TechSpot

Removed Trojans but now have DLL error pop ups on start

Solved
By Snakes1000
Mar 23, 2013
  1. I recently picked up some viruses from a fake email (I think). My permanent security software McAfee picked up some but I also chose to run Malwarebytes to make sure they were cleared. That found more and quarantined them (see report log below) and this was confirmed when I re-ran it and nothing was found.

    However, when I reboot I get two error pop ups (see attached) which both relate to the DLL found by Malwarebytes (see files detected section 4).

    I have followed the preliminary instructions and here are my Malwarebytes and DDS logs

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
    Database version: v2013.03.22.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16521
    Clive :: CLIVE-PC [administrator]
    22/03/2013 14:37:24
    mbam-log-2013-03-22 (14-37-24).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 258138
    Time elapsed: 7 minute(s), 20 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 2
    C:\Windows\System32\chkndown.dll (Backdoor.Papras) -> Delete on reboot.
    C:\Users\Clive\AppData\Roaming\wimsi.dll (Trojan.Medfos.SVR) -> Delete on reboot.
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 3
    HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 4
    C:\Windows\System32\chkndown.dll (Backdoor.Papras) -> Delete on reboot.
    C:\Users\Clive\AppData\Roaming\wimsi.dll (Trojan.Medfos.SVR) -> Delete on reboot.
    C:\Users\Clive\AppData\Roaming\mdpmcv.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
    C:\Users\Clive\AppData\Local\Temp\11363947857124.exe (Tojan.Agent.ED) -> Quarantined and deleted successfully.
    (end)
    ------------------------------------------------------------------------------------------------------------------------------
    DDS
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/05/2010 14:45:04
    System Uptime: 23/03/2013 10:20:33 (0 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A79T Deluxe
    Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3210/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    B: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 82.099 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()
    F: is FIXED (NTFS) - 466 GiB total, 90.654 GiB free.
    G: is FIXED (NTFS) - 466 GiB total, 346.769 GiB free.
    H: is FIXED (NTFS) - 466 GiB total, 434.767 GiB free.
    I: is FIXED (NTFS) - 1397 GiB total, 781.58 GiB free.
    K: is FIXED (NTFS) - 1863 GiB total, 0.007 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: RapportEI64
    Device ID: ROOT\LEGACY_RAPPORTEI64\0000
    Manufacturer:
    Name: RapportEI64
    PNP Device ID: ROOT\LEGACY_RAPPORTEI64\0000
    Service: RapportEI64
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: RapportPG64
    Device ID: ROOT\LEGACY_RAPPORTPG64\0000
    Manufacturer:
    Name: RapportPG64
    PNP Device ID: ROOT\LEGACY_RAPPORTPG64\0000
    Service: RapportPG64
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Power Control [2012/09/12 18:38:38]
    Device ID: ROOT\LEGACY_{B154377D-700F-42CC-9474-23858FBDF4BD}\0000
    Manufacturer:
    Name: Power Control [2012/09/12 18:38:38]
    PNP Device ID: ROOT\LEGACY_{B154377D-700F-42CC-9474-23858FBDF4BD}\0000
    Service: {B154377D-700F-42cc-9474-23858FBDF4BD}
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.20 (x64 edition)
    ABBYY FineReader 6.0 Sprint
    ACID Pro 7.0
    Acrobat.com
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop Elements 11
    Adobe Premiere Elements 11
    Adobe Reader X (10.1.6)
    Adobe Shockwave Player 12.0
    Affixa
    Affixa 3.2012.3.18
    Any Video Converter 3.5.7
    AoA Audio Extractor 1.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV and Media Player 3.1.1.12
    AutoHotkey 1.0.48.05
    AutoSizer
    AVG Security Toolbar
    Avidemux 2.5
    AviSynth 2.5
    BBC iPlayer Desktop
    Belkin N Wireless USB Adapter Setup
    Bigasoft WTV Converter 3.6.20.4501
    Bonjour
    Bonjour Print Services
    BT Cloud
    BT Desktop Help
    BT Home Hub
    BT NetProtect Plus
    BT Yahoo! Applications
    Bulk Rename Utility 2.7.1.2
    calibre 64bit
    CCF Authentication 1.00.211.0 (release)
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Creative Audio Control Panel
    Creative Diagnostics
    Creative Media Toolbox 6
    Creative Media Toolbox 6 (Shared Components)
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties x64 Edition
    Creative System Information
    Creative WaveStudio 7
    CrystalDiskMark 3.0.1c
    CyberLink PhotoDirector 3
    CyberLink PowerDVD 10
    D3DX10
    Dell Display Manager
    Dell System Detect
    DivX Setup
    Dokan Library 0.5.3
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
    DVDFab 7.0.7.0 (08/06/2010)
    DVDFab 8.0.8.5 (19/03/2011)
    DVDFab 8.2.2.2 (23/11/2012) Qt
    DVDFab 9.0.3.0 (15/03/2013) Beta
    DVDFab Media Player 1.0.2.9 (01/11/2012)
    DVDFab Passkey 8.0.8.0 (24/11/2012)
    Elements 11 Organizer
    EPSON Attach To Email
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    EPSON File Manager
    EPSON Scan
    EPSON Scan Assistant
    EPSON Stylus SX200 Series Printer Uninstall
    eReg
    EZ Vinyl/Tape Converter 4.1 by MixMeister
    Flickr Uploadr 3.2.1
    Fraps
    Free Audio Converter version 2.3.3.908
    Free Studio version 5.7.6.1015
    Free Video Dub version 2.0.6.412
    FreeClipper MP3
    Freecorder 7 Applications (7.0.0.48)
    Freecorder extension
    Freecorder extension for Chrome
    Freecorder extension x64
    Freemake Audio Converter version 1.1.0
    Freemake Video Converter version 3.0.2
    Freemake Video Downloader
    Gigaset QuickSync
    GIMP 2.8.2
    Google Analytics Opt-out Browser Add-on
    Google Chrome
    Google Chrome Frame
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Haali Media Splitter
    Host OpenAL
    iCloud
    ieSpell
    ImgBurn
    inSSIDer
    InstallIQ Updater
    Internet TV for Windows Media Center
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26 (64-bit)
    Java(TM) 7 Update 5
    Java(TM) 7 Update 5 (64-bit)
    Junk Mail filter update
    Just Trains - Digital Traction Rebuilt Bulleid Light Pacific
    LAV Filters 0.51.2
    Logitech SetPoint 6.32
    MAGIX Xtreme Photo Designer 6 6.0.19.0 (US)
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Easy Assist v2
    Microsoft Flight Simulator X
    Microsoft Flight Simulator X Service Pack 1
    Microsoft Flight Simulator X Service Pack 2
    Microsoft IntelliPoint 8.2
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XML Parser
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    MSVC80_x64_v2
    MSVC80_x86_v2
    MSVC90_x64
    MSVC90_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    My Channel Logos
    MySQL Server 5.1
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia Software Updater
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    PC Connectivity Solution
    PerformanceTest v8.0
    PlayReady PC Runtime amd64
    Power2Go
    PRE11 STI 64Installer
    PSE11 STI Installer
    PVSonyDll
    QuickTime
    Rapport
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek Ethernet Controller Driver For Windows 7
    REALTEK Wireless LAN Driver and Utility
    RealUpgrade 1.1
    Recuva
    Revo Uninstaller 1.92
    REX Essential Plus
    REX Essential Plus Overdrive
    RW_Tools V4
    RWDecal2
    Safari
    SCARM 0.9.15 beta
    Search Results Toolbar
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Shared C Run-time for x64
    SkyPlayer for Windows Media Center
    Sothink Movie DVD Maker
    Sound Blaster X-Fi
    Spotify
    Steam
    swMSM
    Sync Client 1.40.498.0 (release)
    TBS 6280 Dual DVBT/T2 Tuner driver 1.0.0.8 for windows
    TBS VHID 1.0.0.8
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Train Simulator 2013
    TubeMaster++ 2.7
    Tyre
    UKTS Freeware Pack - Blocks-Lofts-Bridges #1
    UKTS Freeware Pack - Clutter #1
    UKTS Freeware Pack - Commercial #1
    UKTS Freeware Pack - Foliage #1
    UKTS Freeware Pack - Housing #1
    UKTS Freeware Pack - Industrial #1
    UKTS Freeware Pack - Railway Buildings #1
    UKTS Freeware Pack - UK Carriages #1
    UKTS Freeware Pack - UK Classic Diesel and Electric #1
    UKTS Freeware Pack - UK DMUs-EMUs-Trams #1
    UKTS Freeware Pack - UK Steam #1
    UKTS Freeware Pack - UK Wagons #1
    UKTS Freeware Route Pack - Candlewick
    UKTS Freeware Route Pack - Coniston Branch
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    Visual Studio 2008 x64 Redistributables
    VLC media player 2.0.1
    VSO Burning SDK 4.0.10.472
    Windows Driver Package - Nokia Modem (02/25/2011 4.7)
    Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Center Add-in for Silverlight
    Windows Movie Maker 2.6
    WinPcap 4.1.2
    WinZip 17.0
    Yahoo! Toolbar
    .
    ==== End Of File ===========================
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.5.0
    Run by Clive at 10:53:56 on 2013-03-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.6113 [GMT 0:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\BT Cloud\fshoster32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe
    C:\Windows\system32\hasplms.exe
    C:\Users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    C:\Program Files (x86)\BT Cloud\fshoster32.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
    C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\BT Cloud\apps\ContentAnywhere\fs_sync_ui_hoster.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\system32\taskeng.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.co.uk/
    uSearch Bar = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms}
    uSearch Page = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms}
    uSearchAssistant = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms}
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -
    mWinlogon: Userinit = userinit.exe,
    BHO: AutorunsDisabled - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Freecorder extension: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -
    TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
    uRun: [Google Update] "C:\Users\Clive\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S207C.tmp" /EF "HKCU"
    uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    uRun: [5E8B7EFB655487CEB113C2EF305E074CD5918900._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Creative MediaSource Go] "C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
    uRun: [Spotify Web Helper] "C:\Users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRun: [ChromeFrameHelper] "C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe" --startup
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
    mRun: [F-Secure Hoster (47188)] "C:\Program Files (x86)\BT Cloud\fshoster32.exe" -app -hosterid:1
    StartupFolder: C:\Users\Clive\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    uPolicies-Explorer: HideSCAHealth = dword:1
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
    IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    Trusted Zone: dell.com
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{8DD8E408-84E0-4E80-AFC7-EF588D424863} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8DD8E408-84E0-4E80-AFC7-EF588D424863}\244584F6D656845726D244334343 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8DD8E408-84E0-4E80-AFC7-EF588D424863}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\npchrome_frame.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: AutorunsDisabled - <orphaned>
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Freecorder extension x64: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
    x64-Run: [wimsi] rundll32.exe "C:\Users\Clive\AppData\Roaming\wimsi.dll",CchFileTimeToDateTimeSz
    x64-Run: [aladg] "C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\aladg.dll",TypeError
    x64-Run: [mdpmcv] "C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\mdpmcv.dll",SyntaxLocation
    x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 88609672;88609672 Boot Guard Driver;C:\Windows\System32\drivers\88609672.sys [2011-6-30 40464]
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771536]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 340216]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-25 56336]
    R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-6-21 101464]
    R1 88609671;88609671;C:\Windows\System32\drivers\88609671.sys [2011-6-30 157712]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-21 39768]
    R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/09/17 17:43:54];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2012-8-15 146928]
    R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
    R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2012-8-5 78208]
    R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2012-5-19 106888]
    R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2012-5-19 11776]
    R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-5-11 8704]
    R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\BT Cloud\fshoster32.exe [2013-1-18 188400]
    R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-29 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-29 201304]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-29 201304]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-11-29 241456]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-11-29 218760]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-29 182752]
    R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-1-28 369152]
    R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-1-28 460288]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-5-28 45056]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-8-28 92632]
    R3 dvdfab;dvdfab;C:\Windows\System32\drivers\dvdfab.sys [2012-11-15 79232]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-29 309840]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-29 515968]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
    R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2010-5-24 632832]
    R3 TBS6280_64;TBS DVB-T2/T service;C:\Windows\System32\drivers\tbs6280_64.sys [2012-9-7 1898488]
    R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\Windows\System32\drivers\hcw88aud.sys [2009-8-6 16128]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-5-11 96768]
    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-29 201304]
    S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2013-1-7 31968]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-29 70112]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-24 79360]
    S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-2-23 79360]
    S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-1-24 25704]
    S3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;C:\Windows\System32\drivers\GigasetGenericUSB_x64.sys [2012-11-8 54272]
    S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\Windows\System32\drivers\hcw88bda.sys [2009-8-6 257664]
    S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\Windows\System32\drivers\hcw88tse.sys [2009-8-6 339840]
    S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\Windows\System32\drivers\hcw88tun.sys [2009-8-6 110080]
    S3 hcw88vid;Hauppauge WinTV 88x Video;C:\Windows\System32\drivers\hcw88vid.sys [2009-8-6 440064]
    S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\Windows\System32\drivers\hcw88bar.sys [2009-8-6 21632]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-29 196440]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-11-29 106552]
    S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-5-18 12800]
    S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-5-18 171008]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-3 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-25 1255736]
    S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2013-2-12 29288]
    .
    =============== Created Last 30 ================
    .
    2013-03-22 10:25:42 74240 ---ha-w- C:\Windows\System32\chkndown64.dll
    2013-03-22 10:25:19 600064 ----a-w- C:\Users\Clive\AppData\Roaming\aladg.dll
    2013-03-20 20:18:27 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-03-20 17:28:13 -------- d-----w- C:\Users\Clive\AppData\Local\calibre-cache
    2013-03-18 16:51:51 -------- d-----w- C:\Program Files (x86)\UKTS
    2013-03-08 15:29:22 -------- d-s---w- C:\Users\Clive\BT Cloud
    2013-03-08 15:29:22 -------- d-----w- C:\Users\Clive\AppData\Local\F-Secure
    2013-03-08 15:28:10 -------- d-----w- C:\Program Files (x86)\BT Cloud
    2013-03-08 15:24:54 -------- d-----w- C:\ProgramData\F-Secure
    2013-03-07 15:22:19 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop
    2013-03-06 21:53:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-27 12:23:57 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
    2013-02-27 12:23:57 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2013-02-27 12:23:57 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
    2013-02-27 12:23:57 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2013-02-27 12:23:42 2906586 ------w- C:\Windows\SysWow64\Sens_oal.dll
    2013-02-27 12:23:41 1944064 ------w- C:\Windows\System32\Sens_oal.dll
    2013-02-26 15:33:49 -------- d-----w- C:\Program Files (x86)\RailWorks
    .
    ==================== Find3M ====================
    .
    2013-03-13 02:51:30 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-13 02:51:29 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-19 13:59:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2013-02-19 13:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2013-02-19 13:56:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe
    2013-02-19 13:55:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2013-02-19 13:55:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2013-02-19 13:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2013-02-19 13:53:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2013-02-19 13:53:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2013-02-19 13:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-10 19:34:20 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-08 11:36:20 29288 ----a-w- C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys
    2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2010-05-26 13:53:46 35576 ----a-w- C:\Program Files (x86)\uninstall.exe
    2009-11-21 08:48:30 74672 ----a-w- C:\Program Files (x86)\fraps64.dat
    2009-11-21 08:48:20 2234288 ----a-w- C:\Program Files (x86)\fraps.exe
    2009-11-21 08:45:44 159744 ----a-w- C:\Program Files (x86)\frapslcd.dll
    2009-11-05 03:09:00 154032 ----a-w- C:\Program Files (x86)\fraps64.dll
    2009-11-05 03:08:58 206768 ----a-w- C:\Program Files (x86)\fraps32.dll
    2009-03-04 11:18:04 6512128 ----a-w- C:\Program Files (x86)\PowerDVD.msi
    2009-03-04 11:17:17 4230098 ----a-w- C:\Program Files (x86)\ISSetup.dll
    2009-02-28 18:40:37 75048 ----a-w- C:\Program Files (x86)\brs.exe
    2009-02-18 22:23:47 2476 ----a-w- C:\Program Files (x86)\PDVD.reg
    2009-02-09 15:27:00 94208 ----a-w- C:\Program Files (x86)\SKUtil.dll
    2008-10-24 11:08:24 1770 ----a-w- C:\Program Files (x86)\BDROM.reg
    2008-05-14 13:48:01 75048 ----a-w- C:\Program Files (x86)\CLSM.exe
    2007-12-14 10:39:57 2688296 ----a-w- C:\Program Files (x86)\vcredist_x86.exe
    .
    ============= FINISH: 10:57:51.64 ===============
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] You're running two AV programs, McAfee and MSE.
    You must uninstall one of them.
    If McAfee use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  3. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    Thanks for your reply. I assume MSE stands for Microsoft Security Essentials? I would rather uninstall this than McAfee as the latter comes as part of a free package from my ISP BT. How do I uninstall MSE as it does not appear on my program list in Revo Uninstaller or under the less-vigorous standard uninstaller in the Control Panel.

    I'm not convinced it's running if I do have it (although I can see it is referred to in the log text).

    OK I've completed that task (with the exception of uninstalling MSE - see previous email).

    The RogueKiller reports are:-

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Clive [Admin rights]
    Mode : Scan -- Date : 03/23/2013 16:43:03
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 3 ¤¤¤
    [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Clive\AppData\Roaming\aladg.dll [x] -> KILLED [TermProc]
    [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Clive\AppData\Roaming\aladg.dll [x] -> KILLED [TermProc]
    [SUSP PATH] chrome_frame_helper.exe -- C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe [7] -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 25 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe" --startup) [7] -> FOUND
    [RUN][SUSP PATH] HKLM\[...]\Run : wimsi (rundll32.exe "C:\Users\Clive\AppData\Roaming\wimsi.dll",CchFileTimeToDateTimeSz) [x] -> FOUND
    [RUN][SUSP PATH] HKLM\[...]\Run : aladg ("C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\aladg.dll",TypeError) [7] -> FOUND
    [RUN][SUSP PATH] HKLM\[...]\Run : mdpmcv ("C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\mdpmcv.dll",SyntaxLocation) [7] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-1368043077-876994860-1198750009-1000[...]\Run : ChromeFrameHelper ("C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe" --startup) [7] -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\88609671 (C:\Windows\system32\DRIVERS\88609671.sys) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\88609672 (C:\Windows\system32\DRIVERS\88609672.sys) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\88609671 (C:\Windows\system32\DRIVERS\88609671.sys) -> FOUND
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\88609672 (C:\Windows\system32\DRIVERS\88609672.sys) -> FOUND
    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
    [TASK][ROGUE ST] 4680 : wscript.exe C:\Users\Clive\AppData\Local\Temp\launchie.vbs //B -> FOUND
    [TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Clive\AppData\Local\Temp\IHU83F1.tmp.exe [x] -> FOUND
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
    --- User ---
    [MBR] 98b7d72cac858eb6236775ee1e5f359f
    [BSP] c55769993bd7e758c3d5d298cd07f62a : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: SAMSUNG HD501LJ USB Device +++++
    --- User ---
    [MBR] 781bf8ee0160b6f59afd509aa622798e
    [BSP] 656425d65fe09ff316ebf37daf798cf1 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive2: SAMSUNG HD501LJ USB Device +++++
    --- User ---
    [MBR] d40739961dc2f74964d42d0e3115b120
    [BSP] 054f4e2052089291c3de3c103cfc484e : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive3: SAMSUNG HD501LJ USB Device +++++
    --- User ---
    [MBR] 994d1b6cc77b6427099b3cf66fb19e0f
    [BSP] 57111411898571a4a7dfec96c0cd5c07 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive4: Freecom Hard Drive XS USB Device +++++
    --- User ---
    [MBR] b80e0e2f9698539babf22e089aa3ada9
    [BSP] 99c55ac27e69b848a1758efaacf6c79c : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1]_S_03232013_02d1643.txt >>
    RKreport[1]_S_03232013_02d1643.txt

    2

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Clive [Admin rights]
    Mode : Remove -- Date : 03/23/2013 16:44:58
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 3 ¤¤¤
    [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Clive\AppData\Roaming\aladg.dll [x] -> KILLED [TermProc]
    [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Clive\AppData\Roaming\aladg.dll [x] -> KILLED [TermProc]
    [SUSP PATH] chrome_frame_helper.exe -- C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe [7] -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 20 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe" --startup) [7] -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Run : wimsi (rundll32.exe "C:\Users\Clive\AppData\Roaming\wimsi.dll",CchFileTimeToDateTimeSz) [x] -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Run : aladg ("C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\aladg.dll",TypeError) [7] -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Run : mdpmcv ("C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\mdpmcv.dll",SyntaxLocation) [7] -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\88609671 (C:\Windows\system32\DRIVERS\88609671.sys) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\88609672 (C:\Windows\system32\DRIVERS\88609672.sys) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\88609671 (C:\Windows\system32\DRIVERS\88609671.sys) -> DELETED
    [Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\88609672 (C:\Windows\system32\DRIVERS\88609672.sys) -> DELETED
    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
    [TASK][ROGUE ST] 4680 : wscript.exe C:\Users\Clive\AppData\Local\Temp\launchie.vbs //B -> DELETED
    [TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Clive\AppData\Local\Temp\IHU83F1.tmp.exe [x] -> DELETED
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
    --- User ---
    [MBR] 98b7d72cac858eb6236775ee1e5f359f
    [BSP] c55769993bd7e758c3d5d298cd07f62a : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: SAMSUNG HD501LJ USB Device +++++
    --- User ---
    [MBR] 781bf8ee0160b6f59afd509aa622798e
    [BSP] 656425d65fe09ff316ebf37daf798cf1 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive2: SAMSUNG HD501LJ USB Device +++++
    --- User ---
    [MBR] d40739961dc2f74964d42d0e3115b120
    [BSP] 054f4e2052089291c3de3c103cfc484e : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive3: SAMSUNG HD501LJ USB Device +++++
    --- User ---
    [MBR] 994d1b6cc77b6427099b3cf66fb19e0f
    [BSP] 57111411898571a4a7dfec96c0cd5c07 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    +++++ PhysicalDrive4: Freecom Hard Drive XS USB Device +++++
    --- User ---
    [MBR] b80e0e2f9698539babf22e089aa3ada9
    [BSP] 99c55ac27e69b848a1758efaacf6c79c : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2]_D_03232013_02d1644.txt >>
    RKreport[1]_S_03232013_02d1643.txt ; RKreport[2]_D_03232013_02d1644.txt

    ______________________________________________________

    The Malwarebytes Anti-Root program found no malware. The reports are:-

    Malwarebytes Anti-Rootkit BETA 1.01.0.1021
    www.malwarebytes.org
    Database version: v2013.03.23.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Clive :: CLIVE-PC [administrator]
    23/03/2013 17:02:00
    mbar-log-2013-03-23 (17-02-00).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 38102
    Time elapsed: 15 minute(s),
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)

    2

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1021
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 9.0.8112.16421
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
    CPU speed: 3.210000 GHz
    Memory total: 8588025856, free: 4854513664
    ------------ Kernel report ------------
    03/23/2013 16:46:13
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\drivers\mfehidk.sys
    \SystemRoot\System32\Drivers\PxHlpa64.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\RapportKE64.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\88609672.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\Windows\system32\drivers\avgtpx64.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\88609671.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\amdppm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\TBS6280_64.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\BdaSup.SYS
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\dvdfab.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\ASACPI.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\System32\Drivers\pcouffin.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\WmBEnum.sys
    \SystemRoot\system32\drivers\WmXlCore.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\t3.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\drivers\mfeavfk.sys
    \SystemRoot\system32\drivers\mfefirek.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\RTL8192su.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\wdcsam64.sys
    \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\Windows\system32\drivers\aksdf.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Windows\system32\drivers\aksfridge.sys
    \??\C:\Windows\system32\drivers\dokan.sys
    \??\C:\Windows\system32\drivers\hardlock.sys
    \SystemRoot\system32\drivers\npf.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
    \SystemRoot\system32\drivers\mfeapfk.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\drivers\MSPQM.sys
    \SystemRoot\system32\drivers\MSPCLOCK.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\sechost.dll
    \Windows\System32\ole32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\imm32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\wininet.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\usp10.dll
    \Windows\System32\nsi.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\shell32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\user32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\devobj.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk5\DR5
    Upper Device Object: 0xfffffa8008830790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000008e\
    Lower Device Object: 0xfffffa800a5e8b60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk4\DR4
    Upper Device Object: 0xfffffa8008832790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000008d\
    Lower Device Object: 0xfffffa800a5f0b60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk3\DR3
    Upper Device Object: 0xfffffa8007f75790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000008c\
    Lower Device Object: 0xfffffa80088376e0
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa8007f74790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000008b\
    Lower Device Object: 0xfffffa8007961a30
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007f4b790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000081\
    Lower Device Object: 0xfffffa8008ea3b60
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8007b27060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa8006b17060
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    Downloaded database version: v2013.03.23.07
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8007b27060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007b27b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007b27060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8006b15580, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8006b17060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a002bad7f0, 0xfffffa8007b27060, 0xfffffa8007d5a090
    Lower DeviceData: 0xfffff8a005f565f0, 0xfffffa8006b17060, 0xfffffa8006d05510
    <<< 3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 896765B0
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 976769024
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8007f4b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8008eab9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007f4b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8008ea3b60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a01c9c3ec0, 0xfffffa8007f4b790, 0xfffffa8007c1e3e0
    Lower DeviceData: 0xfffff8a0190c99d0, 0xfffffa8008ea3b60, 0xfffffa8007b91120
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: CCC26479
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa8007f74790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800a5ebb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007f74790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007961a30, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a017b313d0, 0xfffffa8007f74790, 0xfffffa8006f9a790
    Lower DeviceData: 0xfffff8a01cd67300, 0xfffffa8007961a30, 0xfffffa800f5afd00
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: D38FF675
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 3, DevicePointer: 0xfffffa8007f75790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800a5d4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007f75790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80088376e0, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a006c8ccd0, 0xfffffa8007f75790, 0xfffffa8007bb6790
    Lower DeviceData: 0xfffff8a0085e6810, 0xfffffa80088376e0, 0xfffffa8010c26160
    Drive 3
    Scanning MBR on drive 3...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: FC1C3C8E
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 976768002
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 4, DevicePointer: 0xfffffa8008832790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800a5e4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008832790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800a5f0b60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a000a93940, 0xfffffa8008832790, 0xfffffa8007d4c790
    Lower DeviceData: 0xfffff8a01d1ada00, 0xfffffa800a5f0b60, 0xfffffa80073324e0
    Drive 4
    Scanning MBR on drive 4...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: EE5EC694
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 2930272002
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 1500301910016 bytes
    Sector size: 512 bytes
    Physical Sector Size: 512
    Drive: 5, DevicePointer: 0xfffffa8008830790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800a5f7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8008830790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800a5e8b60, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a015e4c2e0, 0xfffffa8008830790, 0xfffffa8006c18790
    Lower DeviceData: 0xfffff8a00a5aa870, 0xfffffa800a5e8b60, 0xfffffa800eb85090
    Drive 5
    Scanning MBR on drive 5...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 21365
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3906961408
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 2000365289472 bytes
    Sector size: 512 bytes
    Done!
    Performing system, memory and registry scan...
    <<<2>>>
    Device number: 4, partition: 1
    <<<3>>>
    Volume: I:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Scan finished
    =======================================

    I hope that helps
     
  4. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    MSE listing may be just some registry leftover so don't worry about it for now.

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  5. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    Hi

    OMG! Help!

    This process has now completed on my PC but I cannot start most program's (including Internet Explorer, Windows Media Centre, Windows Explorer, etc) so am sending this from my iPad. The error messages are consistent when I attempt to open any of them. It states "Illegal operation attempted on a registry key that has been marked for deletion (and defines the file - e.g. C:\Program Files\Internet Explorer\iexplore.exe). I did get the text log after Combi completed and saved it to the desktop but I can't even open that now - same error message.

    Should I try to restore back to an earlier date? If so, the one before we started (that you suggested I set up) or one before I had any virus/malware issues?

    I would really appreciate a timely response (I'm sure you're busy) as I can do nothing now and am a bit concerned.

    Cheers
     
  6. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    How about reading my instructions carefully?
    In my very first post I stated:
    If you do, you'll see this:

     
  7. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    Hi Broni,

    Why the aggressive tone? I have followed your instructions to the letter but confess I did miss your Note 3 so apologies for that.

    I admit to getting a bit freaked out and as I did not hear back from you after 3 hours and was concerned that you may have finished work so I went ahead and did a restore to a time before I picked up the virus.

    That process took a further 3 hours+ and has just finished. I have not fully tested the pc but all appears well.

    What would you suggest I do next - if you are prepared to continue this support?

    Regards
     
  8. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    I surely will but I need Combofix log.
     
  9. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    OK, here you go. By the way, all seems to be operating normally a the moment - thanks, so much.

    ComboFix 13-03-23.01 - Clive 23/03/2013 18:22:28.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.4376 [GMT 0:00]
    Running from: c:\users\Clive\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Freecorder extension\ScRIpthost.dll
    c:\program files (x86)\Setup.exe
    c:\program files (x86)\Uninstall.exe
    c:\programdata\tsohnoc.pad
    c:\users\Clive\AppData\Roaming\aladg.dll
    c:\users\Clive\AppData\Roaming\inst.exe
    c:\users\Clive\AppData\Roaming\Microsoft\~DFK4293de5a.tmp
    c:\users\Clive\AppData\Roaming\Microsoft\1eaadjc.dll
    c:\users\Clive\AppData\Roaming\Microsoft\bass.dll
    c:\users\Clive\AppData\Roaming\Microsoft\engine_ag.dll
    c:\users\Clive\AppData\Roaming\Microsoft\engine_vx.dll
    c:\users\Clive\AppData\Roaming\Microsoft\kfgresk.dll
    c:\users\Clive\AppData\Roaming\Microsoft\peaadje.dll
    c:\users\Clive\AppData\Roaming\Microsoft\qwadjb.dll
    c:\users\Clive\AppData\Roaming\Microsoft\rsaadjd.dll
    c:\windows\iun6002.exe
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\SET113B.tmp
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-23 18:40 . 2013-03-23 18:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-03-23 18:40 . 2013-03-23 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-03-23 16:13 . 2013-03-23 16:13 78 ----a-w- C:\FixitRegBackup.reg
    2013-03-22 10:25 . 2013-03-22 10:25 74240 ---ha-w- c:\windows\system32\chkndown64.dll
    2013-03-20 20:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-03-20 17:28 . 2013-03-20 17:28 -------- d-----w- c:\users\Clive\AppData\Local\calibre-cache
    2013-03-18 16:51 . 2013-03-18 16:51 -------- d-----w- c:\program files (x86)\UKTS
    2013-03-08 15:29 . 2013-03-08 15:30 -------- d-s---w- c:\users\Clive\BT Cloud
    2013-03-08 15:29 . 2013-03-08 15:29 -------- d-----w- c:\users\Clive\AppData\Local\F-Secure
    2013-03-08 15:28 . 2013-03-21 13:28 -------- d-----w- c:\program files (x86)\BT Cloud
    2013-03-08 15:24 . 2013-03-08 15:28 -------- d-----w- c:\programdata\F-Secure
    2013-03-07 15:22 . 2013-03-07 15:22 -------- d-----w- c:\program files (x86)\BBC iPlayer Desktop
    2013-03-07 15:22 . 2013-03-07 15:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2013-03-06 21:53 . 2013-03-06 21:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-02-27 12:23 . 2013-02-27 12:23 466520 ----a-w- c:\windows\system32\wrap_oal.dll
    2013-02-27 12:23 . 2013-02-27 12:23 123480 ----a-w- c:\windows\system32\OpenAL32.dll
    2013-02-27 12:23 . 2012-01-13 11:23 1944064 ------w- c:\windows\system32\Sens_oal.dll
    2013-02-26 15:33 . 2013-03-06 21:13 -------- d-----w- c:\program files (x86)\RailWorks
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-15 10:08 . 2010-05-24 14:00 72013344 ----a-w- c:\windows\system32\MRT.exe
    2013-03-13 02:51 . 2012-07-26 11:06 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-13 02:51 . 2012-07-26 11:06 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-02-27 12:23 . 2013-02-27 12:23 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
    2013-02-27 12:23 . 2013-02-27 12:23 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
    2013-02-19 13:59 . 2012-11-29 09:57 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2013-02-19 13:56 . 2012-07-17 14:52 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2013-02-19 13:56 . 2012-11-29 09:47 182752 ----a-w- c:\windows\system32\mfevtps.exe
    2013-02-19 13:55 . 2012-11-29 09:58 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2013-02-19 13:55 . 2012-11-29 09:57 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2013-02-19 13:54 . 2012-07-17 14:50 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2013-02-19 13:53 . 2012-11-29 09:57 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2013-02-19 13:53 . 2012-11-29 09:57 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2013-02-19 13:52 . 2012-07-17 14:48 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2013-02-12 05:45 . 2013-03-13 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-13 20:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-13 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45 . 2013-03-13 20:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48 . 2013-03-13 20:00 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-13 20:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-02-10 19:34 . 2012-12-21 15:21 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-02-02 03:30 . 2013-03-15 10:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-02-02 03:26 . 2013-03-15 10:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-02-02 03:23 . 2013-03-15 10:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-01-18 12:15 . 2013-03-23 18:58 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{088BE215-C4BC-4500-8D81-9D9EE096737F}\mpengine.dll
    2013-01-18 12:15 . 2013-03-23 18:53 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7DD2B27-CFF2-4864-8771-B0E079E2F757}\mpengine.dll
    2013-01-17 01:28 . 2010-05-24 14:02 273840 ------w- c:\windows\system32\MpSigStub.exe
    2013-01-13 19:53 . 2013-02-27 09:26 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53 . 2013-02-27 09:26 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
    2013-01-13 19:43 . 2013-02-27 09:26 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:02 . 2013-02-27 09:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34 . 2013-02-27 09:26 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 17:26 . 2013-02-27 09:26 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
    2013-01-08 11:36 . 2013-02-12 11:23 29288 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383S(1).sys
    2013-01-05 05:53 . 2013-02-13 21:26 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-05 05:00 . 2013-02-13 21:26 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00 . 2013-02-13 21:26 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-01-04 06:11 . 2013-02-27 09:26 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 05:46 . 2013-02-13 21:25 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-04 04:51 . 2013-02-13 21:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-01-04 04:43 . 2013-02-13 21:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-01-04 03:26 . 2013-02-13 21:26 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-01-04 02:47 . 2013-02-13 21:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-01-04 02:47 . 2013-02-13 21:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-01-04 02:47 . 2013-02-13 21:25 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-01-04 02:47 . 2013-02-13 21:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00 . 2013-02-13 21:25 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-03 06:00 . 2013-02-13 21:25 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2009-11-21 08:48 . 2009-11-21 08:48 74672 ----a-w- c:\program files (x86)\fraps64.dat
    2009-11-21 08:48 . 2009-11-21 08:48 2234288 ----a-w- c:\program files (x86)\fraps.exe
    2009-11-21 08:45 . 2009-11-21 08:45 159744 ----a-w- c:\program files (x86)\frapslcd.dll
    2009-11-05 03:09 . 2009-11-05 03:09 154032 ----a-w- c:\program files (x86)\fraps64.dll
    2009-11-05 03:08 . 2009-11-05 03:08 206768 ----a-w- c:\program files (x86)\fraps32.dll
    2009-03-04 11:18 . 2010-05-25 13:08 6512128 ----a-w- c:\program files (x86)\PowerDVD.msi
    2009-03-04 11:17 . 2010-05-25 13:08 4230098 ----a-w- c:\program files (x86)\ISSetup.dll
    2009-02-28 18:40 . 2010-05-25 13:08 75048 ----a-w- c:\program files (x86)\brs.exe
    2009-02-18 22:23 . 2010-05-25 13:08 2476 ----a-w- c:\program files (x86)\PDVD.reg
    2009-02-09 15:27 . 2010-05-25 13:08 94208 ----a-w- c:\program files (x86)\SKUtil.dll
    2008-10-24 11:08 . 2010-05-25 13:08 1770 ----a-w- c:\program files (x86)\BDROM.reg
    2008-05-14 13:48 . 2010-05-25 13:08 75048 ----a-w- c:\program files (x86)\CLSM.exe
    2007-12-14 10:39 . 2010-05-25 13:08 2688296 ----a-w- c:\program files (x86)\vcredist_x86.exe
    2006-05-16 23:58 . 2010-05-25 13:08 1822520 ----a-w- c:\program files (x86)\instmsiw.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{94366e2c-9923-431c-b0d6-747447dd0f2b}]
    2012-03-22 07:24 87008 ----a-w- c:\program files (x86)\searchresults1\searchresultsDx.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{94366e2c-9923-431c-b0d6-747447dd0f2b}"= "c:\program files (x86)\searchresults1\searchresultsDx.dll" [2012-03-22 87008]
    .
    [HKEY_CLASSES_ROOT\clsid\{94366e2c-9923-431c-b0d6-747447dd0f2b}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-25 39408]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-15 1632680]
    "com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
    "5E8B7EFB655487CEB113C2EF305E074CD5918900._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-03-11 1274320]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Creative MediaSource Go"="c:\program files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]
    "Spotify Web Helper"="c:\users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-12 1199576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-12-20 75048]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
    "F-Secure Hoster (47188)"="c:\program files (x86)\BT Cloud\fshoster32.exe" [2013-01-18 188400]
    .
    c:\users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2009-08-06 16128]
    R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
    R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/09/12 18:38];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-24 79360]
    R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-02-23 79360]
    R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys [2012-08-13 25704]
    R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys [2012-11-08 54272]
    R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2009-08-06 257664]
    R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2009-08-06 339840]
    R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2009-08-06 110080]
    R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2009-08-06 440064]
    R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2009-08-06 21632]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
    R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-05-18 12800]
    R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-05-18 171008]
    R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
    R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2013-01-08 29288]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-08-10 56336]
    S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-08 101464]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-10 39768]
    S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
    S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/09/17 17:43];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2012-08-15 19:41 146928]
    S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600]
    S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]
    S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2012-05-19 106888]
    S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2012-05-19 11776]
    S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-05-10 96768]
    S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-05-10 8704]
    S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\BT Cloud\fshoster32.exe [2013-01-18 188400]
    S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
    S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-10-31 369152]
    S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-10-31 460288]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-01-21 45056]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
    S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-08-15 79232]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-05-25 82816]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
    S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2012-10-12 632832]
    S3 TBS6280_64;TBS DVB-T2/T service;c:\windows\system32\DRIVERS\TBS6280_64.sys [2012-07-24 1898488]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-13 09:01 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 02:51]
    .
    2013-03-23 c:\windows\Tasks\Google Software Updater.job
    - c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-25 01:50]
    .
    2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 13:50]
    .
    2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 13:50]
    .
    2013-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368043077-876994860-1198750009-1000Core.job
    - c:\users\Clive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 21:46]
    .
    2013-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368043077-876994860-1198750009-1000UA.job
    - c:\users\Clive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 21:46]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FSSyncErrorIcon]
    @="{1F872D95-A1C0-452C-9662-08739211EC04}"
    [HKEY_CLASSES_ROOT\CLSID\{1F872D95-A1C0-452C-9662-08739211EC04}]
    2013-03-07 10:32 942016 ----a-w- c:\program files (x86)\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FSSyncOkIcon]
    @="{164AD5E4-2B93-4FB0-8AE3-8F922BAA186B}"
    [HKEY_CLASSES_ROOT\CLSID\{164AD5E4-2B93-4FB0-8AE3-8F922BAA186B}]
    2013-03-07 10:32 942016 ----a-w- c:\program files (x86)\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FSSyncProgressingConnectingIcon]
    @="{935591D8-7EF8-4147-80D8-C80AB6E964DF}"
    [HKEY_CLASSES_ROOT\CLSID\{935591D8-7EF8-4147-80D8-C80AB6E964DF}]
    2013-03-07 10:32 942016 ----a-w- c:\program files (x86)\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2821808]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.co.uk/
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms}
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Free YouTube to MP3 Converter - c:\users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
    Trusted Zone: dell.com
    Trusted Zone: google.co.uk\www
    Trusted Zone: google.com\mail
    TCP: DhcpNameServer = 192.168.1.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - c:\program files (x86)\Freecorder extension\ScriptHost.dll
    Toolbar-Locked - (no file)
    Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    Wow6432Node-HKCU-Run-Remote Mouse - c:\program files (x86)\Remote Mouse\RemoteMouse.exe
    Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
    HKLM-Run-Start WingMan Profiler - c:\program files\Logitech\Gaming Software\LWEMon.exe
    AddRemove-Fraps - c:\program files (x86)\uninstall.exe
    AddRemove-RW_Tools V4 - g:\train sim area\Utilities
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fshoster]
    "ImagePath"="\"c:\program files (x86)\BT Cloud\fshoster32.exe\" -hosterid:0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\F-Secure\My Services Agent\Protected]
    @Denied: ) (Everyone)
    "AgentIdentifier"="ec957b35-f355-4fbb-a87d-12b331754ec8"
    "AuthorizationCode"=""
    "47188_AgentIdentifier"="ec957b35-f355-4fbb-a87d-12b331754ec8"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\hasplms.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
    .
    **************************************************************************
    .
    Completion time: 2013-03-23 19:04:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-03-23 19:04
    .
    Pre-Run: 79,895,228,416 bytes free
    Post-Run: 79,544,991,744 bytes free
    .
    - - End Of File - - C1DC187C703D28660064F4447408EE74
     
  10. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    Hi Broni,

    I have emailed the reports to you but here they are each one follows the other as there are too many characters to put in one post.

    Please advise what, if anything, I need to do next.

    Regards

    # AdwCleaner v2.115 - Logfile created 03/25/2013 at 10:13:56
    # Updated 17/03/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Clive - CLIVE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Clive\Desktop\adwcleaner.exe
    # Option [Delete]

    ***** [Services] *****

    ***** [Files / Folders] *****
    File Deleted : C:\Program Files (x86)\Uninstall.exe
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Program Files (x86)\Ilivid
    Folder Deleted : C:\Program Files (x86)\searchresults1
    Folder Deleted : C:\ProgramData\~0
    Folder Deleted : C:\ProgramData\APN
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Users\Clive\AppData\Local\AskToolbar
    Folder Deleted : C:\Users\Clive\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Clive\AppData\Local\Ilivid Player
    Folder Deleted : C:\Users\Clive\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Clive\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Clive\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Clive\AppData\LocalLow\BitTorrentBar
    Folder Deleted : C:\Users\Clive\AppData\LocalLow\boost_interprocess
    Folder Deleted : C:\Users\Clive\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Clive\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Clive\AppData\LocalLow\searchresults1
    Folder Deleted : C:\Users\Clive\AppData\Roaming\dvdvideosoftiehelpers
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    ***** [Registry] *****
    Key Deleted : HKCU\Software\APN DTX
    Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
    Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\Ask&Record
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AutocompleteProBHO
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\searchresults1
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKLM\Software\BitTorrentBar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{710B283C-3A08-4CD5-973C-6DA6238D63BF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94366E2C-9923-431C-B0D6-747447DD0F2B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{94366E2C-9923-431C-B0D6-747447DD0F2B}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16470
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
    -\\ Google Chrome v25.0.1364.172
    File : C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.79] : icon_url = "hxxp://www.snap.do/favicon.ico",
    Deleted [l.82] : keyword = "search.snap.do",
    Deleted [l.85] : search_url = "hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc302[...]
    *************************
    AdwCleaner[S1].txt - [18725 octets] - [25/03/2013 10:13:56]
    ########## EOF - C:\AdwCleaner[S1].txt - [18786 octets] ##########
     
     
  12. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.7.3 (03.23.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Clive on 25/03/2013 at 11:52:44.29
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ~~~ Services

    ~~~ Registry Values
    Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
    Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1368043077-876994860-1198750009-1000\software\microsoft\internet explorer\searchurl\\Default
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default

    ~~~ Registry Keys
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b15bbe59-42f5-4206-b3f0-be98f5dc4b93}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{b15bbe59-42f5-4206-b3f0-be98f5dc4b93}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{16c8c46e-c811-4977-bf0a-b5cc1fa78d95}

    ~~~ Files

    ~~~ Folders
    Successfully deleted: [Folder] "C:\ProgramData\w3i"
    Successfully deleted: [Folder] "C:\Program Files (x86)\freecorder extension"
    Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
    Successfully deleted: [Folder] "C:\Windows\freecorder"

    ~~~ Event Viewer Logs were cleared


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 25/03/2013 at 12:04:36.81
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  13. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    OTL logfile created on: 25/03/2013 12:07:50 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clive\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    8.00 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.34% Memory free
    19.99 Gb Paging File | 17.19 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): c:\pagefile.sys 12285 13000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 73.09 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
    Drive F: | 465.76 Gb Total Space | 109.95 Gb Free Space | 23.61% Space Free | Partition Type: NTFS
    Drive G: | 465.76 Gb Total Space | 347.03 Gb Free Space | 74.51% Space Free | Partition Type: NTFS
    Drive H: | 465.76 Gb Total Space | 433.63 Gb Free Space | 93.10% Space Free | Partition Type: NTFS
    Drive I: | 1397.26 Gb Total Space | 771.89 Gb Free Space | 55.24% Space Free | Partition Type: NTFS
    Drive K: | 1862.98 Gb Total Space | 965.50 Gb Free Space | 51.83% Space Free | Partition Type: NTFS

    Computer Name: CLIVE-PC | User Name: Clive | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2013/03/24 16:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clive\Desktop\OTL.exe
    PRC - [2013/03/15 17:29:12 | 001,632,680 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
    PRC - [2013/03/11 00:21:13 | 000,082,896 | ---- | M] (Google Inc.) -- C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe
    PRC - [2013/02/12 11:00:05 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/01/21 15:53:42 | 003,158,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\BT Cloud\apps\ContentAnywhere\fs_sync_ui_hoster.exe
    PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/12/17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    PRC - [2012/12/07 14:01:40 | 000,187,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\BT Cloud\fshoster32.exe
    PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2012/11/23 11:50:48 | 001,259,184 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    PRC - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    PRC - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
    PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012/05/19 00:03:56 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
    PRC - [2012/05/10 14:26:52 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    PRC - [2011/12/20 13:56:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    PRC - [2010/03/25 20:10:56 | 001,089,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
    PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    PRC - [2010/01/21 13:11:40 | 000,045,056 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
    PRC - [2007/04/17 15:22:22 | 000,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
    PRC - [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/03/15 17:29:10 | 000,990,120 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2013/03/14 21:19:02 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2013/03/12 17:10:10 | 000,649,216 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl2.dll
    MOD - [2013/03/08 15:28:25 | 000,593,464 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
    MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
    MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/12/09 20:20:06 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
    MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
    MOD - [2009/03/17 11:39:46 | 000,148,992 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
    MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/02/19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2013/02/19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2013/02/19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2012/10/31 23:45:22 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV:64bit: - [2011/12/30 06:39:40 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
    SRV:64bit: - [2011/09/27 19:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2013/03/13 02:51:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/12/18 14:04:33 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/12/07 14:01:40 | 000,187,960 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\BT Cloud\fshoster32.exe -- (fshoster)
    SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2012/10/02 22:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
    SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
    SRV - [2012/05/19 00:03:56 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
    SRV - [2012/05/10 14:26:52 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
    SRV - [2012/05/10 14:26:36 | 000,096,768 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
    SRV - [2012/02/23 10:46:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
    SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/05/24 15:08:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
    SRV - [2010/01/21 13:11:40 | 000,045,056 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
    SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/02/19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2013/02/19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2013/02/19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
    DRV:64bit: - [2013/02/19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2013/02/19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2013/02/19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2013/02/19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2013/02/10 19:34:20 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/01/08 11:36:20 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
    DRV:64bit: - [2012/11/23 11:50:38 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
    DRV:64bit: - [2012/11/23 11:50:32 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
    DRV:64bit: - [2012/11/08 13:47:22 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64)
    DRV:64bit: - [2012/10/12 08:42:02 | 000,632,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
    DRV:64bit: - [2012/10/08 19:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
    DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/13 15:30:36 | 000,025,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
    DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2012/07/24 11:54:02 | 001,898,488 | ---- | M] (www.tbsdtv.com) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbs6280_64.sys -- (TBS6280_64)
    DRV:64bit: - [2012/07/08 06:19:18 | 000,101,464 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2012/05/19 00:03:58 | 000,106,888 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
    DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
    DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/22 13:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
    DRV:64bit: - [2011/11/22 13:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
    DRV:64bit: - [2011/09/28 14:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
    DRV:64bit: - [2011/09/02 06:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV:64bit: - [2011/09/02 06:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV:64bit: - [2011/09/02 06:30:02 | 000,032,536 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV:64bit: - [2011/08/15 14:51:40 | 000,079,232 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab)
    DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
    DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
    DRV:64bit: - [2011/05/18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
    DRV:64bit: - [2011/05/18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
    DRV:64bit: - [2011/05/18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/11 21:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
    DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
    DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 10:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2010/05/25 13:18:38 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2010/03/18 09:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV:64bit: - [2009/10/22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\88609672.sys -- (88609672)
    DRV:64bit: - [2009/09/25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\88609671.sys -- (88609671)
    DRV:64bit: - [2009/09/11 11:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
    DRV:64bit: - [2009/09/11 11:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
    DRV:64bit: - [2009/09/11 11:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
    DRV:64bit: - [2009/09/11 11:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
    DRV:64bit: - [2009/08/06 12:35:20 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)
    DRV:64bit: - [2009/08/06 12:35:18 | 000,339,840 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)
    DRV:64bit: - [2009/08/06 12:35:18 | 000,257,664 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (HCW88BDA)
    DRV:64bit: - [2009/08/06 12:35:18 | 000,110,080 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88tun.sys -- (HCW88TUNE)
    DRV:64bit: - [2009/08/06 12:35:16 | 000,021,632 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88bar.sys -- (HCW88XBAR)
    DRV:64bit: - [2009/08/06 12:35:16 | 000,016,128 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hcw88aud.sys -- (HCW88AUD)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV - [2012/11/23 11:50:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2012/11/23 11:50:36 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2012/08/15 19:41:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/09/17 17:43:54] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
    DRV - [2011/12/15 17:10:55 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 12 FE 7B 8B 14 CC 01 [binary data]
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\SearchScopes,DefaultScope = {937F837C-6BDA-4F35-98AB-34390B8520B7}
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\SearchScopes\{937F837C-6BDA-4F35-98AB-34390B8520B7}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GPEA_en
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Clive\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Clive\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Clive\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Clive\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Clive\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/23 23:13:46 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/03/23 23:13:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}: C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/03/23 23:14:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/23 23:16:05 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/23 23:16:05 | 000,000,000 | ---D | M]

    [2010/10/16 12:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions
    [2010/05/31 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
    [2010/06/08 10:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2010/05/25 13:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/10/16 12:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
     
  14. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    ========== Chrome ==========

    CHR - default_search_provider: Web (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.co.uk/webhp?rls=ig
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    CHR - Extension: Splendid = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
    CHR - Extension: YouTube = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: Motive Extension = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
    CHR - Extension: Chrome Toolbox (by Google) = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\
    CHR - Extension: Freecorder = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm\7.0.0.13_0\
    CHR - Extension: RealDownloader = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
    CHR - Extension: Freemake Video Converter = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
    CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Freecorder extension x64) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll (Applian Technologies Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
    O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui File not found
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
    O4 - HKLM..\Run: [F-Secure Hoster (47188)] C:\Program Files (x86)\BT Cloud\fshoster32.exe (F-Secure Corporation)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [5E8B7EFB655487CEB113C2EF305E074CD5918900._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [ChromeFrameHelper] C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe (Google Inc.)
    O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
    O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Creative MediaSource Go] C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S207C.tmp" /EF "HKCU" File not found
    O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe File not found
    O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Spotify Web Helper] C:\Users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O7 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
    O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
    O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
    O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
    O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: google.co.uk ([www] https in Trusted sites)
    O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: google.com ([mail] https in Trusted sites)
    O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DD8E408-84E0-4E80-AFC7-EF588D424863}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\gopher - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/25 11:52:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/03/25 10:34:05 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/03/25 10:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2013/03/24 16:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Clive\Desktop\OTL.exe
    [2013/03/23 18:10:22 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/03/23 18:09:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/03/20 17:28:13 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\calibre-cache
    [2013/03/18 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UKTS
    [2013/03/14 08:54:24 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\#Startup#
    [2013/03/08 15:29:22 | 000,000,000 | --SD | C] -- C:\Users\Clive\BT Cloud
    [2013/03/08 15:29:22 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\F-Secure
    [2013/03/08 15:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Cloud
    [2013/03/08 15:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BT Cloud
    [2013/03/08 15:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2013/03/07 15:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop
    [2013/03/07 15:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
    [2013/03/06 21:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/03/01 12:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Trains
    [2013/02/27 12:23:57 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2013/02/27 12:23:57 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [2013/02/27 12:23:42 | 002,906,586 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
    [2013/02/27 12:23:41 | 001,944,064 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
    [2013/02/26 15:40:59 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    [2013/02/26 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RailWorks
    [2010/05/25 13:18:38 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Clive\AppData\Roaming\pcouffin.sys
    [2010/05/25 13:08:06 | 004,230,098 | ---- | C] (Macrovision Corporation) -- C:\Program Files (x86)\ISSetup.dll
    [2010/05/25 13:08:06 | 002,688,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vcredist_x86.exe
    [2010/05/25 13:08:06 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\instmsiw.exe
    [2010/05/25 13:08:06 | 000,316,976 | ---- | C] (Macrovision Corporation ) -- C:\Program Files (x86)\setup.exe
    [2010/05/25 13:08:03 | 000,075,048 | ---- | C] (cyberlink) -- C:\Program Files (x86)\brs.exe
    [2009/11/21 08:48:30 | 000,074,672 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat
    [2009/11/21 08:48:20 | 002,234,288 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe
    [2009/11/21 08:45:44 | 000,159,744 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll
    [2009/11/05 03:09:00 | 000,154,032 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll
    [2009/11/05 03:08:58 | 000,206,768 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/25 11:57:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/03/25 11:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/03/25 11:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1368043077-876994860-1198750009-1000UA.job
    [2013/03/25 10:30:26 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/25 10:30:26 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/25 10:19:09 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/03/25 10:18:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/25 10:17:39 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/25 10:08:54 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/24 19:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1368043077-876994860-1198750009-1000Core.job
    [2013/03/24 16:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clive\Desktop\OTL.exe
    [2013/03/24 10:09:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2013/03/23 12:48:52 | 000,000,309 | ---- | M] () -- C:\Users\Clive\Desktop\Virus and Malware Removal - TechSpot Forums.url
    [2013/03/18 14:51:42 | 000,000,214 | ---- | M] () -- C:\Users\Clive\Desktop\18 - 24 March 2013 - Weekly checklist - gardenersworld.com.url
    [2013/03/18 12:48:47 | 000,085,184 | ---- | M] () -- C:\Users\Clive\Desktop\swanage.png
    [2013/03/17 00:01:46 | 000,664,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/17 00:01:46 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/14 17:56:42 | 000,017,360 | ---- | M] () -- C:\Users\Clive\AppData\Local\recently-used.xbel
    [2013/03/14 16:23:38 | 000,000,309 | ---- | M] () -- C:\Users\Clive\Desktop\Passport photo requirements - GOV.UK.url
    [2013/03/14 16:20:54 | 000,278,890 | ---- | M] () -- C:\Users\Clive\Desktop\Passport Application.jpg
    [2013/03/05 12:41:53 | 000,769,524 | ---- | M] () -- C:\Users\Clive\Desktop\Tutorial_Reskin.pdf
    [2013/03/04 10:54:06 | 000,505,887 | ---- | M] () -- C:\Users\Clive\Desktop\Invisible Engine.jpg
    [2013/02/28 10:30:38 | 1357,964,012 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/02/27 12:24:43 | 000,002,053 | RH-- | M] () -- C:\Windows\ctfile.rfc
    [2013/02/27 12:23:57 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
    [2013/02/27 12:23:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/03/23 11:18:00 | 000,000,309 | ---- | C] () -- C:\Users\Clive\Desktop\Virus and Malware Removal - TechSpot Forums.url
    [2013/03/18 14:51:42 | 000,000,214 | ---- | C] () -- C:\Users\Clive\Desktop\18 - 24 March 2013 - Weekly checklist - gardenersworld.com.url
    [2013/03/18 12:48:46 | 000,085,184 | ---- | C] () -- C:\Users\Clive\Desktop\swanage.png
    [2013/03/14 17:56:42 | 000,017,360 | ---- | C] () -- C:\Users\Clive\AppData\Local\recently-used.xbel
    [2013/03/14 16:23:38 | 000,000,309 | ---- | C] () -- C:\Users\Clive\Desktop\Passport photo requirements - GOV.UK.url
    [2013/03/14 16:20:53 | 000,278,890 | ---- | C] () -- C:\Users\Clive\Desktop\Passport Application.jpg
    [2013/03/07 15:22:20 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Desktop.lnk
    [2013/03/05 12:41:53 | 000,769,524 | ---- | C] () -- C:\Users\Clive\Desktop\Tutorial_Reskin.pdf
    [2013/03/04 10:54:06 | 000,505,887 | ---- | C] () -- C:\Users\Clive\Desktop\Invisible Engine.jpg
    [2013/02/28 10:30:38 | 1357,964,012 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/12/08 17:48:05 | 000,000,640 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\WtvWatcher.settings
    [2012/11/12 17:04:44 | 000,727,952 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
    [2012/11/12 17:04:44 | 000,159,120 | ---- | C] () -- C:\Windows\SysWow64\WSCM32.dll
    [2012/09/07 10:29:29 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
    [2012/09/07 09:28:44 | 000,007,324 | ---- | C] () -- C:\Windows\unins000.dat
    [2012/08/23 12:36:13 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    [2012/08/08 11:33:22 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
    [2012/05/19 00:03:56 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll
    [2012/03/07 13:39:51 | 000,000,079 | ---- | C] () -- C:\Users\Clive\AppData\Local\CrystalDiskMark30.ini
    [2011/07/06 04:41:57 | 000,007,675 | ---- | C] () -- C:\Users\Clive\AppData\Local\Resmon.ResmonCfg
    [2011/06/01 15:44:06 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
    [2010/08/24 14:27:59 | 000,010,240 | ---- | C] () -- C:\Users\Clive\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/25 13:18:38 | 000,099,384 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\inst.exe
    [2010/05/25 13:18:38 | 000,007,859 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\pcouffin.cat
    [2010/05/25 13:18:38 | 000,001,167 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\pcouffin.inf
    [2010/05/25 13:08:06 | 006,512,128 | ---- | C] () -- C:\Program Files (x86)\PowerDVD.msi
    [2010/05/25 13:08:06 | 001,129,289 | ---- | C] () -- C:\Program Files (x86)\setup.isn
    [2010/05/25 13:08:06 | 000,094,208 | ---- | C] ( ) -- C:\Program Files (x86)\SKUtil.dll
    [2010/05/25 13:08:06 | 000,010,246 | ---- | C] () -- C:\Program Files (x86)\Language.ini
    [2010/05/25 13:08:06 | 000,002,476 | ---- | C] () -- C:\Program Files (x86)\PDVD.reg
    [2010/05/25 13:08:06 | 000,001,961 | ---- | C] () -- C:\Program Files (x86)\Setup.ini
    [2010/05/25 13:08:06 | 000,001,566 | ---- | C] () -- C:\Program Files (x86)\setup.iss
    [2010/05/25 13:08:06 | 000,000,748 | ---- | C] () -- C:\Program Files (x86)\PowerDVD9.sim
    [2010/05/25 13:08:06 | 000,000,632 | ---- | C] () -- C:\Program Files (x86)\info.ini
    [2010/05/25 13:08:06 | 000,000,631 | ---- | C] () -- C:\Program Files (x86)\uninstall.iss
    [2010/05/25 13:08:06 | 000,000,184 | ---- | C] () -- C:\Program Files (x86)\Product.ini
    [2010/05/25 13:08:06 | 000,000,169 | ---- | C] () -- C:\Program Files (x86)\ureg.ini
    [2010/05/25 13:08:06 | 000,000,064 | ---- | C] () -- C:\Program Files (x86)\ShortCut.ini
    [2010/05/25 13:08:06 | 000,000,060 | ---- | C] () -- C:\Program Files (x86)\Define.ini
    [2010/05/25 13:08:03 | 112,588,547 | ---- | C] () -- C:\Program Files (x86)\Data1.cab
    [2010/05/25 13:08:03 | 000,075,048 | ---- | C] () -- C:\Program Files (x86)\CLSM.exe
    [2010/05/25 13:08:03 | 000,038,912 | ---- | C] () -- C:\Program Files (x86)\1031.mst
    [2010/05/25 13:08:03 | 000,037,888 | ---- | C] () -- C:\Program Files (x86)\1040.mst
    [2010/05/25 13:08:03 | 000,037,376 | ---- | C] () -- C:\Program Files (x86)\1036.mst
    [2010/05/25 13:08:03 | 000,035,840 | ---- | C] () -- C:\Program Files (x86)\1041.mst
    [2010/05/25 13:08:03 | 000,035,840 | ---- | C] () -- C:\Program Files (x86)\1034.mst
    [2010/05/25 13:08:03 | 000,031,744 | ---- | C] () -- C:\Program Files (x86)\1042.mst
    [2010/05/25 13:08:03 | 000,025,088 | ---- | C] () -- C:\Program Files (x86)\2052.mst
    [2010/05/25 13:08:03 | 000,024,576 | ---- | C] () -- C:\Program Files (x86)\1028.mst
    [2010/05/25 13:08:03 | 000,007,242 | ---- | C] () -- C:\Program Files (x86)\0x040c.ini
    [2010/05/25 13:08:03 | 000,007,094 | ---- | C] () -- C:\Program Files (x86)\0x0407.ini
    [2010/05/25 13:08:03 | 000,007,022 | ---- | C] () -- C:\Program Files (x86)\0x040a.ini
    [2010/05/25 13:08:03 | 000,006,897 | ---- | C] () -- C:\Program Files (x86)\0x0410.ini
    [2010/05/25 13:08:03 | 000,006,623 | ---- | C] () -- C:\Program Files (x86)\0x0411.ini
    [2010/05/25 13:08:03 | 000,006,129 | ---- | C] () -- C:\Program Files (x86)\0x0409.ini
    [2010/05/25 13:08:03 | 000,005,724 | ---- | C] () -- C:\Program Files (x86)\0x0412.ini
    [2010/05/25 13:08:03 | 000,004,315 | ---- | C] () -- C:\Program Files (x86)\0x0804.ini
    [2010/05/25 13:08:03 | 000,004,248 | ---- | C] () -- C:\Program Files (x86)\0x0404.ini
    [2010/05/25 13:08:03 | 000,003,584 | ---- | C] () -- C:\Program Files (x86)\1033.mst
    [2010/05/25 13:08:03 | 000,001,770 | ---- | C] () -- C:\Program Files (x86)\BDROM.reg
    [2010/05/25 13:08:03 | 000,001,014 | ---- | C] () -- C:\Program Files (x86)\Custom.ini
    [2010/05/25 13:08:03 | 000,000,751 | ---- | C] () -- C:\Program Files (x86)\CLAud.sim
    [2009/11/21 08:18:10 | 000,001,874 | ---- | C] () -- C:\Program Files (x86)\README.HTM

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/07 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Abyssmedia
    [2012/03/28 08:52:28 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Affixa
    [2013/03/23 23:16:40 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\AnvSoft
    [2013/01/07 10:29:38 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Apowersoft
    [2013/03/25 12:04:28 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Applian FLV and Media Player
    [2013/03/23 23:16:40 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Audacity
    [2010/05/25 21:24:21 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\AutoSizer
    [2011/06/30 16:36:31 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\AVG
    [2013/03/23 23:16:40 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\avidemux
    [2012/04/15 11:26:27 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
    [2012/10/25 16:15:42 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Bigasoft WTV Converter
    [2012/01/27 09:55:28 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Bump Technologies, Inc
    [2013/03/20 17:30:03 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\calibre
    [2011/06/16 16:20:46 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/05/25 10:03:14 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2012/10/15 12:16:04 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\DVDFab
    [2013/03/23 13:22:33 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\DVDVideoSoft
    [2010/05/28 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Easeware
    [2013/03/23 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Efficient Diary
    [2012/01/16 16:59:42 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\EPSON
    [2010/10/16 12:00:18 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Flickr
    [2012/02/21 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\FMZilla
    [2011/06/08 12:15:32 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\freac
    [2013/01/07 10:49:24 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Free Sound Recorder
    [2013/03/23 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\FreeAudioExtractor
    [2013/02/13 17:50:37 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Freecorder 7 Audio
    [2013/02/14 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Freecorder 7 Converter
    [2013/02/14 10:57:22 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Freecorder 7 Video
    [2013/03/23 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\FreeVideoCatcher
    [2011/02/28 09:10:11 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\FrostWire
    [2013/03/23 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\GetRightToGo
    [2012/02/07 17:05:17 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\gtk-2.0
    [2011/05/26 10:26:56 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\HamsterSoft
    [2012/08/05 10:46:18 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\HandBrake
    [2013/03/23 15:48:53 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\ImgBurn
    [2010/08/29 09:51:17 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\iPodtoComputer
    [2010/05/25 14:21:18 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Leadertech
    [2012/11/26 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\MAGIX
    [2012/05/20 12:15:44 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Mapi2Xml
    [2010/06/02 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\MGS
    [2010/12/26 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\MoveFab
    [2010/06/11 09:27:41 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\NetMedia Providers
    [2011/04/19 08:03:23 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Nokia
    [2011/04/19 07:59:41 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\PC Suite
    [2012/09/25 14:32:54 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\PerfView
    [2010/06/11 09:27:41 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Publish Providers
    [2011/11/30 09:04:59 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\shrink_pic
    [2012/02/08 09:47:45 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Simraceway
    [2010/06/11 09:27:36 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Sony
    [2013/03/23 23:16:44 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Spotify
    [2013/02/12 11:16:06 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\streamWriter
    [2013/03/23 23:16:44 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Thunderbird
    [2010/06/08 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\TomTom
    [2012/03/15 09:53:01 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\TuneUp Software
    [2013/03/23 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Tyre
    [2010/11/29 09:54:28 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Vso
    [2011/07/07 09:38:00 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\VSRevoGroup
    [2013/03/23 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\WebApp
    [2012/04/03 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Windows Live Writer
    [2013/02/12 11:33:16 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Wondershare
    [2012/11/12 17:05:23 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Wondershare Video Converter Ultimate
    [2011/05/25 10:17:06 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Youtube Downloader HD
    [2011/07/06 04:56:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
    [2011/07/06 04:56:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
    [2012/03/17 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Trusteer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8CE646EE
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    < End of report >
     
  15. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    OTL Extras logfile created on: 25/03/2013 12:07:50 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clive\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    8.00 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.34% Memory free
    19.99 Gb Paging File | 17.19 Gb Available in Paging File | 86.00% Paging File free
    Paging file location(s): c:\pagefile.sys 12285 13000 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.76 Gb Total Space | 73.09 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
    Drive F: | 465.76 Gb Total Space | 109.95 Gb Free Space | 23.61% Space Free | Partition Type: NTFS
    Drive G: | 465.76 Gb Total Space | 347.03 Gb Free Space | 74.51% Space Free | Partition Type: NTFS
    Drive H: | 465.76 Gb Total Space | 433.63 Gb Free Space | 93.10% Space Free | Partition Type: NTFS
    Drive I: | 1397.26 Gb Total Space | 771.89 Gb Free Space | 55.24% Space Free | Partition Type: NTFS
    Drive K: | 1862.98 Gb Total Space | 965.50 Gb Free Space | 51.83% Space Free | Partition Type: NTFS

    Computer Name: CLIVE-PC | User Name: Clive | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 1
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 1
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
    "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
    "{17bce0e9-930e-4afb-8089-6863c562379c}" = Gigaset QuickSync
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{561AB451-B967-475C-80E0-3B6679C38B52}" = MySQL Server 5.1
    "{5A5FADCD-34CB-4F23-9940-ED1FD8AB3DA5}" = calibre 64bit
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
    "{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}" = Adobe Premiere Elements 11
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
    "{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
    "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
    "Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
    "CCleaner" = CCleaner
    "CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
    "E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
    "EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "GIMP-2_is1" = GIMP 2.8.2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "PerformanceTest 8_is1" = PerformanceTest v8.0
    "PremElem110" = Adobe Premiere Elements 11
    "Recuva" = Recuva
    "sp6" = Logitech SetPoint 6.32
    "TBS 6280 Dual DVBT/T2 Tuner driver for windows_is1" = TBS 6280 Dual DVBT/T2 Tuner driver 1.0.0.8 for windows
    "TBS VHID_is1" = TBS VHID 1.0.0.8

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{07BB63A6-188D-4447-A0B6-8ED8B2075B81}" = UKTS Freeware Pack - Blocks-Lofts-Bridges #1
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B139A40-29B2-43B7-AB5B-0910D7021D10}" = My Channel Logos
    "{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
    "{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
    "{10D69816-2FA2-4071-A45E-2EC182FA2A7D}" = REX Essential Plus Overdrive
    "{13969A12-BC34-42DB-906D-D55FA9675EC2}" = UKTS Freeware Pack - Railway Buildings #1
    "{13B49566-4C8E-4955-A33D-66A6D31C4F27}" = Sync Client 1.40.343.0 (release)
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{287F350C-F8A6-40A7-8EA3-84EC874CEB00}" = UKTS Freeware Pack - UK DMUs-EMUs-Trams #1
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
    "{2CEDFC42-C1AC-443D-A11D-4BA201CC2C84}" = UKTS Freeware Pack - UK Wagons #1
    "{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
    "{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
    "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
    "{31AD5806-8CFE-4DB0-A8A9-0FD1EEB0693C}" = Affixa
    "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{4728B2D3-DA35-4C7F-BABC-CD9B7C152BE1}" = RWDecal2
    "{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
    "{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
    "{5CBFEC54-FA2C-4A96-A203-FBDBC5C40D69}" = UKTS Freeware Pack - UK Carriages #1
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{64C9CBEC-1260-44F1-9304-F0CF9EFF9951}" = UKTS Freeware Pack - Commercial #1
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71450506-2F6C-4A9F-AC67-B15D034313BD}" = REX Essential Plus
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7F3396F3-C468-4FEA-8A34-7C0F2A5391D6}" = Just Trains - Digital Traction Rebuilt Bulleid Light Pacific
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{942ED24D-6D3E-4100-B76E-8180CF85CD68}" = BT Cloud
    "{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1" = SCARM 0.9.15 beta
    "{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A7E7E283-8AB2-3EFE-A3BD-8482F72BAFCF}" = Google Talk Plugin
    "{A911FCA6-F910-4065-868D-9828C285944B}" = UKTS Freeware Route Pack - Coniston Branch
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAEA1063-229A-406B-9962-864AEFBBD82F}" = UKTS Freeware Pack - Housing #1
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1" = Dell Display Manager
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B19E2B7A-745D-4B67-B21B-C97F727F3923}" = UKTS Freeware Pack - Industrial #1
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B614E5FA-6DA4-45A1-845C-52F870240A89}" = PRE11 STI 64Installer
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{BF28F7E1-F3A0-40e5-B4E7-B6CFE20D5ADF}_is1" = Bigasoft WTV Converter 3.6.20.4501
    "{BF9DC935-7351-406E-9073-A364827AAA8D}" = UKTS Freeware Pack - UK Steam #1
    "{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
    "{CE6F9778-35DE-42D1-8C61-C5C69DCF8927}" = Google Analytics Opt-out Browser Add-on
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D02F30FB-0BC4-419A-9B9C-ADC610029B50}" = EPSON File Manager
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
    "{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop
    "{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DD3D06F6-E35C-4E43-B991-32A1C8DDB292}" = UKTS Freeware Pack - UK Classic Diesel and Electric #1
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E52EA3AD-AD96-47E9-A556-C546CF0E1021}" = UKTS Freeware Route Pack - Candlewick
    "{E7B3D305-0229-4720-81A5-811E2E23DE43}" = UKTS Freeware Pack - Foliage #1
    "{E9936A7E-04E3-4F50-9F1B-A4951C57AAD2}" = CCF Authentication 1.00.203.0 (release)
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F06AB18D-6F98-48E8-9441-E3290244143D}" = inSSIDer
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
    "{F355333F-795E-4593-ACAA-5C0F9D719D49}" = UKTS Freeware Pack - Clutter #1
    "{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
    "{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}" = Nokia Software Updater
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "Affixa 3.12.0318" = Affixa 3.2012.3.18
    "Any Video Converter_is1" = Any Video Converter 3.5.7
    "AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
    "Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
    "AudioCS" = Creative Audio Control Panel
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "AutoSizer" = AutoSizer
    "Avidemux 2.5 (64-bit)" = Avidemux 2.5
    "AviSynth" = AviSynth 2.5
    "BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
    "BT Desktop Help" = BT Desktop Help
    "BTHomeHub" = BT Home Hub
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Creative Software AutoUpdate" = Creative Software AutoUpdate
    "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
    "Diagnostics 4_5" = Creative Diagnostics
    "DivX Setup" = DivX Setup
    "DokanLibrary" = Dokan Library 0.5.3
    "DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
    "DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
    "DVDFab 8 Qt_is1" = DVDFab 8.2.2.2 (23/11/2012) Qt
    "DVDFab 8_is1" = DVDFab 8.0.8.5 (19/03/2011)
    "DVDFab 9_is1" = DVDFab 9.0.3.0 (15/03/2013) Beta
    "DVDFab Media Player_is1" = DVDFab Media Player 1.0.2.9 (01/11/2012)
    "DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.8.0 (24/11/2012)
    "EPSON Scanner" = EPSON Scan
    "EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.1 by MixMeister
    "Flickr Uploadr" = Flickr Uploadr 3.2.1
    "Fraps" = Fraps
    "Free Audio Converter_is1" = Free Audio Converter version 2.3.3.908
    "Free Studio_is1" = Free Studio version 5.7.6.1015
    "Free Video Dub_is1" = Free Video Dub version 2.0.6.412
    "FreeClipper MP31.0" = FreeClipper MP3
    "Freecorder 7 Applications" = Freecorder 7 Applications (7.0.0.48)
    "Freecorder extension" = Freecorder extension
    "Freecorder extension for Chrome" = Freecorder extension for Chrome
    "Freecorder extension x64" = Freecorder extension x64
    "Freemake Audio Converter_is1" = Freemake Audio Converter version 1.1.0
    "Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
    "Freemake Video Downloader_is1" = Freemake Video Downloader
    "F-Secure ServiceEnabler 47188" = BT Cloud
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HaaliMkx" = Haali Media Splitter
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Host OpenAL" = Host OpenAL
    "ieSpell" = ieSpell
    "ImgBurn" = ImgBurn
    "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
    "InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
    "InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "lavfilters_is1" = LAV Filters 0.51.2
    "MAGIX Xtreme Photo Designer 6 US" = MAGIX Xtreme Photo Designer 6 6.0.19.0 (US)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "MSC" = BT NetProtect Plus
    "Nokia PC Suite" = Nokia PC Suite
    "RealPlayer 16.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.92
    "SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
    "Steam App 24010" = Train Simulator 2013
    "SysInfo" = Creative System Information
    "TubeMaster++" = TubeMaster++ 2.7
    "Tyre_is1" = Tyre
    "Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
    "VLC media player" = VLC media player 2.0.1
    "VSO Burning SDK_is1" = VSO Burning SDK 4.0.10.472
    "WaveStudio 7" = Creative WaveStudio 7
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "Yahoo! Applications" = BT Yahoo! Applications
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "9204f5692a8faf3b" = Dell System Detect
    "Google Chrome Frame" = Google Chrome Frame
    "RW_Tools V4" = RW_Tools V4
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ System Events ]
    Error - 25/03/2013 08:06:36 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 25/03/2013 08:06:36 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 25/03/2013 08:07:36 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 25/03/2013 08:07:36 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 25/03/2013 08:13:46 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 25/03/2013 08:13:46 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 25/03/2013 08:14:45 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 25/03/2013 08:14:45 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891


    < End of report >
     
  16. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll File not found
      O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
      O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
      O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S207C.tmp" /EF "HKCU" File not found
      O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
      O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
      O8 - Extra context menu item: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
      O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
      O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
      O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: google.co.uk ([www] https in Trusted sites)
      O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: google.com ([mail] https in Trusted sites)
      O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
      O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
      O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
      O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
      O18 - Protocol\Handler\gopher - No CLSID value found
      O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
      [2011/06/30 16:36:31 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\AVG
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8CE646EE
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    Hi Broni,

    Here's the first report from OTL. Others to follow:-

    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MVT\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus SX200 Series deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Remote Mouse deleted successfully.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
    Registry key HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.co.uk\www\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\mail\ deleted successfully.
    Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
    C:\Windows\Downloaded Program Files\QTPlugin.inf moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
    File Protocol\Handler\msdaipp - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
    File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
    File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    File move failed. c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll scheduled to be moved on reboot.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
    Invalid CLSID key: c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    File move failed. c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll scheduled to be moved on reboot.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
    File Protocol\Handler\wlmailhtml - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
    File Protocol\Handler\wlpg - No CLSID value found not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
    File Protocol\Handler\gopher - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    C:\Users\Clive\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
    C:\Users\Clive\AppData\Roaming\AVG\Rescue folder moved successfully.
    C:\Users\Clive\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
    C:\Users\Clive\AppData\Roaming\AVG\PC Tuneup 2011\Logs folder moved successfully.
    C:\Users\Clive\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
    C:\Users\Clive\AppData\Roaming\AVG folder moved successfully.
    ADS C:\ProgramData\Temp:8CE646EE deleted successfully.
    ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: AppData
    ->Temp folder emptied: 0 bytes

    User: Clive
    ->Temp folder emptied: 2276161 bytes
    ->Temporary Internet Files folder emptied: 1265739817 bytes
    ->Java cache emptied: 1853578 bytes
    ->Google Chrome cache emptied: 9266000 bytes
    ->Flash cache emptied: 8258497 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57657 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56516 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 200704 bytes
    %systemroot%\System32 .tmp files removed: 150016 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10111559 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 105885 bytes
    RecycleBin emptied: 9198756049 bytes

    Total Files Cleaned = 10,011.00 mb


    [EMPTYJAVA]

    User: All Users

    User: AppData

    User: Clive
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: AppData

    User: Clive
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 03272013_103737
    Files\Folders moved on Reboot...
    c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll moved successfully.
    C:\Users\Clive\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...
     
  18. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    Security Check log:-

    Results of screen317's Security Check version 0.99.61
    Windows 7 Service Pack 1 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    McAfee Anti-Virus and Anti-Spyware
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    Java(TM) 7 Update 5
    Java version out of Date!
    Adobe Reader 10.1.6 Adobe Reader out of Date!
    Google Chrome 25.0.1364.152
    Google Chrome 25.0.1364.172
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  19. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    FSS Log:-

    Farbar Service Scanner Version: 03-03-2013
    Ran by Clive (administrator) on 27-03-2013 at 11:51:47
    Running from "C:\Users\Clive\Desktop"
    Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
    bfe Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

    Other Services:
    ==============
    Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
    Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
    Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
    Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
    Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  20. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    ESET scan still going after 20 hours (see file uploaded)
     

    Attached Files:

  21. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    The scan aborted at 36 hours so had to start again. This time I've split the task into two stages; the backup drive and then the remaining drives. It found one threat in the latter (see below). I've now set it away to do the backup.

    I:\Downloads\Software\noadware.exe probably a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined
     
  22. Broni

    Broni Malware Annihilator Posts: 47,684   +267

    [​IMG] Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    [​IMG] 1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =================================

    Now, FSS log shows number of registry issues which we have to fix.

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    Leave all checkmarks as they're.
    NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

    Click on Start button.

    [​IMG]

    Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

    Post fresh FSS log as well.
     
  23. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    Hi Broni,

    Well I've now completed all the processes you have advised me to carry out.

    First the final scan of my back up disk:-

    K:\CLIVE-PC\Backup Set 2013-03-11 230007\Backup Files 2013-03-11 230007\Backup files 270.zip multiple threats deleted - quarantined
    K:\CLIVE-PC\Backup Set 2013-03-11 230007\Backup Files 2013-03-11 230007\Backup files 364.zip probably a variant of Win32/Adware.ErrorClean application deleted - quarantined
    K:\CLIVE-PC\Backup Set 2013-03-25 230003\Backup Files 2013-03-25 230003\Backup files 236.zip a variant of Win32/Medfos.MM trojan deleted - quarantined
    K:\CLIVE-PC\Backup Set 2013-03-25 230003\Backup Files 2013-03-25 230003\Backup files 266.zip multiple threats deleted - quarantined
    K:\CLIVE-PC\Backup Set 2013-03-25 230003\Backup Files 2013-03-25 230003\Backup files 362.zip probably a variant of Win32/Adware.ErrorClean application deleted - quarantined
    _____________________________________________

    then the Post Windows Repair log:-

    Running Repair Under System Account
    Starting Repairs...
    Start (30/03/2013 18:05:11)
    Reset Registry Permissions 01/03
    HKEY_CURRENT_USER & Sub Keys
    Start (30/03/2013 18:05:11)
    Running Repair Under Current User Account
    Done (30/03/2013 18:05:29)
    Reset Registry Permissions 02/03
    HKEY_LOCAL_MACHINE & Sub Keys
    Start (30/03/2013 18:05:29)
    Running Repair Under System Account
    Done (30/03/2013 18:08:21)
    Reset Registry Permissions 03/03
    HKEY_CLASSES_ROOT & Sub Keys
    Start (30/03/2013 18:08:21)
    Running Repair Under System Account
    Done (30/03/2013 18:09:50)
    Reset File Permissions 01/26
    C:\$INPLACE.~TR & Sub Folders
    Start (30/03/2013 18:09:51)
    Running Repair Under System Account
    Done (30/03/2013 18:10:12)
    Reset File Permissions 02/26
    C:\$WINDOWS.~Q & Sub Folders
    Start (30/03/2013 18:10:12)
    Running Repair Under System Account
    Done (30/03/2013 18:10:33)
    Reset File Permissions 03/26
    C:\Boot & Sub Folders
    Start (30/03/2013 18:10:33)
    Running Repair Under System Account
    Done (30/03/2013 18:10:35)
    Reset File Permissions 04/26
    C:\Config.Msi & Sub Folders
    Start (30/03/2013 18:10:35)
    Running Repair Under System Account
    Done (30/03/2013 18:10:37)
    Reset File Permissions 05/26
    C:\downloads & Sub Folders
    Start (30/03/2013 18:10:37)
    Running Repair Under System Account
    Done (30/03/2013 18:10:40)
    Reset File Permissions 06/26
    C:\extensions & Sub Folders
    Start (30/03/2013 18:10:40)
    Running Repair Under System Account
    Done (30/03/2013 18:10:42)
    Reset File Permissions 07/26
    C:\Graphics & Sub Folders
    Start (30/03/2013 18:10:42)
    Running Repair Under System Account
    Done (30/03/2013 18:10:45)
    Reset File Permissions 08/26
    C:\jexepackres & Sub Folders
    Start (30/03/2013 18:10:45)
    Running Repair Under System Account
    Done (30/03/2013 18:10:47)
    Reset File Permissions 09/26
    C:\JRT & Sub Folders
    Start (30/03/2013 18:10:47)
    Running Repair Under System Account
    Done (30/03/2013 18:10:50)
    Reset File Permissions 10/26
    C:\MININT & Sub Folders
    Start (30/03/2013 18:10:50)
    Running Repair Under System Account
    Done (30/03/2013 18:10:52)
    Reset File Permissions 11/26
    C:\MSOCache & Sub Folders
    Start (30/03/2013 18:10:52)
    Running Repair Under System Account
    Done (30/03/2013 18:10:54)
    Reset File Permissions 12/26
    C:\NVIDIA & Sub Folders
    Start (30/03/2013 18:10:55)
    Running Repair Under System Account
    Done (30/03/2013 18:11:07)
    Reset File Permissions 13/26
    C:\PackageUninstallInfo & Sub Folders
    Start (30/03/2013 18:11:07)
    Running Repair Under System Account
    Done (30/03/2013 18:11:10)
    Reset File Permissions 14/26
    C:\PerfLogs & Sub Folders
    Start (30/03/2013 18:11:10)
    Running Repair Under System Account
    Done (30/03/2013 18:11:12)
    Reset File Permissions 15/26
    C:\PowerDVD9Ultra old folder & Sub Folders
    Start (30/03/2013 18:11:12)
    Running Repair Under System Account
    Done (30/03/2013 18:11:15)
    Reset File Permissions 16/26
    C:\Program Files & Sub Folders
    Start (30/03/2013 18:11:15)
    Running Repair Under System Account
    Done (30/03/2013 18:13:03)
    Reset File Permissions 17/26
    C:\Program Files (x86) & Sub Folders
    Start (30/03/2013 18:13:03)
    Running Repair Under System Account
    Done (30/03/2013 18:58:30)
    Reset File Permissions 18/26
    C:\ProgramData & Sub Folders
    Start (30/03/2013 18:58:30)
    Running Repair Under System Account
    Done (30/03/2013 19:03:03)
    Reset File Permissions 19/26
    C:\Qoobox & Sub Folders
    Start (30/03/2013 19:03:03)
    Running Repair Under System Account
    Done (30/03/2013 19:03:08)
    Reset File Permissions 20/26
    C:\Recovery & Sub Folders
    Start (30/03/2013 19:03:08)
    Running Repair Under System Account
    Done (30/03/2013 19:03:10)
    Reset File Permissions 21/26
    C:\REX Essential Plus & Sub Folders
    Start (30/03/2013 19:03:10)
    Running Repair Under System Account
    Done (30/03/2013 19:04:28)
    Reset File Permissions 22/26
    C:\TBSVHID & Sub Folders
    Start (30/03/2013 19:04:28)
    Running Repair Under System Account
    Done (30/03/2013 19:04:30)
    Reset File Permissions 23/26
    C:\Temp & Sub Folders
    Start (30/03/2013 19:04:30)
    Running Repair Under System Account
    Done (30/03/2013 19:04:35)
    Reset File Permissions 24/26
    C:\TempDump & Sub Folders
    Start (30/03/2013 19:04:35)
    Running Repair Under System Account
    Done (30/03/2013 19:04:37)
    Reset File Permissions 25/26
    C:\Windows & Sub Folders
    Start (30/03/2013 19:04:37)
    Running Repair Under System Account
    Done (30/03/2013 19:20:29)
    Reset File Permissions 26/26
    C:\_OTL & Sub Folders
    Start (30/03/2013 19:20:29)
    Running Repair Under System Account
    Done (30/03/2013 19:20:33)
    Reset File Permissions 01/02
    F:\Feature Films & Sub Folders
    Start (30/03/2013 19:20:33)
    Running Repair Under System Account
    Done (30/03/2013 19:20:38)
    Reset File Permissions 02/02
    F:\Recorded TV & Sub Folders
    Start (30/03/2013 19:20:38)
    Running Repair Under System Account
    Done (30/03/2013 19:20:42)
    Reset File Permissions 01/02
    G:\Flight Sim Area & Sub Folders
    Start (30/03/2013 19:20:42)
    Running Repair Under System Account
    Done (30/03/2013 19:20:53)
    Reset File Permissions 02/02
    G:\Train Sim Area & Sub Folders
    Start (30/03/2013 19:20:53)
    Running Repair Under System Account
    Done (30/03/2013 19:21:18)
    Reset File Permissions 01/07
    H:\bd2688125455ee7d82b9fe61bb8b & Sub Folders
    Start (30/03/2013 19:21:19)
    Running Repair Under System Account
    Done (30/03/2013 19:21:21)
    Reset File Permissions 02/07
    H:\Documents & Sub Folders
    Start (30/03/2013 19:21:21)
    Running Repair Under System Account
    Done (30/03/2013 19:21:23)
    Reset File Permissions 03/07
    H:\Downloads & Sub Folders
    Start (30/03/2013 19:21:23)
    Running Repair Under System Account
    Done (30/03/2013 19:21:26)
    Reset File Permissions 04/07
    H:\iTunes Media & Sub Folders
    Start (30/03/2013 19:21:26)
    Running Repair Under System Account
    Done (30/03/2013 19:22:41)
    Reset File Permissions 05/07
    H:\Old Docs & Sub Folders
    Start (30/03/2013 19:22:41)
    Running Repair Under System Account
    Done (30/03/2013 19:22:46)
    Reset File Permissions 06/07
    H:\Recorded TV & Sub Folders
    Start (30/03/2013 19:22:46)
    Running Repair Under System Account
    Done (30/03/2013 19:22:50)
    Reset File Permissions 07/07
    H:\Sounds - Engines, etc & Sub Folders
    Start (30/03/2013 19:22:50)
    Running Repair Under System Account
    Done (30/03/2013 19:22:55)
    Reset File Permissions 01/06
    I:\$AVG & Sub Folders
    Start (30/03/2013 19:22:55)
    Running Repair Under System Account
    Done (30/03/2013 19:22:57)
    Reset File Permissions 02/06
    I:\Documents & Sub Folders
    Start (30/03/2013 19:22:57)
    Running Repair Under System Account
    Done (30/03/2013 19:28:42)
    Reset File Permissions 03/06
    I:\Downloads & Sub Folders
    Start (30/03/2013 19:28:42)
    Running Repair Under System Account
    Done (30/03/2013 19:28:52)
    Reset File Permissions 04/06
    I:\e2fc981bd876dad8093d0e & Sub Folders
    Start (30/03/2013 19:28:52)
    Running Repair Under System Account
    Done (30/03/2013 19:28:55)
    Reset File Permissions 05/06
    I:\Recorded TV & Sub Folders
    Start (30/03/2013 19:28:55)
    Running Repair Under System Account
    Done (30/03/2013 19:28:59)
    Reset File Permissions 06/06
    I:\Visuals & Sub Folders
    Start (30/03/2013 19:29:00)
    Running Repair Under System Account
    Done (30/03/2013 19:30:23)
    Reset File Permissions 01/03
    K:\CLIVE-PC & Sub Folders
    Start (30/03/2013 19:30:23)
    Running Repair Under System Account
    Done (30/03/2013 19:31:16)
    Reset File Permissions 02/03
    K:\msdownld.tmp & Sub Folders
    Start (30/03/2013 19:31:16)
    Running Repair Under System Account
    Done (30/03/2013 19:31:22)
    Reset File Permissions 03/03
    K:\WindowsImageBackup & Sub Folders
    Start (30/03/2013 19:31:22)
    Running Repair Under System Account
    Done (30/03/2013 19:31:27)
    Reset File Permissions: Cleanup
    & Sub Folders
    Start (30/03/2013 19:31:27)
    Running Repair Under System Account
    Done (30/03/2013 19:31:36)
    Register System Files
    Start (30/03/2013 19:31:36)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:33:09)
    Repair WMI
    Start (30/03/2013 19:33:09)
    Running Repair Under Current User Account
    Invalid Global Switch.
    Invalid Global Switch.
    Running Repair Under System Account
    Invalid Global Switch.
    Invalid Global Switch.
    Done (30/03/2013 19:39:52)
    Repair Windows Firewall
    Start (30/03/2013 19:39:52)
    Running Repair Under Current User Account
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    Running Repair Under System Account
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    Done (30/03/2013 19:40:02)
    Repair Internet Explorer
    Start (30/03/2013 19:40:02)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:40:27)
    Remove Policies Set By Infections
    Start (30/03/2013 19:40:27)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:40:34)
    Repair Icons
    Start (30/03/2013 19:40:34)
    Running Repair Under System Account
    Could Not Find C:\Users\Clive\AppData\Local\IconCache.db.bak
    Could Not Find C:\Users\Clive\AppData\Local\IconCache.db
    Done (30/03/2013 19:40:39)
    Repair Winsock & DNS Cache
    Start (30/03/2013 19:40:39)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:41:02)
    Repair Proxy Settings
    Start (30/03/2013 19:41:03)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:41:12)
    Repair Windows Updates
    Start (30/03/2013 19:41:12)
    Running Repair Under Current User Account
    The Windows Update service is not started.
    More help is available by typing NET HELPMSG 3521.
    The system cannot find the file specified.
    Running Repair Under System Account
    The Cryptographic Services service is not started.
    More help is available by typing NET HELPMSG 3521.
    The Background Intelligent Transfer Service service is not started.
    More help is available by typing NET HELPMSG 3521.
    The Windows Update service is not started.
    More help is available by typing NET HELPMSG 3521.
    The system cannot find the file specified.
    Done (30/03/2013 19:42:07)
    Repair MSI (Windows Installer)
    Start (30/03/2013 19:42:07)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:42:20)
    Repair bat Association
    Start (30/03/2013 19:42:20)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:42:25)
    Repair cmd Association
    Start (30/03/2013 19:42:25)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:42:29)
    Repair com Association
    Start (30/03/2013 19:42:29)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:42:34)
    Repair Directory Association
    Start (30/03/2013 19:42:34)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:42:41)
    Repair Drive Association
    Start (30/03/2013 19:42:41)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:42:46)
    Repair exe Association
    Start (30/03/2013 19:42:46)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:42:51)
    Repair Folder Association
    Start (30/03/2013 19:42:51)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:42:56)
    Repair inf Association
    Start (30/03/2013 19:42:56)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:43:01)
    Repair lnk (Shortcuts) Association
    Start (30/03/2013 19:43:01)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:43:05)
    Repair msc Association
    Start (30/03/2013 19:43:05)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:43:10)
    Repair reg Association
    Start (30/03/2013 19:43:10)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:43:15)
    Repair scr Association
    Start (30/03/2013 19:43:15)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:43:20)
    Repair Print Spooler
    Start (30/03/2013 19:43:20)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:43:37)
    Restore Important Windows Services
    Start (30/03/2013 19:43:37)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:43:44)
    Set Windows Services To Default Startup
    Start (30/03/2013 19:43:44)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (30/03/2013 19:44:50)
    Cleaning up empty logs...
    All Selected Repairs Done.
    Done (30/03/2013 19:44:50)
    Total Repair Time: 01:39:39

    ...YOU MUST RESTART YOUR SYSTEM...
    Running Repair Under System Account
     
  24. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    ______________________________________________________

    and finally, the FSS log:-


    Farbar Service Scanner Version: 03-03-2013

    Ran by Clive (administrator) on 31-03-2013 at 10:12:09

    Running from "C:\Users\Clive\Desktop\Utilities\Virus Malware Utilities"

    Windows 7 Home Premium Service Pack 1 (X64)

    Boot Mode: Normal

    ****************************************************************



    Internet Services:

    ============



    Connection Status:

    ==============

    Localhost is accessible.

    LAN connected.

    Google IP is accessible.

    Google.com is accessible.

    Yahoo IP is accessible.

    Yahoo.com is accessible.





    Windows Firewall:

    =============



    Firewall Disabled Policy:

    ==================





    System Restore:

    ============



    System Restore Disabled Policy:

    ========================





    Action Center:

    ============



    Windows Update:

    ============



    Windows Autoupdate Disabled Policy:

    ============================





    Windows Defender:

    ==============



    Other Services:

    ==============





    File Check:

    ========

    C:\Windows\System32\nsisvc.dll => MD5 is legit

    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

    C:\Windows\System32\dhcpcore.dll => MD5 is legit

    C:\Windows\System32\drivers\afd.sys => MD5 is legit

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit

    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit

    C:\Windows\System32\mpssvc.dll => MD5 is legit

    C:\Windows\System32\bfe.dll => MD5 is legit

    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

    C:\Windows\System32\SDRSVC.dll => MD5 is legit

    C:\Windows\System32\vssvc.exe => MD5 is legit

    C:\Windows\System32\wscsvc.dll => MD5 is legit

    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

    C:\Windows\System32\wuaueng.dll => MD5 is legit

    C:\Windows\System32\qmgr.dll => MD5 is legit

    C:\Windows\System32\es.dll => MD5 is legit

    C:\Windows\System32\cryptsvc.dll => MD5 is legit

    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

    C:\Windows\System32\svchost.exe => MD5 is legit

    C:\Windows\System32\rpcss.dll => MD5 is legit





    **** End of log ****

    Many thanks, once again.
     
  25. Snakes1000

    Snakes1000 TS Rookie Topic Starter Posts: 20

    Hi Broni,

    I am experiencing one small problem which may or which may not be related to all the work we have done. It concerns my PowerDVD software. When I run it I get the attached error splash screen. I have tried re-installing some previous upgrades but it may require uninstalling and reinstalling fully from scratch (PowereDVD 7 or something!).

    Is it related and, if so, is there a fix?

    Sorry to muddy the waters.
     

    Attached Files:



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.