Solve : I Mesh search bar.?

1.	Solve : I Mesh search bar.?
Answer» Hi Guys I have I Mesh search bar installed on my laptop running XP and no matter what I do I cannot delete it. I cant find any I Mesh programs or folders and with even doing a fresh install of Firefox its still there. Any help removing this would be welcome Have you looked in Add/Remove?Yea no mention of I Mesh but every time I start Firefox is in the top address bar and main search bar Download FoxScan from HERE Double click on FoxScan.exe to start the scan. DOS-like window will pop-up. Press 2 for English. Press Enter. Be patient. It'll take few minutes. When the tool is done, it'll display: Search completed. Press any key to coninue... Press any key. Notepad window titled Rapport-FS.txt will open. Save the file to known location, and ATTACH it to your next reply.FoxScan Version 1.1.1 By Loup blanc - Zebulon.fr Scan STARTED 01/04/2011 at 23:06 Microsoft Windows XP Professional Service Pack 3 [Version 5.1.2600] Mozilla Firefox version : 4.0 (en-US) Installation folder : C:\Program Files\Mozilla Firefox ================================================================================= ---------- User account : xpuser [Current session] ================================================================================= Profile name : default Profile folder : C:\Documents and Settings\xpuser\Application Data\mozilla\firefox\Profiles\neqb21gd.default\ Start pages prefs.js : "http://search.imesh.com/" //////////// Setting \\\\\\\\\\\\\ ======= Profile name : default ======= Firefox update : Activated Add-on update : Activated Search engines update : Activated Java : Activated Javascript : Activated Proxy : No Proxy //////////// Add-on \\\\\\\\\\\\\ ======= Profile name : default ======= Installation notification for Add-on is enabled //////////// Search plugins \\\\\\\\\\\\\ ======= Profile name : default ======= Search in "prefs.js" : browser.search.defaultenginename : "iMesh Web Search" browser.search.defaulturl : browser.search.selectedEngine : "Google" keyword.URL : "http://search.imesh.com/web?src=ffb&systemid=1&q=" keyword.enable : --------- Search engines found ------------ + Search form configured for the engine ================================================================================= ---------- Common section ================================================================================= //////////// DLL found in C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\ browsercomps.dll ------------------------------------------------------ //////////// Search plugins \\\\\\\\\\\\\ --------- Search engines found ------------ + Search form configured for the engine C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml Template : http://www.amazon.com/exec/obidos/external-search/ C:\Program Files\Mozilla Firefox\searchplugins\bing.xml Template : http://www.bing.com/search C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml Template : http://rover.ebay.com/rover/1/711-47294-18009-3/4 C:\Program Files\Mozilla Firefox\searchplugins\google.xml Template : http://www.google.com/search C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml Template : http://en.wikipedia.org/wiki/Special:Search C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml Template : http://search.yahoo.com/search ------------------------------------------------------ //////////// Plugins set in registry \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe® Flash® Player 10.1 Plugin" "Vendor"="Adobe Systems Incorporated" "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/ShockwavePlayer] "Description"="Adobe Shockwave Player" "Vendor"="Adobe Systems Inc." "Path"="C:\WINDOWS\system32\Adobe\Director\np32dsw.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=] "Description"="iTunes Detector Plug-in" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=1.0] "Vendor"="Apple Inc." "Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@google.com/npPicasa3,version=3.0.0] "Description"="Picasa3 plugin" "Vendor"="Google, Inc." "Path"="C:\Program Files\Google\Picasa3\npPicasa3.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@java.com/JavaPlugin] "Description"="Oracle® Next Generation Java™ Plug-In" "Vendor"="Oracle Corp." "Path"="C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5] "Description"="Windows Presentation Foundation plug-in for Mozilla browsers" "Vendor"="Microsoft Corp." "Path"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll" ------------------------------------------------------ //////////// Additional search... \\\\\\\\\\\\\ ==== Additional extension ==== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" "[emailprotected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 4.0\extensions] =========================== End of report =========================== OK, I can see it present. Let's try to get rid of it. Download OTL to your Desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. Click the Scan All Users checkbox. Click the Quick Scan BUTTON. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here. ========== Processes (SafeList) ========== PRC - [2011/04/01 23:19:27 \| 000,580,608 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe PRC - [2011/02/01 21:00:38 \| 002,548,552 \| ---- \| M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PRC - [2011/02/01 21:00:23 \| 001,803,224 \| ---- \| M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2010/05/14 11:44:46 \| 000,501,480 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2010/03/04 23:38:00 \| 000,071,096 \| ---- \| M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008/04/14 12:00:00 \| 001,540,608 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/18 16:27:12 \| 000,013,312 \| ---- \| M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exeMOD - [2011/04/01 23:19:27 \| 000,580,608 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe MOD - [2011/01/11 19:49:19 \| 000,285,480 \| ---- \| M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2010/08/23 17:12:02 \| 001,054,208 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dllSRV - File not found [On_Demand \| Stopped] -- -- (WPFFontCache_v0400) SRV - File not found [Disabled \| Stopped] -- -- (HidServ) SRV - File not found [Auto \| Stopped] -- -- (.EsetTrialReset) SRV - [2011/02/01 21:00:23 \| 001,803,224 \| ---- \| M] (COMODO) [Auto \| Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2010/03/04 23:38:00 \| 000,071,096 \| ---- \| M] () [Auto \| Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2008/03/18 16:27:12 \| 000,013,312 \| ---- \| M] (Agere Systems) [Auto \| Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)DRV - [2011/01/11 19:49:16 \| 000,239,368 \| ---- \| M] (COMODO) [File_System \| System \| Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2011/01/11 19:49:16 \| 000,015,592 \| ---- \| M] (COMODO) [File_System \| System \| Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd) DRV - [2010/09/13 16:27:24 \| 000,025,680 \| ---- \| M] (AVG Technologies CZ, s.r.o. ) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2009/12/30 11:20:54 \| 000,027,064 \| ---- \| M] (VS Revo Group) [File_System \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/11/12 14:48:56 \| 000,007,168 \| ---- \| M] () [File_System \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/11/17 15:23:16 \| 003,636,864 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008/10/23 01:58:36 \| 001,391,104 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008/05/23 18:51:02 \| 000,024,624 \| ---- \| M] (Hewlett-Packard Corporation) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008/05/23 18:50:16 \| 000,028,592 \| ---- \| M] (Hewlett-Packard Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008/04/28 20:22:10 \| 000,009,344 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008/03/21 16:13:00 \| 001,203,776 \| ---- \| M] (Agere Systems) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007/12/14 04:21:56 \| 000,290,816 \| ---- \| M] (Texas Instruments) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2007/08/28 09:47:36 \| 000,146,560 \| ---- \| M] (AuthenTec, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/06/18 16:12:04 \| 000,016,768 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/05/09 08:27:00 \| 000,097,280 \| ---- \| M] (Texas Instruments) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21) DRV - [2007/01/23 20:13:26 \| 000,036,608 \| ---- \| M] (Infineon Technologies AG) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006/02/27 10:45:48 \| 001,342,602 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006/02/27 10:43:06 \| 000,057,096 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005/10/26 04:01:02 \| 000,142,720 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2001/08/17 13:10:28 \| 000,035,913 \| ---- \| M] (SMC) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)You need to post a whole log, including its header.sorry OTL logfile created on: 01/04/2011 23:20:21 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\xpuser\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory \| 1.00 Gb Available Physical Memory \| 75.00% Memory free 3.00 Gb Paging File \| 3.00 Gb Available in Paging File \| 87.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 55.90 Gb Total Space \| 31.82 Gb Free Space \| 56.92% Space Free \| Partition Type: NTFS Computer Name: XPLAPTOP \| User Name: xpuser \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/04/01 23:19:27 \| 000,580,608 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe PRC - [2011/02/01 21:00:38 \| 002,548,552 \| ---- \| M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe PRC - [2011/02/01 21:00:23 \| 001,803,224 \| ---- \| M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe PRC - [2010/05/14 11:44:46 \| 000,501,480 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2010/03/04 23:38:00 \| 000,071,096 \| ---- \| M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe PRC - [2008/04/14 12:00:00 \| 001,540,608 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/03/18 16:27:12 \| 000,013,312 \| ---- \| M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe ========== Modules (SafeList) ========== MOD - [2011/04/01 23:19:27 \| 000,580,608 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe MOD - [2011/01/11 19:49:19 \| 000,285,480 \| ---- \| M] (COMODO) -- C:\WINDOWS\system32\guard32.dll MOD - [2010/08/23 17:12:02 \| 001,054,208 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand \| Stopped] -- -- (WPFFontCache_v0400) SRV - File not found [Disabled \| Stopped] -- -- (HidServ) SRV - File not found [Auto \| Stopped] -- -- (.EsetTrialReset) SRV - [2011/02/01 21:00:23 \| 001,803,224 \| ---- \| M] (COMODO) [Auto \| Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent) SRV - [2010/03/04 23:38:00 \| 000,071,096 \| ---- \| M] () [Auto \| Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2008/03/18 16:27:12 \| 000,013,312 \| ---- \| M] (Agere Systems) [Auto \| Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2011/01/11 19:49:16 \| 000,239,368 \| ---- \| M] (COMODO) [File_System \| System \| Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard) DRV - [2011/01/11 19:49:16 \| 000,015,592 \| ---- \| M] (COMODO) [File_System \| System \| Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd) DRV - [2010/09/13 16:27:24 \| 000,025,680 \| ---- \| M] (AVG Technologies CZ, s.r.o. ) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2009/12/30 11:20:54 \| 000,027,064 \| ---- \| M] (VS Revo Group) [File_System \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/11/12 14:48:56 \| 000,007,168 \| ---- \| M] () [File_System \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008/11/17 15:23:16 \| 003,636,864 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008/10/23 01:58:36 \| 001,391,104 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX) DRV - [2008/05/23 18:51:02 \| 000,024,624 \| ---- \| M] (Hewlett-Packard Corporation) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2008/05/23 18:50:16 \| 000,028,592 \| ---- \| M] (Hewlett-Packard Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2008/04/28 20:22:10 \| 000,009,344 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008/03/21 16:13:00 \| 001,203,776 \| ---- \| M] (Agere Systems) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2007/12/14 04:21:56 \| 000,290,816 \| ---- \| M] (Texas Instruments) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2007/08/28 09:47:36 \| 000,146,560 \| ---- \| M] (AuthenTec, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007/06/18 16:12:04 \| 000,016,768 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/05/09 08:27:00 \| 000,097,280 \| ---- \| M] (Texas Instruments) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21) DRV - [2007/01/23 20:13:26 \| 000,036,608 \| ---- \| M] (Infineon Technologies AG) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2006/02/27 10:45:48 \| 001,342,602 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2006/02/27 10:43:06 \| 000,057,096 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2005/10/26 04:01:02 \| 000,142,720 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2001/08/17 13:10:28 \| 000,035,913 \| ---- \| M] (SMC) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/ IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginen ame: "iMesh Web Search" FF - prefs.js..browser.search.order.1: "iMesh Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: [emailprotected]:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 21:20:29 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/31 21:20:20 \| 000,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\[emailprotected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/09/15 13:45:19 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\xpuser\Application Data\Mozilla\Extensions [2011/03/28 18:12:44 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\xpuser\Application Data\Mozilla\Firefox\Profiles\neqb21gd.default\extensions [2010/09/18 07:31:39 \| 000,000,000 \| ---D \| M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\xpuser\Application Data\Mozilla\Firefox\Profiles\neqb21gd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/03/31 21:20:29 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/09/15 14:20:25 \| 000,000,000 \| ---D \| M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/10/19 00:34:00 \| 000,000,000 \| ---D \| M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} File not found (No name found) -- [2010/09/15 14:20:16 \| 000,000,000 \| ---D \| M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/03/18 18:53:24 \| 000,142,296 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010/09/15 04:50:38 \| 000,472,808 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/12/09 11:47:06 \| 000,012,800 \| ---- \| M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010/01/01 09:00:00 \| 000,002,252 \| ---- \| M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml O1 HOSTS File: ([2010/10/20 18:59:48 \| 000,422,409 \| R--- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1www.007guard.com O1 - Hosts: 127.0.0.1007guard.com O1 - Hosts: 127.0.0.1008i.com O1 - Hosts: 127.0.0.1www.008k.com O1 - Hosts: 127.0.0.1008k.com O1 - Hosts: 127.0.0.1www.00hq.com O1 - Hosts: 127.0.0.100hq.com O1 - Hosts: 127.0.0.1010402.com O1 - Hosts: 127.0.0.1www.032439.com O1 - Hosts: 127.0.0.1032439.com O1 - Hosts: 127.0.0.1www.0scan.com O1 - Hosts: 127.0.0.10scan.com O1 - Hosts: 127.0.0.11000gratisproben.com O1 - Hosts: 127.0.0.1www.1000gratisproben.com O1 - Hosts: 127.0.0.11001namen.com O1 - Hosts: 127.0.0.1www.1001namen.com O1 - Hosts: 127.0.0.1100888290cs.com O1 - Hosts: 127.0.0.1www.100888290cs.com O1 - Hosts: 127.0.0.1www.100sexlinks.com O1 - Hosts: 127.0.0.1100sexlinks.com O1 - Hosts: 127.0.0.110sek.com O1 - Hosts: 127.0.0.1www.10sek.com O1 - Hosts: 127.0.0.1www.1-2005-search.com O1 - Hosts: 127.0.0.11-2005-search.com O1 - Hosts: 14566 more lines... O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - Startup: C:\Documents and Settings\xpuser\Start Menu\Programs\Startup\Thoose.lnk = C:\Program Files\Thoosje\thoosje vista sidebar\Thoosje Sidebar.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284550376908 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab (e-Safekey) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AUTORUN - 1 O32 - AutoRun File - [2010/09/15 06:13:25 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/04/01 23:19:22 \| 000,580,608 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe [2011/03/31 21:52:19 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2011/03/31 21:52:19 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\xpuser\Start Menu\Programs\HiJackThis [2011/03/31 21:19:02 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Safari [2011/03/31 21:11:39 \| 000,000,000 \| RH-D \| C] -- C:\Documents and Settings\xpuser\Recent [2011/03/31 18:48:27 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\xpuser\Local Settings\Application Data\VS Revo Group [2011/03/31 18:48:16 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro [2011/03/31 18:48:15 \| 000,027,064 \| ---- \| C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys [2011/03/31 18:48:13 \| 000,000,000 \| ---D \| C] -- C:\Program Files\VS Revo Group [2011/03/31 18:45:32 \| 007,809,352 \| ---- \| C] (VS Revo Group ) -- C:\Documents and Settings\xpuser\Desktop\RevoUninProSetup.exe [2011/03/30 20:36:17 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\Sun [2011/03/30 18:16:31 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\xpuser\Desktop\berries [2011/03/23 21:10:19 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Bonjour [7 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] [3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/01 23:19:34 \| 001,474,832 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\sfi.dat [2011/04/01 23:19:27 \| 000,580,608 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe [2011/04/01 23:04:07 \| 000,445,238 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2011/04/01 23:04:07 \| 000,073,034 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2011/04/01 23:00:18 \| 000,013,646 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2011/04/01 22:59:38 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2011/03/31 21:55:15 \| 000,112,998 \| ---- \| M] () -- C:\Documents and Settings\xpuser\Desktop\FoxScan.exe [2011/03/31 21:52:51 \| 000,002,449 \| ---- \| M] () -- C:\Documents and Settings\xpuser\Desktop\HiJackThis.lnk [2011/03/31 21:51:50 \| 001,402,880 \| ---- \| M] () -- C:\Documents and Settings\xpuser\Desktop\HijackThis.msi [2011/03/31 21:20:43 \| 000,000,742 \| ---- \| M] () -- C:\Documents and Settings\xpuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2011/03/31 21:20:43 \| 000,000,724 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/03/31 21:19:16 \| 000,001,854 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2011/03/31 21:19:16 \| 000,001,854 \| ---- \| M] () -- C:\Documents and Settings\xpuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/03/31 18:48:17 \| 000,000,925 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk [2011/03/31 18:46:06 \| 007,809,352 \| ---- \| M] (VS Revo Group ) -- C:\Documents and Settings\xpuser\Desktop\RevoUninProSetup.exe [2011/03/30 18:56:03 \| 000,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/03/26 04:10:52 \| 834,584,576 \| ---- \| M] () -- C:\Documents and Settings\xpuser\Desktop\Tron.Legacy.2010.DVDRip.XviD-EVO.avi [2011/03/14 01:58:05 \| 000,003,584 \| ---- \| M] () -- C:\Documents and Settings\xpuser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/13 13:31:13 \| 000,023,392 \| ---- \| M] () -- C:\WINDOWS\System32\nscompat.tlb [2011/03/13 13:31:13 \| 000,016,832 \| ---- \| M] () -- C:\WINDOWS\System32\amcompat.tlb [2011/03/12 01:16:21 \| 000,126,495 \| ---- \| M] () -- C:\Documents and Settings\xpuser\My Documents\hosts.zip [2011/03/07 20:14:45 \| 000,000,800 \| ---- \| M] () -- C:\Documents and Settings\xpuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [7 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] [3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/31 21:55:15 \| 000,112,998 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Desktop\FoxScan.exe [2011/03/31 21:52:20 \| 000,002,449 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Desktop\HiJackThis.lnk [2011/03/31 21:51:45 \| 001,402,880 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Desktop\HijackThis.msi [2011/03/31 21:20:43 \| 000,000,730 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk [2011/03/31 21:20:43 \| 000,000,724 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2011/03/31 21:19:16 \| 000,001,854 \| ---- \| C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk [2011/03/31 21:19:16 \| 000,001,854 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2011/03/31 21:19:16 \| 000,001,854 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/03/31 18:48:17 \| 000,000,925 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk [2011/03/28 20:43:54 \| 834,584,576 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Desktop\Tron.Legacy.2010.DVDRip.XviD-EVO.avi [2011/03/19 01:56:41 \| 000,017,216 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Desktop\Kelly2.jpg [2011/03/19 01:56:15 \| 000,009,353 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Desktop\kelly.jpg [2011/03/18 21:14:51 \| 268,435,456 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Desktop\data.img [2011/03/14 01:58:05 \| 000,003,584 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/03/14 01:39:05 \| 183,391,088 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Desktop\How_I_Met_Your_Mother.4x01.Do_I_Know_You.HDTV_XviD-FoV.[VTV].avi [2011/03/13 13:31:01 \| 000,002,528 \| ---- \| C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc [2011/03/12 01:16:16 \| 000,126,495 \| ---- \| C] () -- C:\Documents and Settings\xpuser\My Documents\hosts.zip [2011/03/07 20:14:07 \| 000,000,788 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Start Menu\Programs\Windows Media Player.lnk [2010/12/28 13:49:39 \| 000,002,528 \| ---- \| C] () -- C:\Documents and Settings\xpuser\Application Data\$_hpcst$.hpc [2010/10/02 22:45:58 \| 000,000,664 \| ---- \| C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/10/02 09:38:52 \| 001,474,832 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\sfi.dat [2010/09/29 23:36:39 \| 000,056,428 \| -H-- \| C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/09/15 17:40:03 \| 000,165,376 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2010/09/15 17:29:30 \| 000,007,168 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010/09/15 14:13:24 \| 000,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2010/09/15 13:27:26 \| 000,000,000 \| ---- \| C] () -- C:\WINDOWS\nsreg.dat [2010/09/15 13:03:59 \| 000,004,161 \| ---- \| C] () -- C:\WINDOWS\ODBCINST.INI [2010/09/15 13:02:42 \| 000,270,192 \| ---- \| C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/09/15 12:34:32 \| 000,147,456 \| ---- \| C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll [2010/09/15 06:15:36 \| 000,002,048 \| --S- \| C] () -- C:\WINDOWS\bootstat.dat [2010/09/15 06:09:58 \| 000,021,640 \| ---- \| C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010/01/11 08:24:40 \| 000,001,683 \| ---- \| C] () -- C:\WINDOWS\System32\oeminfo.ini [2008/04/14 12:00:00 \| 000,673,088 \| ---- \| C] () -- C:\WINDOWS\System32\mlang.dat [2008/04/14 12:00:00 \| 000,445,238 \| ---- \| C] () -- C:\WINDOWS\System32\perfh009.dat [2008/04/14 12:00:00 \| 000,272,128 \| ---- \| C] () -- C:\WINDOWS\System32\perfi009.dat [2008/04/14 12:00:00 \| 000,218,003 \| ---- \| C] () -- C:\WINDOWS\System32\dssec.dat [2008/04/14 12:00:00 \| 000,073,034 \| ---- \| C] () -- C:\WINDOWS\System32\perfc009.dat [2008/04/14 12:00:00 \| 000,046,258 \| ---- \| C] () -- C:\WINDOWS\System32\mib.bin [2008/04/14 12:00:00 \| 000,028,626 \| ---- \| C] () -- C:\WINDOWS\System32\perfd009.dat [2008/04/14 12:00:00 \| 000,004,569 \| ---- \| C] () -- C:\WINDOWS\System32\secupd.dat [2008/04/14 12:00:00 \| 000,001,804 \| ---- \| C] () -- C:\WINDOWS\System32\Dcache.bin [2008/04/14 12:00:00 \| 000,000,741 \| ---- \| C] () -- C:\WINDOWS\System32\noise.dat [2008/02/15 21:21:56 \| 000,147,456 \| ---- \| C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2006/02/27 10:51:36 \| 000,090,112 \| ---- \| C] () -- C:\WINDOWS\System32\btprn2k.dll [2003/01/07 15:05:08 \| 000,002,695 \| ---- \| C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/05/28 06:55:42 \| 013,107,200 \| ---- \| C] () -- C:\WINDOWS\System32\oembios.bin [2002/05/28 06:54:40 \| 000,004,605 \| ---- \| C] () -- C:\WINDOWS\System32\oembios.dat [2001/11/14 06:56:00 \| 001,802,240 \| ---- \| C] () -- C:\WINDOWS\System32\lcppn21.dll ========== LOP Check ========== [2010/09/15 18:24:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems [2010/09/30 23:47:40 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AVG10 [2010/09/15 17:29:37 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited [2010/09/29 23:11:52 \| 000,000,000 \| -H-D \| M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2010/09/30 22:55:28 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey [2010/09/15 16:32:26 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\ESET [2010/09/29 23:10:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2010/09/15 17:38:56 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010/09/29 08:51:01 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xpuser\Application Data\ACD Systems [2010/09/16 07:39:57 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xpuser\Application Data\Auslogics [2010/09/29 23:13:03 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xpuser\Application Data\AVG10 [2010/09/15 17:29:38 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\xpuser\Application Data\Canneverbe Limited ========== Purity Check ========== < End of report >OTL Extras logfile created on: 01/04/2011 23:20:21 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\xpuser\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory \| 1.00 Gb Available Physical Memory \| 75.00% Memory free 3.00 Gb Paging File \| 3.00 Gb Available in Paging File \| 87.00% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 55.90 Gb Total Space \| 31.82 Gb Free Space \| 56.92% Space Free \| Partition Type: NTFS Computer Name: XPLAPTOP \| User Name: xpuser \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Quick Scan Company Name Whitelist: On \| Skip Microsoft Files: On \| No Company Name Whitelist: On \| File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems) Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroad cast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroad cast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe::Enabled:iMesh [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe::Enabled:AVG Installer "C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe::Enabled:iMesh "C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe::Enabled:Winamp -- (Nullsoft, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support "{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1 "{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System "{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C73F2967-062E-48F2-A462-D335B8950183}" = Safari "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Agere Systems Soft Modem" = Agere Systems HDA Modem "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "CCleaner" = CCleaner "HDMI" = Intel(R) Graphics Media Accelerator Driver "ie8" = Windows Internet Explorer 8 "InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers. "KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Picasa 3" = Picasa 3 "Seven Remix XP" = Seven Remix XP 2.41 "Soulseek2" = SoulSeek 157 NS 13e "Startup Manager 1.5_is1" = Startup Manager 1.5 "SynTPDeinstKey" = Synaptics Pointing Device Driver "Thoosje Windows 7 Logon Editor" = Thoosje Windows 7 Logon Editor "Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions "VLC media player" = VLC media player 1.1.4 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Detector Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 31/03/2011 14:23:24 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 41531 Error - 31/03/2011 14:23:26 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 31/03/2011 14:23:26 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 43484 Error - 31/03/2011 14:23:26 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 43484 Error - 31/03/2011 14:23:28 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 31/03/2011 14:23:28 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 45484 Error - 31/03/2011 14:23:28 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 45484 Error - 31/03/2011 14:23:30 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 31/03/2011 14:23:30 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 47531 Error - 31/03/2011 14:23:30 \| Computer Name = XPLAPTOP \| Source = Bonjour Service \| ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 47531 [ System Events ] Error - 31/03/2011 15:24:22 \| Computer Name = XPLAPTOP \| Source = WMPNetworkSvc \| ID = 866312 Description = A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. Error - 31/03/2011 16:16:08 \| Computer Name = XPLAPTOP \| Source = Service Control Manager \| ID = 7000 Description = The Eset Trial Reset service failed to start due to the following error: %%2 Error - 31/03/2011 16:16:14 \| Computer Name = XPLAPTOP \| Source = WMPNetworkSvc \| ID = 866312 Description = A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. Error - 31/03/2011 16:16:15 \| Computer Name = XPLAPTOP \| Source = WMPNetworkSvc \| ID = 866312 Description = A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. Error - 01/04/2011 13:34:20 \| Computer Name = XPLAPTOP \| Source = Service Control Manager \| ID = 7000 Description = The Eset Trial Reset service failed to start due to the following error: %%2 Error - 01/04/2011 13:34:31 \| Computer Name = XPLAPTOP \| Source = WMPNetworkSvc \| ID = 866312 Description = A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. Error - 01/04/2011 13:34:33 \| Computer Name = XPLAPTOP \| Source = WMPNetworkSvc \| ID = 866312 Description = A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. Error - 01/04/2011 18:00:02 \| Computer Name = XPLAPTOP \| Source = Service Control Manager \| ID = 7000 Description = The Eset Trial Reset service failed to start due to the following error: %%2 Error - 01/04/2011 18:00:13 \| Computer Name = XPLAPTOP \| Source = WMPNetworkSvc \| ID = 866312 Description = A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. Error - 01/04/2011 18:00:15 \| Computer Name = XPLAPTOP \| Source = WMPNetworkSvc \| ID = 866312 Description = A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0x80070057'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service. < End of report >Run OTL Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following Code: [Select]:OTL SRV - File not found [Auto \| Stopped] -- -- (.EsetTrialReset) IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/ FF - prefs.js..browser.search.defaultenginen ame: "iMesh Web Search" FF - prefs.js..browser.search.order.1: "iMesh Web Search" FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/" FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q=" O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found. O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [7 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> ] [3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> ] :Services :Reg :Files C:\Program Files\iMesh Applications :Commands [purity] [emptytemp] [emptyflash] [Reboot] Then click the [color="#FF0000"]Run Fix[/color] button at the top Let the program run unhindered, reboot the PC when it is done You will get a log that shows the results of the fix. Please post it. All processes killed ========== OTL ========== Service .EsetTrialReset stopped successfully! Service .EsetTrialReset deleted successfully! HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page\| /E : value set successfully! Prefs.js: "iMesh Web Search" removed from browser.search.defaultenginen ame Prefs.js: "iMesh Web Search" removed from browser.search.order.1 Prefs.js: "http://search.imesh.com/" removed from browser.startup.homepage Prefs.js: "http://search.imesh.com/web?src=ffb&systemid=1&q=" removed from keyword.URL Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{474597C5-AB09-49d6-A4D5-2E8D7341384E}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. C:\WINDOWS\System32\CONFIG.TMP deleted successfully. C:\WINDOWS\System32\SET46.tmp deleted successfully. C:\WINDOWS\System32\SET6B.tmp deleted successfully. C:\WINDOWS\System32\SET6D.tmp deleted successfully. C:\WINDOWS\System32\SET7B.tmp deleted successfully. C:\WINDOWS\System32\SET93.tmp deleted successfully. C:\WINDOWS\System32\SET9A.tmp deleted successfully. C:\WINDOWS\SET3.tmp deleted successfully. C:\WINDOWS\SET4.tmp deleted successfully. C:\WINDOWS\SET8.tmp deleted successfully. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== File\Folder C:\Program Files\iMesh Applications not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 66512 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: xpuser ->Temp folder emptied: 11450533 bytes ->Temporary Internet Files folder emptied: 49554 bytes ->Java cache emptied: 29695 bytes ->FireFox cache emptied: 54577485 bytes ->Apple Safari cache emptied: 40124416 bytes ->Flash cache emptied: 8154 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 36494408 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12133656 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 148.00 mb [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: xpuser ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04012011_234222 Files\Folders moved on Reboot... C:\Documents and Settings\xpuser\Local Settings\Temp\WCESLog.log moved successfully. Registry entries deleted on Reboot...

Answer»

Hi Guys

I have I Mesh search bar installed on my laptop running XP and no matter what I do I cannot delete it. I cant find any I Mesh programs or folders and with even doing a fresh install of Firefox its still there.

Any help removing this would be welcome Have you looked in Add/Remove?Yea no mention of I Mesh but every time I start Firefox is in the top address bar and main search bar Download FoxScan from HERE

Double click on FoxScan.exe to start the scan.
DOS-like window will pop-up.
Press 2 for English. Press Enter.
Be patient. It'll take few minutes.
When the tool is done, it'll display:

Search completed.
Press any key to coninue...

Press any key.
Notepad window titled Rapport-FS.txt will open.
Save the file to known location, and ATTACH it to your next reply.FoxScan Version 1.1.1
By Loup blanc - Zebulon.fr
Scan STARTED 01/04/2011 at 23:06

Microsoft Windows XP Professional Service Pack 3 [Version 5.1.2600]

Mozilla Firefox version : 4.0 (en-US)
Installation folder : C:\Program Files\Mozilla Firefox

=================================================================================
---------- User account : xpuser [Current session]
=================================================================================

Profile name : default
Profile folder : C:\Documents and Settings\xpuser\Application Data\mozilla\firefox\Profiles\neqb21gd.default\
Start pages prefs.js : "http://search.imesh.com/"

//////////// Setting \\\\\\\\\\\\\
======= Profile name : default =======

Firefox update : Activated
Add-on update : Activated
Search engines update : Activated
Java : Activated
Javascript : Activated
Proxy : No Proxy

//////////// Add-on \\\\\\\\\\\\\

======= Profile name : default =======

Installation notification for Add-on is enabled

//////////// Search plugins \\\\\\\\\\\\\

======= Profile name : default =======

Search in "prefs.js" :

browser.search.defaultenginename : "iMesh Web Search"
browser.search.defaulturl :
browser.search.selectedEngine : "Google"
keyword.URL : "http://search.imesh.com/web?src=ffb&systemid=1&q="
keyword.enable :

--------- Search engines found ------------
+ Search form configured for the engine

=================================================================================
---------- Common section
=================================================================================

//////////// DLL found in C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\

browsercomps.dll

------------------------------------------------------

//////////// Search plugins \\\\\\\\\\\\\

--------- Search engines found ------------
+ Search form configured for the engine

C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
Template : http://www.amazon.com/exec/obidos/external-search/

C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
Template : http://www.bing.com/search

C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
Template : http://rover.ebay.com/rover/1/711-47294-18009-3/4

C:\Program Files\Mozilla Firefox\searchplugins\google.xml
Template : http://www.google.com/search

C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
Template : http://en.wikipedia.org/wiki/Special:Search

C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
Template : http://search.yahoo.com/search

------------------------------------------------------

//////////// Plugins set in registry \\\\\\\\\\\\\

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer]
"Description"="Adobe® Flash® Player 10.1 Plugin"
"Vendor"="Adobe Systems Incorporated"
"Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/ShockwavePlayer]
"Description"="Adobe Shockwave Player"
"Vendor"="Adobe Systems Inc."
"Path"="C:\WINDOWS\system32\Adobe\Director\np32dsw.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=]
"Description"="iTunes Detector Plug-in"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@Apple.com/iTunes,version=1.0]
"Vendor"="Apple Inc."
"Path"="C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@google.com/npPicasa3,version=3.0.0]
"Description"="Picasa3 plugin"
"Vendor"="Google, Inc."
"Path"="C:\Program Files\Google\Picasa3\npPicasa3.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@java.com/JavaPlugin]
"Description"="Oracle® Next Generation Java™ Plug-In"
"Vendor"="Oracle Corp."
"Path"="C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll"

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5]
"Description"="Windows Presentation Foundation plug-in for Mozilla browsers"
"Vendor"="Microsoft Corp."
"Path"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll"

------------------------------------------------------

//////////// Additional search... \\\\\\\\\\\\\

==== Additional extension ====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

"[emailprotected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 4.0\extensions]

=========================== End of report =========================== OK, I can see it present.
Let's try to get rid of it.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan BUTTON. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

========== Processes (SafeList) ==========

PRC - [2011/04/01 23:19:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe
PRC - [2011/02/01 21:00:38 | 002,548,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/02/01 21:00:23 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 12:00:00 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exeMOD - [2011/04/01 23:19:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe
MOD - [2011/01/11 19:49:19 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dllSRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (.EsetTrialReset)
SRV - [2011/02/01 21:00:23 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)DRV - [2011/01/11 19:49:16 | 000,239,368 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/01/11 19:49:16 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/23 18:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 18:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/21 16:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/12/14 04:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/08/28 09:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/09 08:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2007/01/23 20:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/02/27 10:45:48 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/27 10:43:06 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/10/26 04:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)You need to post a whole log, including its header.sorry

OTL logfile created on: 01/04/2011 23:20:21 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\xpuser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 31.82 Gb Free Space | 56.92% Space Free | Partition Type: NTFS

Computer Name: XPLAPTOP | User Name: xpuser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/01 23:19:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe
PRC - [2011/02/01 21:00:38 | 002,548,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/02/01 21:00:23 | 001,803,224 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 12:00:00 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe

========== Modules (SafeList) ==========

MOD - [2011/04/01 23:19:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe
MOD - [2011/01/11 19:49:19 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (.EsetTrialReset)
SRV - [2011/02/01 21:00:23 | 001,803,224 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008/03/18 16:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - [2011/01/11 19:49:16 | 000,239,368 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/01/11 19:49:16 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/09/13 16:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/11/17 15:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/23 18:51:02 | 000,024,624 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/05/23 18:50:16 | 000,028,592 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/03/21 16:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/12/14 04:21:56 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/08/28 09:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/09 08:27:00 | 000,097,280 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2007/01/23 20:13:26 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/02/27 10:45:48 | 001,342,602 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/02/27 10:43:06 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/10/26 04:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginen ame: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [emailprotected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 21:20:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/31 21:20:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\[emailprotected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/09/15 13:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xpuser\Application Data\Mozilla\Extensions
[2011/03/28 18:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\xpuser\Application Data\Mozilla\Firefox\Profiles\neqb21gd.default\extensions
[2010/09/18 07:31:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\xpuser\Application Data\Mozilla\Firefox\Profiles\neqb21gd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/31 21:20:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/15 14:20:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/19 00:34:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010/09/15 14:20:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 18:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2010/10/20 18:59:48 | 000,422,409 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1www.007guard.com
O1 - Hosts: 127.0.0.1007guard.com
O1 - Hosts: 127.0.0.1008i.com
O1 - Hosts: 127.0.0.1www.008k.com
O1 - Hosts: 127.0.0.1008k.com
O1 - Hosts: 127.0.0.1www.00hq.com
O1 - Hosts: 127.0.0.100hq.com
O1 - Hosts: 127.0.0.1010402.com
O1 - Hosts: 127.0.0.1www.032439.com
O1 - Hosts: 127.0.0.1032439.com
O1 - Hosts: 127.0.0.1www.0scan.com
O1 - Hosts: 127.0.0.10scan.com
O1 - Hosts: 127.0.0.11000gratisproben.com
O1 - Hosts: 127.0.0.1www.1000gratisproben.com
O1 - Hosts: 127.0.0.11001namen.com
O1 - Hosts: 127.0.0.1www.1001namen.com
O1 - Hosts: 127.0.0.1100888290cs.com
O1 - Hosts: 127.0.0.1www.100888290cs.com
O1 - Hosts: 127.0.0.1www.100sexlinks.com
O1 - Hosts: 127.0.0.1100sexlinks.com
O1 - Hosts: 127.0.0.110sek.com
O1 - Hosts: 127.0.0.1www.10sek.com
O1 - Hosts: 127.0.0.1www.1-2005-search.com
O1 - Hosts: 127.0.0.11-2005-search.com
O1 - Hosts: 14566 more lines...
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - Startup: C:\Documents and Settings\xpuser\Start Menu\Programs\Startup\Thoose.lnk = C:\Program Files\Thoosje\thoosje vista sidebar\Thoosje Sidebar.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1284550376908 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} https://ebanking.northernbank.co.uk/html/activex/e-Safekey/NB/e-Safekey.cab (e-Safekey)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AUTORUN - 1
O32 - AutoRun File - [2010/09/15 06:13:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/01 23:19:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe
[2011/03/31 21:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/31 21:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xpuser\Start Menu\Programs\HiJackThis
[2011/03/31 21:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/03/31 21:11:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\xpuser\Recent
[2011/03/31 18:48:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xpuser\Local Settings\Application Data\VS Revo Group
[2011/03/31 18:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
[2011/03/31 18:48:15 | 000,027,064 | ---- | C] (VS Revo Group) -- C:\WINDOWS\System32\drivers\revoflt.sys
[2011/03/31 18:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/31 18:45:32 | 007,809,352 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\xpuser\Desktop\RevoUninProSetup.exe
[2011/03/30 20:36:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/03/30 18:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\xpuser\Desktop\berries
[2011/03/23 21:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/01 23:19:34 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/04/01 23:19:27 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\xpuser\Desktop\OTL.exe
[2011/04/01 23:04:07 | 000,445,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/01 23:04:07 | 000,073,034 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/01 23:00:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/01 22:59:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 21:55:15 | 000,112,998 | ---- | M] () -- C:\Documents and Settings\xpuser\Desktop\FoxScan.exe
[2011/03/31 21:52:51 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\xpuser\Desktop\HiJackThis.lnk
[2011/03/31 21:51:50 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\xpuser\Desktop\HijackThis.msi
[2011/03/31 21:20:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\xpuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/31 21:20:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/31 21:19:16 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/03/31 21:19:16 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\xpuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/31 18:48:17 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/03/31 18:46:06 | 007,809,352 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\xpuser\Desktop\RevoUninProSetup.exe
[2011/03/30 18:56:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/26 04:10:52 | 834,584,576 | ---- | M] () -- C:\Documents and Settings\xpuser\Desktop\Tron.Legacy.2010.DVDRip.XviD-EVO.avi
[2011/03/14 01:58:05 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\xpuser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/13 13:31:13 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/13 13:31:13 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/12 01:16:21 | 000,126,495 | ---- | M] () -- C:\Documents and Settings\xpuser\My Documents\hosts.zip
[2011/03/07 20:14:45 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\xpuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/31 21:55:15 | 000,112,998 | ---- | C] () -- C:\Documents and Settings\xpuser\Desktop\FoxScan.exe
[2011/03/31 21:52:20 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\xpuser\Desktop\HiJackThis.lnk
[2011/03/31 21:51:45 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\xpuser\Desktop\HijackThis.msi
[2011/03/31 21:20:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/31 21:20:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/31 21:19:16 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2011/03/31 21:19:16 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/03/31 21:19:16 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\xpuser\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/31 18:48:17 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk
[2011/03/28 20:43:54 | 834,584,576 | ---- | C] () -- C:\Documents and Settings\xpuser\Desktop\Tron.Legacy.2010.DVDRip.XviD-EVO.avi
[2011/03/19 01:56:41 | 000,017,216 | ---- | C] () -- C:\Documents and Settings\xpuser\Desktop\Kelly2.jpg
[2011/03/19 01:56:15 | 000,009,353 | ---- | C] () -- C:\Documents and Settings\xpuser\Desktop\kelly.jpg
[2011/03/18 21:14:51 | 268,435,456 | ---- | C] () -- C:\Documents and Settings\xpuser\Desktop\data.img
[2011/03/14 01:58:05 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\xpuser\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/14 01:39:05 | 183,391,088 | ---- | C] () -- C:\Documents and Settings\xpuser\Desktop\How_I_Met_Your_Mother.4x01.Do_I_Know_You.HDTV_XviD-FoV.[VTV].avi
[2011/03/13 13:31:01 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2011/03/12 01:16:16 | 000,126,495 | ---- | C] () -- C:\Documents and Settings\xpuser\My Documents\hosts.zip
[2011/03/07 20:14:07 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\xpuser\Start Menu\Programs\Windows Media Player.lnk
[2010/12/28 13:49:39 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\xpuser\Application Data\$_hpcst$.hpc
[2010/10/02 22:45:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/02 09:38:52 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/09/29 23:36:39 | 000,056,428 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/09/15 17:40:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/09/15 17:29:30 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/09/15 14:13:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/15 13:27:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/15 13:03:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/15 13:02:42 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/15 12:34:32 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
[2010/09/15 06:15:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/15 06:09:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/11 08:24:40 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/04/14 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 12:00:00 | 000,445,238 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 12:00:00 | 000,073,034 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/02/15 21:21:56 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2006/02/27 10:51:36 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/28 06:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 06:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 06:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/09/15 18:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/09/30 23:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/09/15 17:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/09/29 23:11:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/09/30 22:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\e-Safekey
[2010/09/15 16:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/09/29 23:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/09/15 17:38:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/09/29 08:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xpuser\Application Data\ACD Systems
[2010/09/16 07:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xpuser\Application Data\Auslogics
[2010/09/29 23:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xpuser\Application Data\AVG10
[2010/09/15 17:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\xpuser\Application Data\Canneverbe Limited

========== Purity Check ==========

< End of report >OTL Extras logfile created on: 01/04/2011 23:20:21 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\xpuser\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 75.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.90 Gb Total Space | 31.82 Gb Free Space | 56.92% Space Free | Partition Type: NTFS

Computer Name: XPLAPTOP | User Name: xpuser | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroad cast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroad cast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe" = C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.1
"{75ECB75A-522C-4312-8DE7-597CDA9D96A3}" = HP Mobile Data Protection System
"{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = TIPCI
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{767B964C-D9B4-422D-802B-F7ACBE2D310A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.3.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"Seven Remix XP" = Seven Remix XP 2.41
"Soulseek2" = SoulSeek 157 NS 13e
"Startup Manager 1.5_is1" = Startup Manager 1.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Thoosje Windows 7 Logon Editor" = Thoosje Windows 7 Logon Editor
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31/03/2011 14:23:24 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 41531

Error - 31/03/2011 14:23:26 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 31/03/2011 14:23:26 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 43484

Error - 31/03/2011 14:23:26 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 43484

Error - 31/03/2011 14:23:28 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 31/03/2011 14:23:28 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 45484

Error - 31/03/2011 14:23:28 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 45484

Error - 31/03/2011 14:23:30 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 31/03/2011 14:23:30 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 47531

Error - 31/03/2011 14:23:30 | Computer Name = XPLAPTOP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 47531

[ System Events ]
Error - 31/03/2011 15:24:22 | Computer Name = XPLAPTOP | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 31/03/2011 16:16:08 | Computer Name = XPLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%2

Error - 31/03/2011 16:16:14 | Computer Name = XPLAPTOP | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 31/03/2011 16:16:15 | Computer Name = XPLAPTOP | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 01/04/2011 13:34:20 | Computer Name = XPLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%2

Error - 01/04/2011 13:34:31 | Computer Name = XPLAPTOP | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 01/04/2011 13:34:33 | Computer Name = XPLAPTOP | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 01/04/2011 18:00:02 | Computer Name = XPLAPTOP | Source = Service Control Manager | ID = 7000
Description = The Eset Trial Reset service failed to start due to the following
error: %%2

Error - 01/04/2011 18:00:13 | Computer Name = XPLAPTOP | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

Error - 01/04/2011 18:00:15 | Computer Name = XPLAPTOP | Source = WMPNetworkSvc | ID = 866312
Description = A new media server was not initialized because WMCreateDeviceRegistration()
encountered error '0x80070057'. The Windows Media DRM components on your computer
might be corrupted. Verify that protected files play correctly in Windows Media
Player, and then restart the WMPNetworkSvc service.

< End of report >Run OTL

Under the [color="#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code: [Select]:OTL
SRV - File not found [Auto | Stopped] -- -- (.EsetTrialReset)
IE - HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com/
FF - prefs.js..browser.search.defaultenginen ame: "iMesh Web Search"
FF - prefs.js..browser.search.order.1: "iMesh Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.imesh.com/"
FF - prefs.js..keyword.URL: "http://search.imesh.com/web?src=ffb&systemid=1&q="
O2 - BHO: (no name) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Services

:Reg

:Files
C:\Program Files\iMesh Applications

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the [color="#FF0000"]Run Fix[/color] button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

All processes killed
========== OTL ==========
Service .EsetTrialReset stopped successfully!
Service .EsetTrialReset deleted successfully!
HKU\S-1-5-21-1644491937-436374069-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "iMesh Web Search" removed from browser.search.defaultenginen ame
Prefs.js: "iMesh Web Search" removed from browser.search.order.1
Prefs.js: "http://search.imesh.com/" removed from browser.startup.homepage
Prefs.js: "http://search.imesh.com/web?src=ffb&systemid=1&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{474597C5-AB09-49d6-A4D5-2E8D7341384E}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET46.tmp deleted successfully.
C:\WINDOWS\System32\SET6B.tmp deleted successfully.
C:\WINDOWS\System32\SET6D.tmp deleted successfully.
C:\WINDOWS\System32\SET7B.tmp deleted successfully.
C:\WINDOWS\System32\SET93.tmp deleted successfully.
C:\WINDOWS\System32\SET9A.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\iMesh Applications not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 66512 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: xpuser
->Temp folder emptied: 11450533 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->Java cache emptied: 29695 bytes
->FireFox cache emptied: 54577485 bytes
->Apple Safari cache emptied: 40124416 bytes
->Flash cache emptied: 8154 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 36494408 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12133656 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 148.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: xpuser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04012011_234222

Files\Folders moved on Reboot...
C:\Documents and Settings\xpuser\Local Settings\Temp\WCESLog.log moved successfully.

Registry entries deleted on Reboot...

Solve : I Mesh search bar.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment