Solved Removed Trojans but now have DLL error pop ups on start

[Snakes1000]

I recently picked up some viruses from a fake email (I think). My permanent security software McAfee picked up some but I also chose to run Malwarebytes to make sure they were cleared. That found more and quarantined them (see report log below) and this was confirmed when I re-ran it and nothing was found.

However, when I reboot I get two error pop ups (see attached) which both relate to the DLL found by Malwarebytes (see files detected section 4).

I have followed the preliminary instructions and here are my Malwarebytes and DDS logs

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.22.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Clive :: CLIVE-PC [administrator]
22/03/2013 14:37:24
mbam-log-2013-03-22 (14-37-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258138
Time elapsed: 7 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 2
C:\Windows\System32\chkndown.dll (Backdoor.Papras) -> Delete on reboot.
C:\Users\Clive\AppData\Roaming\wimsi.dll (Trojan.Medfos.SVR) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Windows\System32\chkndown.dll (Backdoor.Papras) -> Delete on reboot.
C:\Users\Clive\AppData\Roaming\wimsi.dll (Trojan.Medfos.SVR) -> Delete on reboot.
C:\Users\Clive\AppData\Roaming\mdpmcv.dll (Trojan.Medfos) -> Quarantined and deleted successfully.
C:\Users\Clive\AppData\Local\Temp\11363947857124.exe (Tojan.Agent.ED) -> Quarantined and deleted successfully.
(end)
------------------------------------------------------------------------------------------------------------------------------
DDS
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24/05/2010 14:45:04
System Uptime: 23/03/2013 10:20:33 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4A79T Deluxe
Processor: AMD Phenom(tm) II X4 955 Processor | AM3 | 3210/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
B: is Removable
C: is FIXED (NTFS) - 466 GiB total, 82.099 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 90.654 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 346.769 GiB free.
H: is FIXED (NTFS) - 466 GiB total, 434.767 GiB free.
I: is FIXED (NTFS) - 1397 GiB total, 781.58 GiB free.
K: is FIXED (NTFS) - 1863 GiB total, 0.007 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: RapportEI64
Device ID: ROOT\LEGACY_RAPPORTEI64\0000
Manufacturer:
Name: RapportEI64
PNP Device ID: ROOT\LEGACY_RAPPORTEI64\0000
Service: RapportEI64
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: RapportPG64
Device ID: ROOT\LEGACY_RAPPORTPG64\0000
Manufacturer:
Name: RapportPG64
PNP Device ID: ROOT\LEGACY_RAPPORTPG64\0000
Service: RapportPG64
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Power Control [2012/09/12 18:38:38]
Device ID: ROOT\LEGACY_{B154377D-700F-42CC-9474-23858FBDF4BD}\0000
Manufacturer:
Name: Power Control [2012/09/12 18:38:38]
PNP Device ID: ROOT\LEGACY_{B154377D-700F-42CC-9474-23858FBDF4BD}\0000
Service: {B154377D-700F-42cc-9474-23858FBDF4BD}
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
ABBYY FineReader 6.0 Sprint
ACID Pro 7.0
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 11
Adobe Premiere Elements 11
Adobe Reader X (10.1.6)
Adobe Shockwave Player 12.0
Affixa
Affixa 3.2012.3.18
Any Video Converter 3.5.7
AoA Audio Extractor 1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
AutoHotkey 1.0.48.05
AutoSizer
AVG Security Toolbar
Avidemux 2.5
AviSynth 2.5
BBC iPlayer Desktop
Belkin N Wireless USB Adapter Setup
Bigasoft WTV Converter 3.6.20.4501
Bonjour
Bonjour Print Services
BT Cloud
BT Desktop Help
BT Home Hub
BT NetProtect Plus
BT Yahoo! Applications
Bulk Rename Utility 2.7.1.2
calibre 64bit
CCF Authentication 1.00.211.0 (release)
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Creative Audio Control Panel
Creative Diagnostics
Creative Media Toolbox 6
Creative Media Toolbox 6 (Shared Components)
Creative MediaSource 5
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative System Information
Creative WaveStudio 7
CrystalDiskMark 3.0.1c
CyberLink PhotoDirector 3
CyberLink PowerDVD 10
D3DX10
Dell Display Manager
Dell System Detect
DivX Setup
Dokan Library 0.5.3
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
DVDFab 7.0.7.0 (08/06/2010)
DVDFab 8.0.8.5 (19/03/2011)
DVDFab 8.2.2.2 (23/11/2012) Qt
DVDFab 9.0.3.0 (15/03/2013) Beta
DVDFab Media Player 1.0.2.9 (01/11/2012)
DVDFab Passkey 8.0.8.0 (24/11/2012)
Elements 11 Organizer
EPSON Attach To Email
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus SX200 Series Printer Uninstall
eReg
EZ Vinyl/Tape Converter 4.1 by MixMeister
Flickr Uploadr 3.2.1
Fraps
Free Audio Converter version 2.3.3.908
Free Studio version 5.7.6.1015
Free Video Dub version 2.0.6.412
FreeClipper MP3
Freecorder 7 Applications (7.0.0.48)
Freecorder extension
Freecorder extension for Chrome
Freecorder extension x64
Freemake Audio Converter version 1.1.0
Freemake Video Converter version 3.0.2
Freemake Video Downloader
Gigaset QuickSync
GIMP 2.8.2
Google Analytics Opt-out Browser Add-on
Google Chrome
Google Chrome Frame
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Haali Media Splitter
Host OpenAL
iCloud
ieSpell
ImgBurn
inSSIDer
InstallIQ Updater
Internet TV for Windows Media Center
iTunes
Java Auto Updater
Java(TM) 6 Update 26 (64-bit)
Java(TM) 7 Update 5
Java(TM) 7 Update 5 (64-bit)
Junk Mail filter update
Just Trains - Digital Traction Rebuilt Bulleid Light Pacific
LAV Filters 0.51.2
Logitech SetPoint 6.32
MAGIX Xtreme Photo Designer 6 6.0.19.0 (US)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Easy Assist v2
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
My Channel Logos
MySQL Server 5.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Update 1.10.8
NVIDIA Update Components
PC Connectivity Solution
PerformanceTest v8.0
PlayReady PC Runtime amd64
Power2Go
PRE11 STI 64Installer
PSE11 STI Installer
PVSonyDll
QuickTime
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver For Windows 7
REALTEK Wireless LAN Driver and Utility
RealUpgrade 1.1
Recuva
Revo Uninstaller 1.92
REX Essential Plus
REX Essential Plus Overdrive
RW_Tools V4
RWDecal2
Safari
SCARM 0.9.15 beta
Search Results Toolbar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Shared C Run-time for x64
SkyPlayer for Windows Media Center
Sothink Movie DVD Maker
Sound Blaster X-Fi
Spotify
Steam
swMSM
Sync Client 1.40.498.0 (release)
TBS 6280 Dual DVBT/T2 Tuner driver 1.0.0.8 for windows
TBS VHID 1.0.0.8
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Train Simulator 2013
TubeMaster++ 2.7
Tyre
UKTS Freeware Pack - Blocks-Lofts-Bridges #1
UKTS Freeware Pack - Clutter #1
UKTS Freeware Pack - Commercial #1
UKTS Freeware Pack - Foliage #1
UKTS Freeware Pack - Housing #1
UKTS Freeware Pack - Industrial #1
UKTS Freeware Pack - Railway Buildings #1
UKTS Freeware Pack - UK Carriages #1
UKTS Freeware Pack - UK Classic Diesel and Electric #1
UKTS Freeware Pack - UK DMUs-EMUs-Trams #1
UKTS Freeware Pack - UK Steam #1
UKTS Freeware Pack - UK Wagons #1
UKTS Freeware Route Pack - Candlewick
UKTS Freeware Route Pack - Coniston Branch
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.1
VSO Burning SDK 4.0.10.472
Windows Driver Package - Nokia Modem (02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
Windows Movie Maker 2.6
WinPcap 4.1.2
WinZip 17.0
Yahoo! Toolbar
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.5.0
Run by Clive at 10:53:56 on 2013-03-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.6113 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\BT Cloud\fshoster32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe
C:\Windows\system32\hasplms.exe
C:\Users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\BT Cloud\fshoster32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\BT Cloud\apps\ContentAnywhere\fs_sync_ui_hoster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.co.uk/
uSearch Bar = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms}
uSearchAssistant = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -
mWinlogon: Userinit = userinit.exe,
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AffixaHandlerLib.BHO: {5adefb9e-b824-45e6-86e2-2b7941f5d6a3} -
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Freecorder extension: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files (x86)\Freecorder extension\ScriptHost.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} -
TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - C:\Program Files (x86)\searchresults1\searchresultsDx.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe
uRun: [Google Update] "C:\Users\Clive\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S207C.tmp" /EF "HKCU"
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [5E8B7EFB655487CEB113C2EF305E074CD5918900._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Creative MediaSource Go] "C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" /SCB
uRun: [Spotify Web Helper] "C:\Users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [ChromeFrameHelper] "C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe" --startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
mRun: [F-Secure Hoster (47188)] "C:\Program Files (x86)\BT Cloud\fshoster32.exe" -app -hosterid:1
StartupFolder: C:\Users\Clive\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8DD8E408-84E0-4E80-AFC7-EF588D424863} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8DD8E408-84E0-4E80-AFC7-EF588D424863}\244584F6D656845726D244334343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8DD8E408-84E0-4E80-AFC7-EF588D424863}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\npchrome_frame.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Freecorder extension x64: {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [btbb_McciTrayApp] "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [wimsi] rundll32.exe "C:\Users\Clive\AppData\Roaming\wimsi.dll",CchFileTimeToDateTimeSz
x64-Run: [aladg] "C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\aladg.dll",TypeError
x64-Run: [mdpmcv] "C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\mdpmcv.dll",SyntaxLocation
x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 88609672;88609672 Boot Guard Driver;C:\Windows\System32\drivers\88609672.sys [2011-6-30 40464]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-7-17 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-7-17 340216]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-25 56336]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2011-6-21 101464]
R1 88609671;88609671;C:\Windows\System32\drivers\88609671.sys [2011-6-30 157712]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-12-21 39768]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/09/17 17:43:54];C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2012-8-15 146928]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2012-8-5 78208]
R2 Dokan;Dokan;C:\Windows\System32\drivers\dokan.sys [2012-5-19 106888]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2012-5-19 11776]
R2 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-5-11 8704]
R2 fshoster;F-Secure Dll Hoster;C:\Program Files (x86)\BT Cloud\fshoster32.exe [2013-1-18 188400]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe -run --> C:\Windows\System32\hasplms.exe -run [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-29 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-29 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-29 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-11-29 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-11-29 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-11-29 182752]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-1-28 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-1-28 460288]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-5-28 45056]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-8-28 92632]
R3 dvdfab;dvdfab;C:\Windows\System32\drivers\dvdfab.sys [2012-11-15 79232]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-11-29 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-11-29 515968]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-11-25 694888]
R3 t3;Sound Blaster X-Fi Xtreme Audio;C:\Windows\System32\drivers\t3.sys [2010-5-24 632832]
R3 TBS6280_64;TBS DVB-T2/T service;C:\Windows\System32\drivers\tbs6280_64.sys [2012-9-7 1898488]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\Windows\System32\drivers\hcw88aud.sys [2009-8-6 16128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-5-11 96768]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-29 201304]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2013-1-7 31968]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-11-29 70112]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-24 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-2-23 79360]
S3 DIRECTIO;DIRECTIO;C:\Program Files\PerformanceTest\DirectIo64.sys [2013-1-24 25704]
S3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;C:\Windows\System32\drivers\GigasetGenericUSB_x64.sys [2012-11-8 54272]
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\Windows\System32\drivers\hcw88bda.sys [2009-8-6 257664]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\Windows\System32\drivers\hcw88tse.sys [2009-8-6 339840]
S3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\Windows\System32\drivers\hcw88tun.sys [2009-8-6 110080]
S3 hcw88vid;Hauppauge WinTV 88x Video;C:\Windows\System32\drivers\hcw88vid.sys [2009-8-6 440064]
S3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\Windows\System32\drivers\hcw88bar.sys [2009-8-6 21632]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-29 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-11-29 106552]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2011-5-18 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2011-5-18 171008]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-3 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-25 1255736]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2013-2-12 29288]
.
=============== Created Last 30 ================
.
2013-03-22 10:25:42 74240 ---ha-w- C:\Windows\System32\chkndown64.dll
2013-03-22 10:25:19 600064 ----a-w- C:\Users\Clive\AppData\Roaming\aladg.dll
2013-03-20 20:18:27 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-20 17:28:13 -------- d-----w- C:\Users\Clive\AppData\Local\calibre-cache
2013-03-18 16:51:51 -------- d-----w- C:\Program Files (x86)\UKTS
2013-03-08 15:29:22 -------- d-s---w- C:\Users\Clive\BT Cloud
2013-03-08 15:29:22 -------- d-----w- C:\Users\Clive\AppData\Local\F-Secure
2013-03-08 15:28:10 -------- d-----w- C:\Program Files (x86)\BT Cloud
2013-03-08 15:24:54 -------- d-----w- C:\ProgramData\F-Secure
2013-03-07 15:22:19 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop
2013-03-06 21:53:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-02-27 12:23:57 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-02-27 12:23:57 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-02-27 12:23:57 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-02-27 12:23:57 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2013-02-27 12:23:42 2906586 ------w- C:\Windows\SysWow64\Sens_oal.dll
2013-02-27 12:23:41 1944064 ------w- C:\Windows\System32\Sens_oal.dll
2013-02-26 15:33:49 -------- d-----w- C:\Program Files (x86)\RailWorks
.
==================== Find3M ====================
.
2013-03-13 02:51:30 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-13 02:51:29 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 13:59:06 70112 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2013-02-19 13:56:26 340216 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2013-02-19 13:56:14 182752 ----a-w- C:\Windows\System32\mfevtps.exe
2013-02-19 13:55:26 10728 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2013-02-19 13:55:14 106552 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2013-02-19 13:54:32 771536 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2013-02-19 13:53:42 515968 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2013-02-19 13:53:02 309840 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2013-02-19 13:52:44 179280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-10 19:34:20 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-08 11:36:20 29288 ----a-w- C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2010-05-26 13:53:46 35576 ----a-w- C:\Program Files (x86)\uninstall.exe
2009-11-21 08:48:30 74672 ----a-w- C:\Program Files (x86)\fraps64.dat
2009-11-21 08:48:20 2234288 ----a-w- C:\Program Files (x86)\fraps.exe
2009-11-21 08:45:44 159744 ----a-w- C:\Program Files (x86)\frapslcd.dll
2009-11-05 03:09:00 154032 ----a-w- C:\Program Files (x86)\fraps64.dll
2009-11-05 03:08:58 206768 ----a-w- C:\Program Files (x86)\fraps32.dll
2009-03-04 11:18:04 6512128 ----a-w- C:\Program Files (x86)\PowerDVD.msi
2009-03-04 11:17:17 4230098 ----a-w- C:\Program Files (x86)\ISSetup.dll
2009-02-28 18:40:37 75048 ----a-w- C:\Program Files (x86)\brs.exe
2009-02-18 22:23:47 2476 ----a-w- C:\Program Files (x86)\PDVD.reg
2009-02-09 15:27:00 94208 ----a-w- C:\Program Files (x86)\SKUtil.dll
2008-10-24 11:08:24 1770 ----a-w- C:\Program Files (x86)\BDROM.reg
2008-05-14 13:48:01 75048 ----a-w- C:\Program Files (x86)\CLSM.exe
2007-12-14 10:39:57 2688296 ----a-w- C:\Program Files (x86)\vcredist_x86.exe
.
============= FINISH: 10:57:51.64 ===============

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

You're running two AV programs, McAfee and MSE.
You must uninstall one of them.
If McAfee use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html

Download RogueKiller on the desktop

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[Snakes1000]

Thanks for your reply. I assume MSE stands for Microsoft Security Essentials? I would rather uninstall this than McAfee as the latter comes as part of a free package from my ISP BT. How do I uninstall MSE as it does not appear on my program list in Revo Uninstaller or under the less-vigorous standard uninstaller in the Control Panel.

I'm not convinced it's running if I do have it (although I can see it is referred to in the log text).

OK I've completed that task (with the exception of uninstalling MSE - see previous email).

The RogueKiller reports are:-

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Clive [Admin rights]
Mode : Scan -- Date : 03/23/2013 16:43:03
| ARK || FAK || MBR |
¤¤¤ Bad processes : 3 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Clive\AppData\Roaming\aladg.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Clive\AppData\Roaming\aladg.dll [x] -> KILLED [TermProc]
[SUSP PATH] chrome_frame_helper.exe -- C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 25 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe" --startup) [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : wimsi (rundll32.exe "C:\Users\Clive\AppData\Roaming\wimsi.dll",CchFileTimeToDateTimeSz) [x] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : aladg ("C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\aladg.dll",TypeError) [7] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : mdpmcv ("C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\mdpmcv.dll",SyntaxLocation) [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1368043077-876994860-1198750009-1000[...]\Run : ChromeFrameHelper ("C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe" --startup) [7] -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\88609671 (C:\Windows\system32\DRIVERS\88609671.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\88609672 (C:\Windows\system32\DRIVERS\88609672.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\88609671 (C:\Windows\system32\DRIVERS\88609671.sys) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\88609672 (C:\Windows\system32\DRIVERS\88609672.sys) -> FOUND
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4680 : wscript.exe C:\Users\Clive\AppData\Local\Temp\launchie.vbs //B -> FOUND
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Clive\AppData\Local\Temp\IHU83F1.tmp.exe [x] -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 98b7d72cac858eb6236775ee1e5f359f
[BSP] c55769993bd7e758c3d5d298cd07f62a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SAMSUNG HD501LJ USB Device +++++
--- User ---
[MBR] 781bf8ee0160b6f59afd509aa622798e
[BSP] 656425d65fe09ff316ebf37daf798cf1 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: SAMSUNG HD501LJ USB Device +++++
--- User ---
[MBR] d40739961dc2f74964d42d0e3115b120
[BSP] 054f4e2052089291c3de3c103cfc484e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: SAMSUNG HD501LJ USB Device +++++
--- User ---
[MBR] 994d1b6cc77b6427099b3cf66fb19e0f
[BSP] 57111411898571a4a7dfec96c0cd5c07 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: Freecom Hard Drive XS USB Device +++++
--- User ---
[MBR] b80e0e2f9698539babf22e089aa3ada9
[BSP] 99c55ac27e69b848a1758efaacf6c79c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1]_S_03232013_02d1643.txt >>
RKreport[1]_S_03232013_02d1643.txt

2

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Clive [Admin rights]
Mode : Remove -- Date : 03/23/2013 16:44:58
| ARK || FAK || MBR |
¤¤¤ Bad processes : 3 ¤¤¤
[DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Clive\AppData\Roaming\aladg.dll [x] -> KILLED [TermProc]
[DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Clive\AppData\Roaming\aladg.dll [x] -> KILLED [TermProc]
[SUSP PATH] chrome_frame_helper.exe -- C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 20 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : ChromeFrameHelper ("C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe" --startup) [7] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : wimsi (rundll32.exe "C:\Users\Clive\AppData\Roaming\wimsi.dll",CchFileTimeToDateTimeSz) [x] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : aladg ("C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\aladg.dll",TypeError) [7] -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : mdpmcv ("C:\Windows\System32\rundll32.exe" "C:\Users\Clive\AppData\Roaming\mdpmcv.dll",SyntaxLocation) [7] -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\88609671 (C:\Windows\system32\DRIVERS\88609671.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\88609672 (C:\Windows\system32\DRIVERS\88609672.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\88609671 (C:\Windows\system32\DRIVERS\88609671.sys) -> DELETED
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\88609672 (C:\Windows\system32\DRIVERS\88609672.sys) -> DELETED
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4680 : wscript.exe C:\Users\Clive\AppData\Local\Temp\launchie.vbs //B -> DELETED
[TASK][SUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Clive\AppData\Local\Temp\IHU83F1.tmp.exe [x] -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HDP725050GLA360 ATA Device +++++
--- User ---
[MBR] 98b7d72cac858eb6236775ee1e5f359f
[BSP] c55769993bd7e758c3d5d298cd07f62a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: SAMSUNG HD501LJ USB Device +++++
--- User ---
[MBR] 781bf8ee0160b6f59afd509aa622798e
[BSP] 656425d65fe09ff316ebf37daf798cf1 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive2: SAMSUNG HD501LJ USB Device +++++
--- User ---
[MBR] d40739961dc2f74964d42d0e3115b120
[BSP] 054f4e2052089291c3de3c103cfc484e : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive3: SAMSUNG HD501LJ USB Device +++++
--- User ---
[MBR] 994d1b6cc77b6427099b3cf66fb19e0f
[BSP] 57111411898571a4a7dfec96c0cd5c07 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive4: Freecom Hard Drive XS USB Device +++++
--- User ---
[MBR] b80e0e2f9698539babf22e089aa3ada9
[BSP] 99c55ac27e69b848a1758efaacf6c79c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1430796 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2]_D_03232013_02d1644.txt >>
RKreport[1]_S_03232013_02d1643.txt ; RKreport[2]_D_03232013_02d1644.txt

______________________________________________________

The Malwarebytes Anti-Root program found no malware. The reports are:-

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.23.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Clive :: CLIVE-PC [administrator]
23/03/2013 17:02:00
mbar-log-2013-03-23 (17-02-00).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 38102
Time elapsed: 15 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

2

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED, I:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 3.210000 GHz
Memory total: 8588025856, free: 4854513664
------------ Kernel report ------------
03/23/2013 16:46:13
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\88609672.sys
\SystemRoot\system32\drivers\cdrom.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\88609671.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\TBS6280_64.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\dvdfab.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\WmBEnum.sys
\SystemRoot\system32\drivers\WmXlCore.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\t3.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\aksdf.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\aksfridge.sys
\??\C:\Windows\system32\drivers\dokan.sys
\??\C:\Windows\system32\drivers\hardlock.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\system32\drivers\MSPCLOCK.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\Wldap32.dll
\Windows\System32\lpk.dll
\Windows\System32\advapi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\gdi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\user32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\iertutil.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\devobj.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8008830790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xfffffa800a5e8b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8008832790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xfffffa800a5f0b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa8007f75790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xfffffa80088376e0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8007f74790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xfffffa8007961a30
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007f4b790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000081\
Lower Device Object: 0xfffffa8008ea3b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007b27060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8006b17060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
Downloaded database version: v2013.03.23.07
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b27060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b27b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b27060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006b15580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8006b17060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a002bad7f0, 0xfffffa8007b27060, 0xfffffa8007d5a090
Lower DeviceData: 0xfffff8a005f565f0, 0xfffffa8006b17060, 0xfffffa8006d05510
<<< 3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 896765B0
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 976769024
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007f4b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008eab9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007f4b790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008ea3b60, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a01c9c3ec0, 0xfffffa8007f4b790, 0xfffffa8007c1e3e0
Lower DeviceData: 0xfffff8a0190c99d0, 0xfffffa8008ea3b60, 0xfffffa8007b91120
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: CCC26479
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8007f74790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a5ebb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007f74790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007961a30, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a017b313d0, 0xfffffa8007f74790, 0xfffffa8006f9a790
Lower DeviceData: 0xfffff8a01cd67300, 0xfffffa8007961a30, 0xfffffa800f5afd00
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D38FF675
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xfffffa8007f75790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a5d4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007f75790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80088376e0, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a006c8ccd0, 0xfffffa8007f75790, 0xfffffa8007bb6790
Lower DeviceData: 0xfffff8a0085e6810, 0xfffffa80088376e0, 0xfffffa8010c26160
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FC1C3C8E
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xfffffa8008832790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a5e4b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008832790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a5f0b60, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a000a93940, 0xfffffa8008832790, 0xfffffa8007d4c790
Lower DeviceData: 0xfffff8a01d1ada00, 0xfffffa800a5f0b60, 0xfffffa80073324e0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: EE5EC694
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 2930272002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1500301910016 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xfffffa8008830790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800a5f7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008830790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a5e8b60, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a015e4c2e0, 0xfffffa8008830790, 0xfffffa8006c18790
Lower DeviceData: 0xfffff8a00a5aa870, 0xfffffa800a5e8b60, 0xfffffa800eb85090
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 21365
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 3906961408
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 2000365289472 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
<<<2>>>
Device number: 4, partition: 1
<<<3>>>
Volume: I:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Scan finished
=======================================

I hope that helps

 

[Broni]

MSE listing may be just some registry leftover so don't worry about it for now.

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Snakes1000]

Hi

OMG! Help!

This process has now completed on my PC but I cannot start most program's (including Internet Explorer, Windows Media Centre, Windows Explorer, etc) so am sending this from my iPad. The error messages are consistent when I attempt to open any of them. It states "Illegal operation attempted on a registry key that has been marked for deletion (and defines the file - e.g. C:\Program Files\Internet Explorer\iexplore.exe). I did get the text log after Combi completed and saved it to the desktop but I can't even open that now - same error message.

Should I try to restore back to an earlier date? If so, the one before we started (that you suggested I set up) or one before I had any virus/malware issues?

I would really appreciate a timely response (I'm sure you're busy) as I can do nothing now and am a bit concerned.

Cheers

 

[Broni]

How about reading my instructions carefully?
In my very first post I stated:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you do, you'll see this:

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

 

[Snakes1000]

Hi Broni,

Why the aggressive tone? I have followed your instructions to the letter but confess I did miss your Note 3 so apologies for that.

I admit to getting a bit freaked out and as I did not hear back from you after 3 hours and was concerned that you may have finished work so I went ahead and did a restore to a time before I picked up the virus.

That process took a further 3 hours+ and has just finished. I have not fully tested the pc but all appears well.

What would you suggest I do next - if you are prepared to continue this support?

Regards

 

[Broni]

I surely will but I need Combofix log.

 

[Snakes1000]

OK, here you go. By the way, all seems to be operating normally a the moment - thanks, so much.

ComboFix 13-03-23.01 - Clive 23/03/2013 18:22:28.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8190.4376 [GMT 0:00]
Running from: c:\users\Clive\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Freecorder extension\ScRIpthost.dll
c:\program files (x86)\Setup.exe
c:\program files (x86)\Uninstall.exe
c:\programdata\tsohnoc.pad
c:\users\Clive\AppData\Roaming\aladg.dll
c:\users\Clive\AppData\Roaming\inst.exe
c:\users\Clive\AppData\Roaming\Microsoft\~DFK4293de5a.tmp
c:\users\Clive\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Clive\AppData\Roaming\Microsoft\bass.dll
c:\users\Clive\AppData\Roaming\Microsoft\engine_ag.dll
c:\users\Clive\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Clive\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Clive\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Clive\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Clive\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\iun6002.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\SET113B.tmp
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))
.
.
2013-03-23 18:40 . 2013-03-23 18:40 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-03-23 18:40 . 2013-03-23 18:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-23 16:13 . 2013-03-23 16:13 78 ----a-w- C:\FixitRegBackup.reg
2013-03-22 10:25 . 2013-03-22 10:25 74240 ---ha-w- c:\windows\system32\chkndown64.dll
2013-03-20 20:18 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-20 17:28 . 2013-03-20 17:28 -------- d-----w- c:\users\Clive\AppData\Local\calibre-cache
2013-03-18 16:51 . 2013-03-18 16:51 -------- d-----w- c:\program files (x86)\UKTS
2013-03-08 15:29 . 2013-03-08 15:30 -------- d-s---w- c:\users\Clive\BT Cloud
2013-03-08 15:29 . 2013-03-08 15:29 -------- d-----w- c:\users\Clive\AppData\Local\F-Secure
2013-03-08 15:28 . 2013-03-21 13:28 -------- d-----w- c:\program files (x86)\BT Cloud
2013-03-08 15:24 . 2013-03-08 15:28 -------- d-----w- c:\programdata\F-Secure
2013-03-07 15:22 . 2013-03-07 15:22 -------- d-----w- c:\program files (x86)\BBC iPlayer Desktop
2013-03-07 15:22 . 2013-03-07 15:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-03-06 21:53 . 2013-03-06 21:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-27 12:23 . 2013-02-27 12:23 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-27 12:23 . 2013-02-27 12:23 123480 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-27 12:23 . 2012-01-13 11:23 1944064 ------w- c:\windows\system32\Sens_oal.dll
2013-02-26 15:33 . 2013-03-06 21:13 -------- d-----w- c:\program files (x86)\RailWorks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 10:08 . 2010-05-24 14:00 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-03-13 02:51 . 2012-07-26 11:06 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 02:51 . 2012-07-26 11:06 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-27 12:23 . 2013-02-27 12:23 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-02-27 12:23 . 2013-02-27 12:23 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-02-19 13:59 . 2012-11-29 09:57 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 13:56 . 2012-07-17 14:52 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 13:56 . 2012-11-29 09:47 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 13:55 . 2012-11-29 09:58 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 13:55 . 2012-11-29 09:57 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 13:54 . 2012-07-17 14:50 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 13:53 . 2012-11-29 09:57 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 13:53 . 2012-11-29 09:57 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 13:52 . 2012-07-17 14:48 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 05:45 . 2013-03-13 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 20:00 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 20:00 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 20:00 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 20:00 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-10 19:34 . 2012-12-21 15:21 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-02 03:30 . 2013-03-15 10:04 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-02 03:26 . 2013-03-15 10:04 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-02 03:23 . 2013-03-15 10:04 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-01-18 12:15 . 2013-03-23 18:58 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{088BE215-C4BC-4500-8D81-9D9EE096737F}\mpengine.dll
2013-01-18 12:15 . 2013-03-23 18:53 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7DD2B27-CFF2-4864-8771-B0E079E2F757}\mpengine.dll
2013-01-17 01:28 . 2010-05-24 14:02 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-13 19:53 . 2013-02-27 09:26 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 09:26 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:43 . 2013-02-27 09:26 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:02 . 2013-02-27 09:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 09:26 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 09:26 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-08 11:36 . 2013-02-12 11:23 29288 ----a-w- c:\windows\system32\drivers\WsAudioDevice_383S(1).sys
2013-01-05 05:53 . 2013-02-13 21:26 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 21:26 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 21:26 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 09:26 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-13 21:25 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 21:25 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 21:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 21:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 21:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 21:25 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 21:25 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 21:25 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 21:25 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 21:25 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2009-11-21 08:48 . 2009-11-21 08:48 74672 ----a-w- c:\program files (x86)\fraps64.dat
2009-11-21 08:48 . 2009-11-21 08:48 2234288 ----a-w- c:\program files (x86)\fraps.exe
2009-11-21 08:45 . 2009-11-21 08:45 159744 ----a-w- c:\program files (x86)\frapslcd.dll
2009-11-05 03:09 . 2009-11-05 03:09 154032 ----a-w- c:\program files (x86)\fraps64.dll
2009-11-05 03:08 . 2009-11-05 03:08 206768 ----a-w- c:\program files (x86)\fraps32.dll
2009-03-04 11:18 . 2010-05-25 13:08 6512128 ----a-w- c:\program files (x86)\PowerDVD.msi
2009-03-04 11:17 . 2010-05-25 13:08 4230098 ----a-w- c:\program files (x86)\ISSetup.dll
2009-02-28 18:40 . 2010-05-25 13:08 75048 ----a-w- c:\program files (x86)\brs.exe
2009-02-18 22:23 . 2010-05-25 13:08 2476 ----a-w- c:\program files (x86)\PDVD.reg
2009-02-09 15:27 . 2010-05-25 13:08 94208 ----a-w- c:\program files (x86)\SKUtil.dll
2008-10-24 11:08 . 2010-05-25 13:08 1770 ----a-w- c:\program files (x86)\BDROM.reg
2008-05-14 13:48 . 2010-05-25 13:08 75048 ----a-w- c:\program files (x86)\CLSM.exe
2007-12-14 10:39 . 2010-05-25 13:08 2688296 ----a-w- c:\program files (x86)\vcredist_x86.exe
2006-05-16 23:58 . 2010-05-25 13:08 1822520 ----a-w- c:\program files (x86)\instmsiw.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{94366e2c-9923-431c-b0d6-747447dd0f2b}]
2012-03-22 07:24 87008 ----a-w- c:\program files (x86)\searchresults1\searchresultsDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{94366e2c-9923-431c-b0d6-747447dd0f2b}"= "c:\program files (x86)\searchresults1\searchresultsDx.dll" [2012-03-22 87008]
.
[HKEY_CLASSES_ROOT\clsid\{94366e2c-9923-431c-b0d6-747447dd0f2b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-25 39408]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-03-15 1632680]
"com.apple.dav.bookmarks.daemon"="c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe" [2012-12-17 59872]
"5E8B7EFB655487CEB113C2EF305E074CD5918900._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-03-11 1274320]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Creative MediaSource Go"="c:\program files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe" [2006-11-09 204800]
"Spotify Web Helper"="c:\users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-12 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-12-20 75048]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"F-Secure Hoster (47188)"="c:\program files (x86)\BT Cloud\fshoster32.exe" [2013-01-18 188400]
.
c:\users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2009-08-06 16128]
R1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
R1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2012/09/12 18:38];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-10-08 31968]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-24 79360]
R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2012-02-23 79360]
R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys [2012-08-13 25704]
R3 GigasetGenericUSB_x64;GigasetGenericUSB_x64;c:\windows\system32\DRIVERS\GigasetGenericUSB_x64.sys [2012-11-08 54272]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2009-08-06 257664]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2009-08-06 339840]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2009-08-06 110080]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2009-08-06 440064]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\HCW88BAR.sys [2009-08-06 21632]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2011-05-18 12800]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2011-05-18 171008]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-25 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2013-01-08 29288]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-08-10 56336]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2012-07-08 101464]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-10 39768]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/09/17 17:43];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2012-08-15 19:41 146928]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2012-05-19 106888]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2012-05-19 11776]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-05-10 96768]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-05-10 8704]
S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\BT Cloud\fshoster32.exe [2013-01-18 188400]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-10-31 369152]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-10-31 460288]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2010-01-21 45056]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-08-28 92632]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-08-15 79232]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-05-25 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2012-10-12 632832]
S3 TBS6280_64;TBS DVB-T2/T service;c:\windows\system32\DRIVERS\TBS6280_64.sys [2012-07-24 1898488]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 09:01 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 02:51]
.
2013-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-25 01:50]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 13:50]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-25 13:50]
.
2013-03-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368043077-876994860-1198750009-1000Core.job
- c:\users\Clive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 21:46]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1368043077-876994860-1198750009-1000UA.job
- c:\users\Clive\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-10 21:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FSSyncErrorIcon]
@="{1F872D95-A1C0-452C-9662-08739211EC04}"
[HKEY_CLASSES_ROOT\CLSID\{1F872D95-A1C0-452C-9662-08739211EC04}]
2013-03-07 10:32 942016 ----a-w- c:\program files (x86)\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FSSyncOkIcon]
@="{164AD5E4-2B93-4FB0-8AE3-8F922BAA186B}"
[HKEY_CLASSES_ROOT\CLSID\{164AD5E4-2B93-4FB0-8AE3-8F922BAA186B}]
2013-03-07 10:32 942016 ----a-w- c:\program files (x86)\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FSSyncProgressingConnectingIcon]
@="{935591D8-7EF8-4147-80D8-C80AB6E964DF}"
[HKEY_CLASSES_ROOT\CLSID\{935591D8-7EF8-4147-80D8-C80AB6E964DF}]
2013-03-07 10:32 942016 ----a-w- c:\program files (x86)\BT Cloud\apps\ContentAnywhere\FSSyncShellExtension64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2821808]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.uk/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
Trusted Zone: dell.com
Trusted Zone: google.co.uk\www
Trusted Zone: google.com\mail
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - c:\program files (x86)\Freecorder extension\ScriptHost.dll
Toolbar-Locked - (no file)
Toolbar-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files (x86)\BitTorrentBar\tbBitT.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKCU-Run-Remote Mouse - c:\program files (x86)\Remote Mouse\RemoteMouse.exe
Wow6432Node-HKLM-Run-Wondershare Helper Compact.exe - c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-Start WingMan Profiler - c:\program files\Logitech\Gaming Software\LWEMon.exe
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
AddRemove-RW_Tools V4 - g:\train sim area\Utilities
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fshoster]
"ImagePath"="\"c:\program files (x86)\BT Cloud\fshoster32.exe\" -hosterid:0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="ec957b35-f355-4fbb-a87d-12b331754ec8"
"AuthorizationCode"=""
"47188_AgentIdentifier"="ec957b35-f355-4fbb-a87d-12b331754ec8"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Realtek\11n USB Wireless LAN Utility\RtWlan.exe
.
**************************************************************************
.
Completion time: 2013-03-23 19:04:55 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-23 19:04
.
Pre-Run: 79,895,228,416 bytes free
Post-Run: 79,544,991,744 bytes free
.
- - End Of File - - C1DC187C703D28660064F4447408EE74

 

[Broni]

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Snakes1000]

Hi Broni,

I have emailed the reports to you but here they are each one follows the other as there are too many characters to put in one post.

Please advise what, if anything, I need to do next.

Regards

# AdwCleaner v2.115 - Logfile created 03/25/2013 at 10:13:56
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Clive - CLIVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Clive\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\searchresults1
Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Clive\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Clive\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Clive\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Clive\AppData\Local\PackageAware
Folder Deleted : C:\Users\Clive\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Clive\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Clive\AppData\LocalLow\BitTorrentBar
Folder Deleted : C:\Users\Clive\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Clive\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Clive\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Clive\AppData\LocalLow\searchresults1
Folder Deleted : C:\Users\Clive\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\searchresults1
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\Software\BitTorrentBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{710B283C-3A08-4CD5-973C-6DA6238D63BF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94366E2C-9923-431C-B0D6-747447DD0F2B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchresults1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{94366E2C-9923-431C-B0D6-747447DD0F2B}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc30246-5a3b-468a-aef5-55f6f0918275&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
-\\ Google Chrome v25.0.1364.172
File : C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.79] : icon_url = "hxxp://www.snap.do/favicon.ico",
Deleted [l.82] : keyword = "search.snap.do",
Deleted [l.85] : search_url = "hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=bbc302[...]
*************************
AdwCleaner[S1].txt - [18725 octets] - [25/03/2013 10:13:56]
########## EOF - C:\AdwCleaner[S1].txt - [18786 octets] ##########

 

[Snakes1000]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by Clive on 25/03/2013 at 11:52:44.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1368043077-876994860-1198750009-1000\software\microsoft\internet explorer\searchurl\\Default
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchurl\\Default

~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{b15bbe59-42f5-4206-b3f0-be98f5dc4b93}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{b15bbe59-42f5-4206-b3f0-be98f5dc4b93}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{16c8c46e-c811-4977-bf0a-b5cc1fa78d95}

~~~ Files

~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Program Files (x86)\freecorder extension"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\freecorder"

~~~ Event Viewer Logs were cleared


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/03/2013 at 12:04:36.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Snakes1000]

OTL logfile created on: 25/03/2013 12:07:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clive\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.34% Memory free
19.99 Gb Paging File | 17.19 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 12285 13000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 73.09 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 109.95 Gb Free Space | 23.61% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 347.03 Gb Free Space | 74.51% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 433.63 Gb Free Space | 93.10% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 771.89 Gb Free Space | 55.24% Space Free | Partition Type: NTFS
Drive K: | 1862.98 Gb Total Space | 965.50 Gb Free Space | 51.83% Space Free | Partition Type: NTFS

Computer Name: CLIVE-PC | User Name: Clive | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/03/24 16:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clive\Desktop\OTL.exe
PRC - [2013/03/15 17:29:12 | 001,632,680 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2013/03/11 00:21:13 | 000,082,896 | ---- | M] (Google Inc.) -- C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe
PRC - [2013/02/12 11:00:05 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/01/21 15:53:42 | 003,158,000 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\BT Cloud\apps\ContentAnywhere\fs_sync_ui_hoster.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 17:14:10 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012/12/17 16:48:14 | 000,059,872 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/12/07 14:01:40 | 000,187,960 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\BT Cloud\fshoster32.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/11/23 11:50:48 | 001,259,184 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
PRC - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2012/05/19 00:03:56 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
PRC - [2012/05/10 14:26:52 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2011/12/20 13:56:36 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/03/25 20:10:56 | 001,089,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2010/01/21 13:11:40 | 000,045,056 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2007/04/17 15:22:22 | 000,184,320 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2006/11/09 10:19:14 | 000,204,800 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/15 17:29:10 | 000,990,120 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/03/14 21:19:02 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/03/12 17:10:10 | 000,649,216 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl2.dll
MOD - [2013/03/08 15:28:25 | 000,593,464 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
MOD - [2012/12/11 09:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 09:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 09:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/09 20:20:06 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/03/17 11:39:46 | 000,148,992 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 21:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/10/31 23:45:22 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2011/12/30 06:39:40 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2011/09/27 19:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/03/13 02:51:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/18 14:04:33 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/07 14:01:40 | 000,187,960 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\BT Cloud\fshoster32.exe -- (fshoster)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/10/02 22:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/09/17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/08/28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/05/19 00:03:56 | 000,011,776 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2012/05/10 14:26:52 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/05/10 14:26:36 | 000,096,768 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/02/23 10:46:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe -- (Creative Media Toolbox 6 Licensing Service)
SRV - [2011/06/08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/05/24 15:08:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010/01/21 13:11:40 | 000,045,056 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2013/02/10 19:34:20 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/01/08 11:36:20 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:64bit: - [2012/11/23 11:50:38 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2012/11/23 11:50:32 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2012/11/08 13:47:22 | 000,054,272 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GigasetGenericUSB_x64.sys -- (GigasetGenericUSB_x64)
DRV:64bit: - [2012/10/12 08:42:02 | 000,632,832 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2012/10/08 19:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/13 15:30:36 | 000,025,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PerformanceTest\DirectIo64.sys -- (DIRECTIO)
DRV:64bit: - [2012/08/10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/07/24 11:54:02 | 001,898,488 | ---- | M] (www.tbsdtv.com) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbs6280_64.sys -- (TBS6280_64)
DRV:64bit: - [2012/07/08 06:19:18 | 000,101,464 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/05/19 00:03:58 | 000,106,888 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/22 13:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011/11/22 13:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011/09/28 14:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011/09/02 06:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 06:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 06:30:02 | 000,032,536 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2011/08/15 14:51:40 | 000,079,232 | ---- | M] (Fengtao Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dvdfab.sys -- (dvdfab)
DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 10:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/05/18 10:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/05/18 10:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/05/18 10:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/05/18 10:09:48 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011/05/18 10:09:48 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 21:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/11/25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/05/25 13:18:38 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/03/18 09:00:40 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/10/22 12:54:24 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\88609672.sys -- (88609672)
DRV:64bit: - [2009/09/25 16:59:46 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\88609671.sys -- (88609671)
DRV:64bit: - [2009/09/11 11:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/09/11 11:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/09/11 11:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009/09/11 11:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009/08/06 12:35:20 | 000,440,064 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88vid.sys -- (hcw88vid)
DRV:64bit: - [2009/08/06 12:35:18 | 000,339,840 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88tse.sys -- (HCW88TSE)
DRV:64bit: - [2009/08/06 12:35:18 | 000,257,664 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88bda.sys -- (HCW88BDA)
DRV:64bit: - [2009/08/06 12:35:18 | 000,110,080 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88tun.sys -- (HCW88TUNE)
DRV:64bit: - [2009/08/06 12:35:16 | 000,021,632 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw88bar.sys -- (HCW88XBAR)
DRV:64bit: - [2009/08/06 12:35:16 | 000,016,128 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\hcw88aud.sys -- (HCW88AUD)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012/11/23 11:50:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/11/23 11:50:36 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2012/08/15 19:41:18 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/09/17 17:43:54] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2011/12/15 17:10:55 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 12 FE 7B 8B 14 CC 01 [binary data]
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\SearchScopes,DefaultScope = {937F837C-6BDA-4F35-98AB-34390B8520B7}
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\SearchScopes\{937F837C-6BDA-4F35-98AB-34390B8520B7}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=&rlz=1I7GPEA_en
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Clive\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Clive\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Clive\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Clive\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Clive\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/03/23 23:13:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/03/23 23:13:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}: C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/03/23 23:14:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/03/23 23:16:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/23 23:16:05 | 000,000,000 | ---D | M]

[2010/10/16 12:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions
[2010/05/31 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/06/08 10:10:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/05/25 13:58:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/16 12:00:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clive\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com

 

[Snakes1000]

========== Chrome ==========

CHR - default_search_provider: Web (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.uk/webhp?rls=ig
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Splendid = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: YouTube = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Motive Extension = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
CHR - Extension: Chrome Toolbox (by Google) = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjccknnhdnkbanjilpjddjhmkghmachn\1.0.32_0\
CHR - Extension: Freecorder = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpicboiclhmnllnjdcfcffifpoaebgkm\7.0.0.13_0\
CHR - Extension: RealDownloader = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Freemake Video Converter = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Clive\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Freecorder extension x64) - {B15BBE59-42F5-4206-B3F0-BE98F5DC4B93} - C:\Program Files\Freecorder extension x64\ScriptHost.dll (Applian Technologies Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [F-Secure Hoster (47188)] C:\Program Files (x86)\BT Cloud\fshoster32.exe (F-Secure Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [5E8B7EFB655487CEB113C2EF305E074CD5918900._service_run] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [ChromeFrameHelper] C:\Users\Clive\AppData\Local\Google\Chrome\Application\25.0.1364.172\chrome_frame_helper.exe (Google Inc.)
O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Creative MediaSource Go] C:\Program Files (x86)\Creative\MediaSource5\Go\CTCMSGoU.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S207C.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe File not found
O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Spotify Web Helper] C:\Users\Clive\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: google.co.uk ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: google.com ([mail] https in Trusted sites)
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DD8E408-84E0-4E80-AFC7-EF588D424863}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/25 11:52:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/25 10:34:05 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/25 10:24:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/24 16:50:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Clive\Desktop\OTL.exe
[2013/03/23 18:10:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/23 18:09:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/20 17:28:13 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\calibre-cache
[2013/03/18 16:51:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UKTS
[2013/03/14 08:54:24 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\#Startup#
[2013/03/08 15:29:22 | 000,000,000 | --SD | C] -- C:\Users\Clive\BT Cloud
[2013/03/08 15:29:22 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Local\F-Secure
[2013/03/08 15:28:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Cloud
[2013/03/08 15:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BT Cloud
[2013/03/08 15:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2013/03/07 15:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop
[2013/03/07 15:22:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/03/06 21:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/01 12:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Trains
[2013/02/27 12:23:57 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/02/27 12:23:57 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/02/27 12:23:42 | 002,906,586 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013/02/27 12:23:41 | 001,944,064 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013/02/26 15:40:59 | 000,000,000 | ---D | C] -- C:\Users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/02/26 15:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RailWorks
[2010/05/25 13:18:38 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Clive\AppData\Roaming\pcouffin.sys
[2010/05/25 13:08:06 | 004,230,098 | ---- | C] (Macrovision Corporation) -- C:\Program Files (x86)\ISSetup.dll
[2010/05/25 13:08:06 | 002,688,296 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\vcredist_x86.exe
[2010/05/25 13:08:06 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\instmsiw.exe
[2010/05/25 13:08:06 | 000,316,976 | ---- | C] (Macrovision Corporation ) -- C:\Program Files (x86)\setup.exe
[2010/05/25 13:08:03 | 000,075,048 | ---- | C] (cyberlink) -- C:\Program Files (x86)\brs.exe
[2009/11/21 08:48:30 | 000,074,672 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dat
[2009/11/21 08:48:20 | 002,234,288 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps.exe
[2009/11/21 08:45:44 | 000,159,744 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\frapslcd.dll
[2009/11/05 03:09:00 | 000,154,032 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps64.dll
[2009/11/05 03:08:58 | 000,206,768 | ---- | C] (Beepa P/L) -- C:\Program Files (x86)\fraps32.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/25 11:57:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/25 11:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/25 11:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1368043077-876994860-1198750009-1000UA.job
[2013/03/25 10:30:26 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/25 10:30:26 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/25 10:19:09 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/25 10:18:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/25 10:17:39 | 2146,050,047 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/25 10:08:54 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/24 19:41:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1368043077-876994860-1198750009-1000Core.job
[2013/03/24 16:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Clive\Desktop\OTL.exe
[2013/03/24 10:09:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/03/23 12:48:52 | 000,000,309 | ---- | M] () -- C:\Users\Clive\Desktop\Virus and Malware Removal - TechSpot Forums.url
[2013/03/18 14:51:42 | 000,000,214 | ---- | M] () -- C:\Users\Clive\Desktop\18 - 24 March 2013 - Weekly checklist - gardenersworld.com.url
[2013/03/18 12:48:47 | 000,085,184 | ---- | M] () -- C:\Users\Clive\Desktop\swanage.png
[2013/03/17 00:01:46 | 000,664,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/17 00:01:46 | 000,125,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/14 17:56:42 | 000,017,360 | ---- | M] () -- C:\Users\Clive\AppData\Local\recently-used.xbel
[2013/03/14 16:23:38 | 000,000,309 | ---- | M] () -- C:\Users\Clive\Desktop\Passport photo requirements - GOV.UK.url
[2013/03/14 16:20:54 | 000,278,890 | ---- | M] () -- C:\Users\Clive\Desktop\Passport Application.jpg
[2013/03/05 12:41:53 | 000,769,524 | ---- | M] () -- C:\Users\Clive\Desktop\Tutorial_Reskin.pdf
[2013/03/04 10:54:06 | 000,505,887 | ---- | M] () -- C:\Users\Clive\Desktop\Invisible Engine.jpg
[2013/02/28 10:30:38 | 1357,964,012 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/27 12:24:43 | 000,002,053 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/02/27 12:23:57 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/02/27 12:23:57 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/23 11:18:00 | 000,000,309 | ---- | C] () -- C:\Users\Clive\Desktop\Virus and Malware Removal - TechSpot Forums.url
[2013/03/18 14:51:42 | 000,000,214 | ---- | C] () -- C:\Users\Clive\Desktop\18 - 24 March 2013 - Weekly checklist - gardenersworld.com.url
[2013/03/18 12:48:46 | 000,085,184 | ---- | C] () -- C:\Users\Clive\Desktop\swanage.png
[2013/03/14 17:56:42 | 000,017,360 | ---- | C] () -- C:\Users\Clive\AppData\Local\recently-used.xbel
[2013/03/14 16:23:38 | 000,000,309 | ---- | C] () -- C:\Users\Clive\Desktop\Passport photo requirements - GOV.UK.url
[2013/03/14 16:20:53 | 000,278,890 | ---- | C] () -- C:\Users\Clive\Desktop\Passport Application.jpg
[2013/03/07 15:22:20 | 000,001,007 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Desktop.lnk
[2013/03/05 12:41:53 | 000,769,524 | ---- | C] () -- C:\Users\Clive\Desktop\Tutorial_Reskin.pdf
[2013/03/04 10:54:06 | 000,505,887 | ---- | C] () -- C:\Users\Clive\Desktop\Invisible Engine.jpg
[2013/02/28 10:30:38 | 1357,964,012 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/08 17:48:05 | 000,000,640 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\WtvWatcher.settings
[2012/11/12 17:04:44 | 000,727,952 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
[2012/11/12 17:04:44 | 000,159,120 | ---- | C] () -- C:\Windows\SysWow64\WSCM32.dll
[2012/09/07 10:29:29 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012/09/07 09:28:44 | 000,007,324 | ---- | C] () -- C:\Windows\unins000.dat
[2012/08/23 12:36:13 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/08/08 11:33:22 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2012/05/19 00:03:56 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll
[2012/03/07 13:39:51 | 000,000,079 | ---- | C] () -- C:\Users\Clive\AppData\Local\CrystalDiskMark30.ini
[2011/07/06 04:41:57 | 000,007,675 | ---- | C] () -- C:\Users\Clive\AppData\Local\Resmon.ResmonCfg
[2011/06/01 15:44:06 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
[2010/08/24 14:27:59 | 000,010,240 | ---- | C] () -- C:\Users\Clive\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 13:18:38 | 000,099,384 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\inst.exe
[2010/05/25 13:18:38 | 000,007,859 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\pcouffin.cat
[2010/05/25 13:18:38 | 000,001,167 | ---- | C] () -- C:\Users\Clive\AppData\Roaming\pcouffin.inf
[2010/05/25 13:08:06 | 006,512,128 | ---- | C] () -- C:\Program Files (x86)\PowerDVD.msi
[2010/05/25 13:08:06 | 001,129,289 | ---- | C] () -- C:\Program Files (x86)\setup.isn
[2010/05/25 13:08:06 | 000,094,208 | ---- | C] ( ) -- C:\Program Files (x86)\SKUtil.dll
[2010/05/25 13:08:06 | 000,010,246 | ---- | C] () -- C:\Program Files (x86)\Language.ini
[2010/05/25 13:08:06 | 000,002,476 | ---- | C] () -- C:\Program Files (x86)\PDVD.reg
[2010/05/25 13:08:06 | 000,001,961 | ---- | C] () -- C:\Program Files (x86)\Setup.ini
[2010/05/25 13:08:06 | 000,001,566 | ---- | C] () -- C:\Program Files (x86)\setup.iss
[2010/05/25 13:08:06 | 000,000,748 | ---- | C] () -- C:\Program Files (x86)\PowerDVD9.sim
[2010/05/25 13:08:06 | 000,000,632 | ---- | C] () -- C:\Program Files (x86)\info.ini
[2010/05/25 13:08:06 | 000,000,631 | ---- | C] () -- C:\Program Files (x86)\uninstall.iss
[2010/05/25 13:08:06 | 000,000,184 | ---- | C] () -- C:\Program Files (x86)\Product.ini
[2010/05/25 13:08:06 | 000,000,169 | ---- | C] () -- C:\Program Files (x86)\ureg.ini
[2010/05/25 13:08:06 | 000,000,064 | ---- | C] () -- C:\Program Files (x86)\ShortCut.ini
[2010/05/25 13:08:06 | 000,000,060 | ---- | C] () -- C:\Program Files (x86)\Define.ini
[2010/05/25 13:08:03 | 112,588,547 | ---- | C] () -- C:\Program Files (x86)\Data1.cab
[2010/05/25 13:08:03 | 000,075,048 | ---- | C] () -- C:\Program Files (x86)\CLSM.exe
[2010/05/25 13:08:03 | 000,038,912 | ---- | C] () -- C:\Program Files (x86)\1031.mst
[2010/05/25 13:08:03 | 000,037,888 | ---- | C] () -- C:\Program Files (x86)\1040.mst
[2010/05/25 13:08:03 | 000,037,376 | ---- | C] () -- C:\Program Files (x86)\1036.mst
[2010/05/25 13:08:03 | 000,035,840 | ---- | C] () -- C:\Program Files (x86)\1041.mst
[2010/05/25 13:08:03 | 000,035,840 | ---- | C] () -- C:\Program Files (x86)\1034.mst
[2010/05/25 13:08:03 | 000,031,744 | ---- | C] () -- C:\Program Files (x86)\1042.mst
[2010/05/25 13:08:03 | 000,025,088 | ---- | C] () -- C:\Program Files (x86)\2052.mst
[2010/05/25 13:08:03 | 000,024,576 | ---- | C] () -- C:\Program Files (x86)\1028.mst
[2010/05/25 13:08:03 | 000,007,242 | ---- | C] () -- C:\Program Files (x86)\0x040c.ini
[2010/05/25 13:08:03 | 000,007,094 | ---- | C] () -- C:\Program Files (x86)\0x0407.ini
[2010/05/25 13:08:03 | 000,007,022 | ---- | C] () -- C:\Program Files (x86)\0x040a.ini
[2010/05/25 13:08:03 | 000,006,897 | ---- | C] () -- C:\Program Files (x86)\0x0410.ini
[2010/05/25 13:08:03 | 000,006,623 | ---- | C] () -- C:\Program Files (x86)\0x0411.ini
[2010/05/25 13:08:03 | 000,006,129 | ---- | C] () -- C:\Program Files (x86)\0x0409.ini
[2010/05/25 13:08:03 | 000,005,724 | ---- | C] () -- C:\Program Files (x86)\0x0412.ini
[2010/05/25 13:08:03 | 000,004,315 | ---- | C] () -- C:\Program Files (x86)\0x0804.ini
[2010/05/25 13:08:03 | 000,004,248 | ---- | C] () -- C:\Program Files (x86)\0x0404.ini
[2010/05/25 13:08:03 | 000,003,584 | ---- | C] () -- C:\Program Files (x86)\1033.mst
[2010/05/25 13:08:03 | 000,001,770 | ---- | C] () -- C:\Program Files (x86)\BDROM.reg
[2010/05/25 13:08:03 | 000,001,014 | ---- | C] () -- C:\Program Files (x86)\Custom.ini
[2010/05/25 13:08:03 | 000,000,751 | ---- | C] () -- C:\Program Files (x86)\CLAud.sim
[2009/11/21 08:18:10 | 000,001,874 | ---- | C] () -- C:\Program Files (x86)\README.HTM

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/07 12:48:16 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Abyssmedia
[2012/03/28 08:52:28 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Affixa
[2013/03/23 23:16:40 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\AnvSoft
[2013/01/07 10:29:38 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Apowersoft
[2013/03/25 12:04:28 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Applian FLV and Media Player
[2013/03/23 23:16:40 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Audacity
[2010/05/25 21:24:21 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\AutoSizer
[2011/06/30 16:36:31 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\AVG
[2013/03/23 23:16:40 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\avidemux
[2012/04/15 11:26:27 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/10/25 16:15:42 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Bigasoft WTV Converter
[2012/01/27 09:55:28 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Bump Technologies, Inc
[2013/03/20 17:30:03 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\calibre
[2011/06/16 16:20:46 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/25 10:03:14 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/15 12:16:04 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\DVDFab
[2013/03/23 13:22:33 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\DVDVideoSoft
[2010/05/28 18:51:51 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Easeware
[2013/03/23 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Efficient Diary
[2012/01/16 16:59:42 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\EPSON
[2010/10/16 12:00:18 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Flickr
[2012/02/21 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\FMZilla
[2011/06/08 12:15:32 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\freac
[2013/01/07 10:49:24 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Free Sound Recorder
[2013/03/23 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\FreeAudioExtractor
[2013/02/13 17:50:37 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Freecorder 7 Audio
[2013/02/14 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Freecorder 7 Converter
[2013/02/14 10:57:22 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Freecorder 7 Video
[2013/03/23 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\FreeVideoCatcher
[2011/02/28 09:10:11 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\FrostWire
[2013/03/23 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\GetRightToGo
[2012/02/07 17:05:17 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\gtk-2.0
[2011/05/26 10:26:56 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\HamsterSoft
[2012/08/05 10:46:18 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\HandBrake
[2013/03/23 15:48:53 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\ImgBurn
[2010/08/29 09:51:17 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\iPodtoComputer
[2010/05/25 14:21:18 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Leadertech
[2012/11/26 16:18:37 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\MAGIX
[2012/05/20 12:15:44 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Mapi2Xml
[2010/06/02 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\MGS
[2010/12/26 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\MoveFab
[2010/06/11 09:27:41 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\NetMedia Providers
[2011/04/19 08:03:23 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Nokia
[2011/04/19 07:59:41 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\PC Suite
[2012/09/25 14:32:54 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\PerfView
[2010/06/11 09:27:41 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Publish Providers
[2011/11/30 09:04:59 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\shrink_pic
[2012/02/08 09:47:45 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Simraceway
[2010/06/11 09:27:36 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Sony
[2013/03/23 23:16:44 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Spotify
[2013/02/12 11:16:06 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\streamWriter
[2013/03/23 23:16:44 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Thunderbird
[2010/06/08 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\TomTom
[2012/03/15 09:53:01 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\TuneUp Software
[2013/03/23 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Tyre
[2010/11/29 09:54:28 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Vso
[2011/07/07 09:38:00 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\VSRevoGroup
[2013/03/23 23:16:45 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\WebApp
[2012/04/03 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Windows Live Writer
[2013/02/12 11:33:16 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Wondershare
[2012/11/12 17:05:23 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Wondershare Video Converter Ultimate
[2011/05/25 10:17:06 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\Youtube Downloader HD
[2011/07/06 04:56:54 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2011/07/06 04:56:54 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2012/03/17 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Trusteer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8CE646EE
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
< End of report >

 

[Snakes1000]

OTL Extras logfile created on: 25/03/2013 12:07:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clive\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 6.03 Gb Available Physical Memory | 75.34% Memory free
19.99 Gb Paging File | 17.19 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): c:\pagefile.sys 12285 13000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 73.09 Gb Free Space | 15.69% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 109.95 Gb Free Space | 23.61% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 347.03 Gb Free Space | 74.51% Space Free | Partition Type: NTFS
Drive H: | 465.76 Gb Total Space | 433.63 Gb Free Space | 93.10% Space Free | Partition Type: NTFS
Drive I: | 1397.26 Gb Total Space | 771.89 Gb Free Space | 55.24% Space Free | Partition Type: NTFS
Drive K: | 1862.98 Gb Total Space | 965.50 Gb Free Space | 51.83% Space Free | Partition Type: NTFS

Computer Name: CLIVE-PC | User Name: Clive | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{17bce0e9-930e-4afb-8089-6863c562379c}" = Gigaset QuickSync
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{561AB451-B967-475C-80E0-3B6679C38B52}" = MySQL Server 5.1
"{5A5FADCD-34CB-4F23-9940-ED1FD8AB3DA5}" = calibre 64bit
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}" = Adobe Premiere Elements 11
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"Bulk Rename Utility_is1" = Bulk Rename Utility 2.7.1.2
"CCleaner" = CCleaner
"CrystalDiskMark_is1" = CrystalDiskMark 3.0.1c
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"PerformanceTest 8_is1" = PerformanceTest v8.0
"PremElem110" = Adobe Premiere Elements 11
"Recuva" = Recuva
"sp6" = Logitech SetPoint 6.32
"TBS 6280 Dual DVBT/T2 Tuner driver for windows_is1" = TBS 6280 Dual DVBT/T2 Tuner driver 1.0.0.8 for windows
"TBS VHID_is1" = TBS VHID 1.0.0.8

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07BB63A6-188D-4447-A0B6-8ED8B2075B81}" = UKTS Freeware Pack - Blocks-Lofts-Bridges #1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B139A40-29B2-43B7-AB5B-0910D7021D10}" = My Channel Logos
"{0C9D0200-FA32-44B7-BBB3-7C03F700C4A0}" = Sound Blaster X-Fi
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{10D69816-2FA2-4071-A45E-2EC182FA2A7D}" = REX Essential Plus Overdrive
"{13969A12-BC34-42DB-906D-D55FA9675EC2}" = UKTS Freeware Pack - Railway Buildings #1
"{13B49566-4C8E-4955-A33D-66A6D31C4F27}" = Sync Client 1.40.343.0 (release)
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{287F350C-F8A6-40A7-8EA3-84EC874CEB00}" = UKTS Freeware Pack - UK DMUs-EMUs-Trams #1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CEDFC42-C1AC-443D-A11D-4BA201CC2C84}" = UKTS Freeware Pack - UK Wagons #1
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{31AD5806-8CFE-4DB0-A8A9-0FD1EEB0693C}" = Affixa
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4728B2D3-DA35-4C7F-BABC-CD9B7C152BE1}" = RWDecal2
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5CBFEC54-FA2C-4A96-A203-FBDBC5C40D69}" = UKTS Freeware Pack - UK Carriages #1
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64C9CBEC-1260-44F1-9304-F0CF9EFF9951}" = UKTS Freeware Pack - Commercial #1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71450506-2F6C-4A9F-AC67-B15D034313BD}" = REX Essential Plus
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F3396F3-C468-4FEA-8A34-7C0F2A5391D6}" = Just Trains - Digital Traction Rebuilt Bulleid Light Pacific
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942ED24D-6D3E-4100-B76E-8180CF85CD68}" = BT Cloud
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF3D390-A0AD-4733-AFC8-18E306B8E219}_is1" = SCARM 0.9.15 beta
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E7E283-8AB2-3EFE-A3BD-8482F72BAFCF}" = Google Talk Plugin
"{A911FCA6-F910-4065-868D-9828C285944B}" = UKTS Freeware Route Pack - Coniston Branch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAEA1063-229A-406B-9962-864AEFBBD82F}" = UKTS Freeware Pack - Housing #1
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1" = Dell Display Manager
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B19E2B7A-745D-4B67-B21B-C97F727F3923}" = UKTS Freeware Pack - Industrial #1
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B614E5FA-6DA4-45A1-845C-52F870240A89}" = PRE11 STI 64Installer
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BF28F7E1-F3A0-40e5-B4E7-B6CFE20D5ADF}_is1" = Bigasoft WTV Converter 3.6.20.4501
"{BF9DC935-7351-406E-9073-A364827AAA8D}" = UKTS Freeware Pack - UK Steam #1
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE6F9778-35DE-42D1-8C61-C5C69DCF8927}" = Google Analytics Opt-out Browser Add-on
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D02F30FB-0BC4-419A-9B9C-ADC610029B50}" = EPSON File Manager
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD3D06F6-E35C-4E43-B991-32A1C8DDB292}" = UKTS Freeware Pack - UK Classic Diesel and Electric #1
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E52EA3AD-AD96-47E9-A556-C546CF0E1021}" = UKTS Freeware Route Pack - Candlewick
"{E7B3D305-0229-4720-81A5-811E2E23DE43}" = UKTS Freeware Pack - Foliage #1
"{E9936A7E-04E3-4F50-9F1B-A4951C57AAD2}" = CCF Authentication 1.00.203.0 (release)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F06AB18D-6F98-48E8-9441-E3290244143D}" = inSSIDer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F355333F-795E-4593-ACAA-5C0F9D719D49}" = UKTS Freeware Pack - Clutter #1
"{F7FD5E5E-3F0C-4931-AA1B-EAB838BC02DB}" = ACID Pro 7.0
"{F8E3A0F8-53A4-4FD8-9986-C90A3EA7C3B6}" = Nokia Software Updater
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Affixa 3.12.0318" = Affixa 3.2012.3.18
"Any Video Converter_is1" = Any Video Converter 3.5.7
"AoA Audio Extractor_is1" = AoA Audio Extractor 1.0
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AudioCS" = Creative Audio Control Panel
"AutoHotkey" = AutoHotkey 1.0.48.05
"AutoSizer" = AutoSizer
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"AviSynth" = AviSynth 2.5
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BT Desktop Help" = BT Desktop Help
"BTHomeHub" = BT Home Hub
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative Diagnostics
"DivX Setup" = DivX Setup
"DokanLibrary" = Dokan Library 0.5.3
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"DVDFab 7_is1" = DVDFab 7.0.7.0 (08/06/2010)
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.2 (23/11/2012) Qt
"DVDFab 8_is1" = DVDFab 8.0.8.5 (19/03/2011)
"DVDFab 9_is1" = DVDFab 9.0.3.0 (15/03/2013) Beta
"DVDFab Media Player_is1" = DVDFab Media Player 1.0.2.9 (01/11/2012)
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.8.0 (24/11/2012)
"EPSON Scanner" = EPSON Scan
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.1 by MixMeister
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Fraps" = Fraps
"Free Audio Converter_is1" = Free Audio Converter version 2.3.3.908
"Free Studio_is1" = Free Studio version 5.7.6.1015
"Free Video Dub_is1" = Free Video Dub version 2.0.6.412
"FreeClipper MP31.0" = FreeClipper MP3
"Freecorder 7 Applications" = Freecorder 7 Applications (7.0.0.48)
"Freecorder extension" = Freecorder extension
"Freecorder extension for Chrome" = Freecorder extension for Chrome
"Freecorder extension x64" = Freecorder extension x64
"Freemake Audio Converter_is1" = Freemake Audio Converter version 1.1.0
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
"Freemake Video Downloader_is1" = Freemake Video Downloader
"F-Secure ServiceEnabler 47188" = BT Cloud
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Host OpenAL" = Host OpenAL
"ieSpell" = ieSpell
"ImgBurn" = ImgBurn
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"lavfilters_is1" = LAV Filters 0.51.2
"MAGIX Xtreme Photo Designer 6 US" = MAGIX Xtreme Photo Designer 6 6.0.19.0 (US)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MSC" = BT NetProtect Plus
"Nokia PC Suite" = Nokia PC Suite
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Steam App 24010" = Train Simulator 2013
"SysInfo" = Creative System Information
"TubeMaster++" = TubeMaster++ 2.7
"Tyre_is1" = Tyre
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"VLC media player" = VLC media player 2.0.1
"VSO Burning SDK_is1" = VSO Burning SDK 4.0.10.472
"WaveStudio 7" = Creative WaveStudio 7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Yahoo! Applications" = BT Yahoo! Applications
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Google Chrome Frame" = Google Chrome Frame
"RW_Tools V4" = RW_Tools V4
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 25/03/2013 08:06:36 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 25/03/2013 08:06:36 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 25/03/2013 08:07:36 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 25/03/2013 08:07:36 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 25/03/2013 08:13:46 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 25/03/2013 08:13:46 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 25/03/2013 08:14:45 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 25/03/2013 08:14:45 | Computer Name = Clive-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
  FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll File not found
  FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
  FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll File not found
  O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
  O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe File not found
  O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [EPSON Stylus SX200 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEFE.EXE /FU "C:\Windows\TEMP\E_S207C.tmp" /EF "HKCU" File not found
  O4 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000..\Run: [Remote Mouse] C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe File not found
  O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
  O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
  O8 - Extra context menu item: Free YouTube Download - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
  O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Clive\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
  O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
  O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: google.co.uk ([www] https in Trusted sites)
  O15 - HKU\S-1-5-21-1368043077-876994860-1198750009-1000\..Trusted Domains: google.com ([mail] https in Trusted sites)
  O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
  O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
  O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
  O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
  O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
  O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
  O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
  O18 - Protocol\Handler\gopher - No CLSID value found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  [2011/06/30 16:36:31 | 000,000,000 | ---D | M] -- C:\Users\Clive\AppData\Roaming\AVG
  @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:8CE646EE
  @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Snakes1000]

Hi Broni,

Here's the first report from OTL. Others to follow:-

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MVT\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wondershare Helper Compact.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON Stylus SX200 Series deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Remote Mouse deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube Download\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to MP3 Converter\ not found.
Registry key HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.co.uk\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1368043077-876994860-1198750009-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\mail\ deleted successfully.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\Windows\Downloaded Program Files\QTPlugin.inf moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
File move failed. c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
Invalid CLSID key: c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
File move failed. c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll scheduled to be moved on reboot.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\gopher\ deleted successfully.
File Protocol\Handler\gopher - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Clive\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Clive\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Clive\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Users\Clive\AppData\Roaming\AVG\PC Tuneup 2011\Logs folder moved successfully.
C:\Users\Clive\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Clive\AppData\Roaming\AVG folder moved successfully.
ADS C:\ProgramData\Temp:8CE646EE deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Clive
->Temp folder emptied: 2276161 bytes
->Temporary Internet Files folder emptied: 1265739817 bytes
->Java cache emptied: 1853578 bytes
->Google Chrome cache emptied: 9266000 bytes
->Flash cache emptied: 8258497 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57657 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56516 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 150016 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10111559 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 105885 bytes
RecycleBin emptied: 9198756049 bytes

Total Files Cleaned = 10,011.00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Clive
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Clive
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03272013_103737
Files\Folders moved on Reboot...
c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll moved successfully.
C:\Users\Clive\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

 

[Snakes1000]

Security Check log:-

Results of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
McAfee Anti-Virus and Anti-Spyware
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java(TM) 7 Update 5
Java version out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.172
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Snakes1000]

FSS Log:-

Farbar Service Scanner Version: 03-03-2013
Ran by Clive (administrator) on 27-03-2013 at 11:51:47
Running from "C:\Users\Clive\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

 

[Snakes1000]

ESET scan still going after 20 hours (see file uploaded)

 

[Snakes1000]

The scan aborted at 36 hours so had to start again. This time I've split the task into two stages; the backup drive and then the remaining drives. It found one threat in the latter (see below). I've now set it away to do the backup.

I:\Downloads\Software\noadware.exe probably a variant of Win32/Adware.ErrorClean application cleaned by deleting - quarantined

 

[Broni]

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

=================================

Now, FSS log shows number of registry issues which we have to fix.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

Post fresh FSS log as well.

 

[Snakes1000]

Hi Broni,

Well I've now completed all the processes you have advised me to carry out.

First the final scan of my back up disk:-

K:\CLIVE-PC\Backup Set 2013-03-11 230007\Backup Files 2013-03-11 230007\Backup files 270.zip multiple threats deleted - quarantined
K:\CLIVE-PC\Backup Set 2013-03-11 230007\Backup Files 2013-03-11 230007\Backup files 364.zip probably a variant of Win32/Adware.ErrorClean application deleted - quarantined
K:\CLIVE-PC\Backup Set 2013-03-25 230003\Backup Files 2013-03-25 230003\Backup files 236.zip a variant of Win32/Medfos.MM trojan deleted - quarantined
K:\CLIVE-PC\Backup Set 2013-03-25 230003\Backup Files 2013-03-25 230003\Backup files 266.zip multiple threats deleted - quarantined
K:\CLIVE-PC\Backup Set 2013-03-25 230003\Backup Files 2013-03-25 230003\Backup files 362.zip probably a variant of Win32/Adware.ErrorClean application deleted - quarantined
_____________________________________________

then the Post Windows Repair log:-

Running Repair Under System Account
Starting Repairs...
Start (30/03/2013 18:05:11)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (30/03/2013 18:05:11)
Running Repair Under Current User Account
Done (30/03/2013 18:05:29)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (30/03/2013 18:05:29)
Running Repair Under System Account
Done (30/03/2013 18:08:21)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (30/03/2013 18:08:21)
Running Repair Under System Account
Done (30/03/2013 18:09:50)
Reset File Permissions 01/26
C:\$INPLACE.~TR & Sub Folders
Start (30/03/2013 18:09:51)
Running Repair Under System Account
Done (30/03/2013 18:10:12)
Reset File Permissions 02/26
C:\$WINDOWS.~Q & Sub Folders
Start (30/03/2013 18:10:12)
Running Repair Under System Account
Done (30/03/2013 18:10:33)
Reset File Permissions 03/26
C:\Boot & Sub Folders
Start (30/03/2013 18:10:33)
Running Repair Under System Account
Done (30/03/2013 18:10:35)
Reset File Permissions 04/26
C:\Config.Msi & Sub Folders
Start (30/03/2013 18:10:35)
Running Repair Under System Account
Done (30/03/2013 18:10:37)
Reset File Permissions 05/26
C:\downloads & Sub Folders
Start (30/03/2013 18:10:37)
Running Repair Under System Account
Done (30/03/2013 18:10:40)
Reset File Permissions 06/26
C:\extensions & Sub Folders
Start (30/03/2013 18:10:40)
Running Repair Under System Account
Done (30/03/2013 18:10:42)
Reset File Permissions 07/26
C:\Graphics & Sub Folders
Start (30/03/2013 18:10:42)
Running Repair Under System Account
Done (30/03/2013 18:10:45)
Reset File Permissions 08/26
C:\jexepackres & Sub Folders
Start (30/03/2013 18:10:45)
Running Repair Under System Account
Done (30/03/2013 18:10:47)
Reset File Permissions 09/26
C:\JRT & Sub Folders
Start (30/03/2013 18:10:47)
Running Repair Under System Account
Done (30/03/2013 18:10:50)
Reset File Permissions 10/26
C:\MININT & Sub Folders
Start (30/03/2013 18:10:50)
Running Repair Under System Account
Done (30/03/2013 18:10:52)
Reset File Permissions 11/26
C:\MSOCache & Sub Folders
Start (30/03/2013 18:10:52)
Running Repair Under System Account
Done (30/03/2013 18:10:54)
Reset File Permissions 12/26
C:\NVIDIA & Sub Folders
Start (30/03/2013 18:10:55)
Running Repair Under System Account
Done (30/03/2013 18:11:07)
Reset File Permissions 13/26
C:\PackageUninstallInfo & Sub Folders
Start (30/03/2013 18:11:07)
Running Repair Under System Account
Done (30/03/2013 18:11:10)
Reset File Permissions 14/26
C:\PerfLogs & Sub Folders
Start (30/03/2013 18:11:10)
Running Repair Under System Account
Done (30/03/2013 18:11:12)
Reset File Permissions 15/26
C:\PowerDVD9Ultra old folder & Sub Folders
Start (30/03/2013 18:11:12)
Running Repair Under System Account
Done (30/03/2013 18:11:15)
Reset File Permissions 16/26
C:\Program Files & Sub Folders
Start (30/03/2013 18:11:15)
Running Repair Under System Account
Done (30/03/2013 18:13:03)
Reset File Permissions 17/26
C:\Program Files (x86) & Sub Folders
Start (30/03/2013 18:13:03)
Running Repair Under System Account
Done (30/03/2013 18:58:30)
Reset File Permissions 18/26
C:\ProgramData & Sub Folders
Start (30/03/2013 18:58:30)
Running Repair Under System Account
Done (30/03/2013 19:03:03)
Reset File Permissions 19/26
C:\Qoobox & Sub Folders
Start (30/03/2013 19:03:03)
Running Repair Under System Account
Done (30/03/2013 19:03:08)
Reset File Permissions 20/26
C:\Recovery & Sub Folders
Start (30/03/2013 19:03:08)
Running Repair Under System Account
Done (30/03/2013 19:03:10)
Reset File Permissions 21/26
C:\REX Essential Plus & Sub Folders
Start (30/03/2013 19:03:10)
Running Repair Under System Account
Done (30/03/2013 19:04:28)
Reset File Permissions 22/26
C:\TBSVHID & Sub Folders
Start (30/03/2013 19:04:28)
Running Repair Under System Account
Done (30/03/2013 19:04:30)
Reset File Permissions 23/26
C:\Temp & Sub Folders
Start (30/03/2013 19:04:30)
Running Repair Under System Account
Done (30/03/2013 19:04:35)
Reset File Permissions 24/26
C:\TempDump & Sub Folders
Start (30/03/2013 19:04:35)
Running Repair Under System Account
Done (30/03/2013 19:04:37)
Reset File Permissions 25/26
C:\Windows & Sub Folders
Start (30/03/2013 19:04:37)
Running Repair Under System Account
Done (30/03/2013 19:20:29)
Reset File Permissions 26/26
C:\_OTL & Sub Folders
Start (30/03/2013 19:20:29)
Running Repair Under System Account
Done (30/03/2013 19:20:33)
Reset File Permissions 01/02
F:\Feature Films & Sub Folders
Start (30/03/2013 19:20:33)
Running Repair Under System Account
Done (30/03/2013 19:20:38)
Reset File Permissions 02/02
F:\Recorded TV & Sub Folders
Start (30/03/2013 19:20:38)
Running Repair Under System Account
Done (30/03/2013 19:20:42)
Reset File Permissions 01/02
G:\Flight Sim Area & Sub Folders
Start (30/03/2013 19:20:42)
Running Repair Under System Account
Done (30/03/2013 19:20:53)
Reset File Permissions 02/02
G:\Train Sim Area & Sub Folders
Start (30/03/2013 19:20:53)
Running Repair Under System Account
Done (30/03/2013 19:21:18)
Reset File Permissions 01/07
H:\bd2688125455ee7d82b9fe61bb8b & Sub Folders
Start (30/03/2013 19:21:19)
Running Repair Under System Account
Done (30/03/2013 19:21:21)
Reset File Permissions 02/07
H:\Documents & Sub Folders
Start (30/03/2013 19:21:21)
Running Repair Under System Account
Done (30/03/2013 19:21:23)
Reset File Permissions 03/07
H:\Downloads & Sub Folders
Start (30/03/2013 19:21:23)
Running Repair Under System Account
Done (30/03/2013 19:21:26)
Reset File Permissions 04/07
H:\iTunes Media & Sub Folders
Start (30/03/2013 19:21:26)
Running Repair Under System Account
Done (30/03/2013 19:22:41)
Reset File Permissions 05/07
H:\Old Docs & Sub Folders
Start (30/03/2013 19:22:41)
Running Repair Under System Account
Done (30/03/2013 19:22:46)
Reset File Permissions 06/07
H:\Recorded TV & Sub Folders
Start (30/03/2013 19:22:46)
Running Repair Under System Account
Done (30/03/2013 19:22:50)
Reset File Permissions 07/07
H:\Sounds - Engines, etc & Sub Folders
Start (30/03/2013 19:22:50)
Running Repair Under System Account
Done (30/03/2013 19:22:55)
Reset File Permissions 01/06
I:\$AVG & Sub Folders
Start (30/03/2013 19:22:55)
Running Repair Under System Account
Done (30/03/2013 19:22:57)
Reset File Permissions 02/06
I:\Documents & Sub Folders
Start (30/03/2013 19:22:57)
Running Repair Under System Account
Done (30/03/2013 19:28:42)
Reset File Permissions 03/06
I:\Downloads & Sub Folders
Start (30/03/2013 19:28:42)
Running Repair Under System Account
Done (30/03/2013 19:28:52)
Reset File Permissions 04/06
I:\e2fc981bd876dad8093d0e & Sub Folders
Start (30/03/2013 19:28:52)
Running Repair Under System Account
Done (30/03/2013 19:28:55)
Reset File Permissions 05/06
I:\Recorded TV & Sub Folders
Start (30/03/2013 19:28:55)
Running Repair Under System Account
Done (30/03/2013 19:28:59)
Reset File Permissions 06/06
I:\Visuals & Sub Folders
Start (30/03/2013 19:29:00)
Running Repair Under System Account
Done (30/03/2013 19:30:23)
Reset File Permissions 01/03
K:\CLIVE-PC & Sub Folders
Start (30/03/2013 19:30:23)
Running Repair Under System Account
Done (30/03/2013 19:31:16)
Reset File Permissions 02/03
K:\msdownld.tmp & Sub Folders
Start (30/03/2013 19:31:16)
Running Repair Under System Account
Done (30/03/2013 19:31:22)
Reset File Permissions 03/03
K:\WindowsImageBackup & Sub Folders
Start (30/03/2013 19:31:22)
Running Repair Under System Account
Done (30/03/2013 19:31:27)
Reset File Permissions: Cleanup
& Sub Folders
Start (30/03/2013 19:31:27)
Running Repair Under System Account
Done (30/03/2013 19:31:36)
Register System Files
Start (30/03/2013 19:31:36)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:33:09)
Repair WMI
Start (30/03/2013 19:33:09)
Running Repair Under Current User Account
Invalid Global Switch.
Invalid Global Switch.
Running Repair Under System Account
Invalid Global Switch.
Invalid Global Switch.
Done (30/03/2013 19:39:52)
Repair Windows Firewall
Start (30/03/2013 19:39:52)
Running Repair Under Current User Account
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
Running Repair Under System Account
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
Done (30/03/2013 19:40:02)
Repair Internet Explorer
Start (30/03/2013 19:40:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:40:27)
Remove Policies Set By Infections
Start (30/03/2013 19:40:27)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:40:34)
Repair Icons
Start (30/03/2013 19:40:34)
Running Repair Under System Account
Could Not Find C:\Users\Clive\AppData\Local\IconCache.db.bak
Could Not Find C:\Users\Clive\AppData\Local\IconCache.db
Done (30/03/2013 19:40:39)
Repair Winsock & DNS Cache
Start (30/03/2013 19:40:39)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:41:02)
Repair Proxy Settings
Start (30/03/2013 19:41:03)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:41:12)
Repair Windows Updates
Start (30/03/2013 19:41:12)
Running Repair Under Current User Account
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The Cryptographic Services service is not started.
More help is available by typing NET HELPMSG 3521.
The Background Intelligent Transfer Service service is not started.
More help is available by typing NET HELPMSG 3521.
The Windows Update service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (30/03/2013 19:42:07)
Repair MSI (Windows Installer)
Start (30/03/2013 19:42:07)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:42:20)
Repair bat Association
Start (30/03/2013 19:42:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:42:25)
Repair cmd Association
Start (30/03/2013 19:42:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:42:29)
Repair com Association
Start (30/03/2013 19:42:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:42:34)
Repair Directory Association
Start (30/03/2013 19:42:34)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:42:41)
Repair Drive Association
Start (30/03/2013 19:42:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:42:46)
Repair exe Association
Start (30/03/2013 19:42:46)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:42:51)
Repair Folder Association
Start (30/03/2013 19:42:51)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:42:56)
Repair inf Association
Start (30/03/2013 19:42:56)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:43:01)
Repair lnk (Shortcuts) Association
Start (30/03/2013 19:43:01)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:43:05)
Repair msc Association
Start (30/03/2013 19:43:05)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:43:10)
Repair reg Association
Start (30/03/2013 19:43:10)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:43:15)
Repair scr Association
Start (30/03/2013 19:43:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:43:20)
Repair Print Spooler
Start (30/03/2013 19:43:20)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:43:37)
Restore Important Windows Services
Start (30/03/2013 19:43:37)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:43:44)
Set Windows Services To Default Startup
Start (30/03/2013 19:43:44)
Running Repair Under Current User Account
Running Repair Under System Account
Done (30/03/2013 19:44:50)
Cleaning up empty logs...
All Selected Repairs Done.
Done (30/03/2013 19:44:50)
Total Repair Time: 01:39:39

...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account

 

[Snakes1000]

______________________________________________________

and finally, the FSS log:-


Farbar Service Scanner Version: 03-03-2013

Ran by Clive (administrator) on 31-03-2013 at 10:12:09

Running from "C:\Users\Clive\Desktop\Utilities\Virus Malware Utilities"

Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************



Internet Services:

============



Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.





Windows Firewall:

=============



Firewall Disabled Policy:

==================





System Restore:

============



System Restore Disabled Policy:

========================





Action Center:

============



Windows Update:

============



Windows Autoupdate Disabled Policy:

============================





Windows Defender:

==============



Other Services:

==============





File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit





**** End of log ****

Many thanks, once again.

 

[Snakes1000]

Hi Broni,

I am experiencing one small problem which may or which may not be related to all the work we have done. It concerns my PowerDVD software. When I run it I get the attached error splash screen. I have tried re-installing some previous upgrades but it may require uninstalling and reinstalling fully from scratch (PowereDVD 7 or something!).

Is it related and, if so, is there a fix?

Sorry to muddy the waters.