/04/13 19:29:01 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdvpmui.dll
[2011/04/13 19:29:01 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\lxdvlmpm.dll
[2011/04/13 19:29:01 | 000,320,168 | ---- | C] ( ) -- C:\Windows\System32\lxdvih.exe
[2011/04/13 19:29:01 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdvprox.dll
[2011/04/13 19:29:00 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\lxdvhbn3.dll
[2011/04/13 19:29:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdvgrd.dll
[2011/04/13 19:28:59 | 000,594,600 | ---- | C] ( ) -- C:\Windows\System32\lxdvcoms.exe
[2011/04/13 19:28:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomm.dll
[2011/04/13 19:28:58 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lxdvcomc.dll
[2011/04/13 19:28:58 | 000,365,224 | ---- | C] ( ) -- C:\Windows\System32\lxdvcfg.exe
[2011/04/13 19:10:42 | 000,000,632 | RHS- | C] () -- C:\Users\cammilus\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/08 20:03:10 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\.minecraft
[2011/09/12 18:28:56 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\AnvSoft
[2011/10/09 16:28:53 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Babylon
[2011/06/13 17:38:23 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Canon
[2012/06/15 19:40:12 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Flickr
[2011/08/13 22:05:13 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\HandBrake
[2011/04/13 19:36:57 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Lexmark Productivity Studio
[2012/11/17 20:01:16 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\MiniLyrics
[2012/01/21 11:42:27 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Nokia
[2011/11/14 19:52:03 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Nokia Suite
[2012/11/07 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\OpenDNS Updater
[2011/05/31 08:41:10 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Opera
[2012/02/13 16:13:24 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\PC Suite
[2011/11/04 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Philipp Winterberg
[2011/08/02 23:30:28 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Picturenaut
[2012/06/21 21:47:25 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Samsung
[2012/11/27 00:49:02 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\uTorrent
[2012/01/23 18:18:56 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Windows Live Writer
[2011/12/03 18:56:15 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\X5400 Series
[2012/11/28 23:13:04 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\XBMC

========== Purity Check ==========


< End of report >

ASJ112

turn off spybot/tea timer before you do this


open OTL copy and paste this in the custom scan/fixes box


:OTL
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&...q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={search...00001e8c985815
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&...q={searchTerms}
[2012/03/04 01:39:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O8 - Extra context menu item: Translate this web page with Babylon - Reg Error: Value error. File not found
O8 - Extra context menu item: Translate with Babylon - Reg Error: Value error. File not found
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2011/10/09 16:28:53 | 000,000,000 | ---D | M] -- C:\Users\cammilus\AppData\Roaming\Babylon

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
C:\Program Files\Windows iLivid Toolbar

click run fix post the log it gives

unit 1

OK followed your instructions and got this.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\cammilus\AppData\Roaming\mozilla\Firefox\Profiles\bx28i25c.default\extensions\ffxtlbr@babylon.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
C:\ProgramData\SPL6C7C.tmp deleted successfully.
C:\ProgramData\SPL752.tmp deleted successfully.
C:\ProgramData\SPL8AAC.tmp deleted successfully.
C:\Windows\System32\ConduitEngine.tmp deleted successfully.
C:\Users\cammilus\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: cammilus
->Temp folder emptied: 8986939 bytes
->Temporary Internet Files folder emptied: 16156626 bytes
->Java cache emptied: 667087 bytes
->Google Chrome cache emptied: 226590064 bytes
->Flash cache emptied: 523 bytes

User: carmel
->Temp folder emptied: 7666839 bytes
->Temporary Internet Files folder emptied: 183057807 bytes
->Java cache emptied: 565941 bytes
->Google Chrome cache emptied: 119405301 bytes
->Flash cache emptied: 63292 bytes

User: Default

User: Default User

User: enda
->Temp folder emptied: 32690439 bytes
->Temporary Internet Files folder emptied: 991250235 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 260499965 bytes
->Flash cache emptied: 172790 bytes

User: Public

User: stephen
->Temp folder emptied: 214806627 bytes
->Temporary Internet Files folder emptied: 1593785426 bytes
->Java cache emptied: 662483 bytes
->FireFox cache emptied: 6878623 bytes
->Google Chrome cache emptied: 238387755 bytes
->Flash cache emptied: 131854 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 122287 bytes
RecycleBin emptied: 81178690 bytes

Total Files Cleaned = 3,799.00 mb


[EMPTYFLASH]

User: All Users

User: cammilus
->Flash cache emptied: 492 bytes

User: carmel
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: enda
->Flash cache emptied: 0 bytes

User: Public

User: stephen
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: cammilus
->Java cache emptied: 0 bytes

User: carmel
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: enda
->Java cache emptied: 0 bytes

User: Public

User: stephen
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < C:\Program Files\Windows iLivid Toolbar> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 11292012_215453
Files\Folders moved on Reboot...
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YVBOOOSO\01[1].htm not found!
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YVBOOOSO\banner[1].htm not found!
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YVBOOOSO\push[1].htm not found!
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TNHNHAM9\ads[2].htm not found!
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RBHSWE35\banner[1].htm not found!
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KVSVNIQF\01[1].htm not found!
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KVSVNIQF\ads[3].htm not found!
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GSLZ50KU\01[1].htm not found!
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CG414NTD\01[1].htm not found!
File\Folder C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\99KNJEHO\showthread[1].htm not found!
C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\cammilus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

ASJ112

are the doubleclick ads still there ?

unit 1

Its still there sporadically when I right click the back button.
It also only seems to happen when I'm in bargain alerts, its a nuisance but I hope its nothing more sinister than that.
Thanks for your help so far.

ASJ112

Which browsers is it happening in, firefox or chrome, or both ?


can you update mbam run a quick scan and post that log

unit 1

Ok so I'm using internet explorer, and heres what I got .

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.01.09
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
cammilus :: CAMMILUS-PC [administrator]
01/12/2012 22:31:25
mbam-log-2012-12-01 (22-31-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 282135
Time elapsed: 7 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

I dont use firefox or chrome but will try chrome and see what happens.

ASJ112

Tell me if it happens in firefox or chrome. Also do this

open OTL copy and paste this in the custom scan/fixes box


:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\URLSearchHook: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - No CLSID value found

:Files
ipconfig /flushdns /c
C:\Program Files\Windows iLivid Toolbar

click run fix post the log it gives


and tell me if its still occurring.

unit 1

Seems ok using chrome, hav'nt tried firefox as I've not installed it yet.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\cammilus\Downloads\cmd.bat deleted successfully.
C:\Users\cammilus\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.

OTL by OldTimer - Version 3.2.69.0 log created on 12022012_191722

ASJ112

still happening in internet explorer after that fix ?

unit 1

Yep its still there, but I could swear there seemed to be a different text in one of its recent appearances.


[IMG]http://[/img]

mitosis

I've been getting it also. On work PCs and home. Only on Boards.ie. It's a function of the adverts in my opinion, as they contain Google tracking.

unit 1

Anyone have any more ideas on this prob, as its still there. It sure is a right pita. Thanks to those who helped already.

ASJ112

See if this helps

Install Ghostery extension for internet explorer

https://www.ghostery.com/download


and download and run adwcleaner

http://www.bleepingcomputer.com/download/adwcleaner/

unit 1

I dont know if I did anything or not but the problem seems to have disappeared. Thanks for your help one and all and seasons greetings.