Startsear.info help please

[tonycrew]

Can someone help me get rid of this browser hi jacker please it's on my IE9 , Chrome and Firefox,

Im running Windows 7 64bit and have tried various tools but to no avail, it seem to take 100% CPU untill i stop the Chrome Process.

Thanks for any help,

P.S.

My replies will probably be a Night UK time as i know you will want me to run various tools. So please dont close the thread.

[MrCharlie]

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe <---use this one for 64 bit systems

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>

The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[tonycrew]

Thanks here's the logs you requested

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2
Run by TCrew at 0:11:18 on 2013-02-22
Microsoft Windows 7 NVIDIA 2010 6.1.7601.1.1252.44.1033.18.8175.4880 [GMT 0:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIEGE.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Samsung\AllShare\AllShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.info
mStart Page = hxxp://startsear.info
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\npchrome_frame.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\TCrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPSON Stylus SX400 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_S186F.tmp" /EF "HKCU"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [TCREW-PC] C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Welcome Center] C:\Windows\System32\rundll32.exe C:\Windows\System32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
StartupFolder: C:\Users\TCrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCrew.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:177
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoSMBalloonTip = dword:1
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab
DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{37B8A3DB-7AA6-41DC-AD5B-EE40AC18F2F9} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\npchrome_frame.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\
FF - prefs.js: browser.startup.homepage - www,yahoo.com
FF - prefs.js: browser.startup.homepage - hxxp://startsear.info
FF - prefs.js: browser.startup.homepage - hxxp://startsear.info
FF - prefs.js: browser.startup.homepage - hxxp://startsear.info
FF - prefs.js: browser.startup.homepage - hxxp://startsear.info
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\TCrew\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-22 01:03; anttoolbar@ant.com; C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\anttoolbar@ant.com
FF - ExtSQL: 2012-12-22 01:03; netvideohunter@netvideohunter.com; C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\netvideohunter@netvideohunter.com
FF - ExtSQL: 2012-12-22 01:03; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
.
============= SERVICES / DRIVERS ===============
.
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2010-11-19 34400]
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-8-31 283200]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-3-31 80896]
R2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-3-2 25504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2010-12-29 122856]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2010-12-29 370152]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-1-13 76912]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2008-7-22 60416]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2012-3-28 126720]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2012-11-7 19032]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2012-11-7 12384]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-29 19456]
S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-3-2 27584]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-29 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-24 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-02-21 23:35:57 4125569 --s-a-w- C:\Users\TCrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCrew.exe
2013-02-21 23:03:45 -------- d-----w- C:\Program Files (x86)\PC Tools
2013-02-21 23:01:47 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2013-02-21 23:01:46 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2013-02-21 22:46:48 -------- d-----w- C:\ProgramData\PC Tools
2013-02-21 22:46:47 -------- d-----w- C:\Users\TCrew\AppData\Roaming\TestApp
2013-02-20 04:17:19 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06A38B53-5D5D-443A-8AB6-736F8D0C8139}\mpengine.dll
2013-02-19 23:33:23 8107 ----a-w- C:\Windows\w7dsd.reg
2013-02-19 23:33:23 8089 ----a-w- C:\Windows\w7dse.reg
2013-02-19 23:33:23 275360 ----a-w- C:\Windows\System32\DreamScene.dll
2013-02-18 22:37:55 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 22:37:55 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-18 22:34:45 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-18 22:34:42 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-18 22:34:40 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-18 22:34:30 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-18 22:34:22 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-18 22:34:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-18 22:34:21 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-18 22:34:21 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-18 22:34:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-18 22:34:19 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-18 22:33:34 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-18 22:33:33 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-17 00:56:53 -------- d-----w- C:\Carls do not delete yet )))))17.02.13(((((
2013-02-10 21:56:43 -------- d-----w- C:\WFS
2013-02-10 12:52:30 -------- d-----w- C:\HTCS
2013-02-08 00:37:46 -------- d-----w- C:\Users\TCrew\AppData\Roaming\Malwarebytes
2013-02-08 00:37:14 -------- d-----w- C:\ProgramData\Malwarebytes
2013-02-04 03:20:34 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-02-04 03:19:56 -------- d-----w- C:\Program Files\iPod
2013-02-04 03:19:54 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-02-04 03:19:54 -------- d-----w- C:\Program Files\iTunes
2013-02-04 03:19:54 -------- d-----w- C:\Program Files (x86)\iTunes
2013-02-03 23:59:17 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-02 22:54:30 1942400 ----a-w- C:\Windows\SysWow64\scrypt121016GeForce GT 240glg2tc4096w256l4.bin
2013-02-02 22:04:01 -------- d-----w- C:\Windows\pss
2013-02-02 21:59:57 -------- d-sh--w- C:\Users\TCrew\AppData\Roaming\Default Browser
2013-02-02 00:19:40 4125569 --sha-w- C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe
2013-01-31 23:20:07 -------- d-----w- C:\Users\TCrew\AppData\Roaming\SHAPE
2013-01-30 23:20:27 -------- d-----w- C:\XLMultiTool.v2.1
2013-01-30 22:30:42 -------- d-----w- C:\Program Files (x86)\Spirent Communications
2013-01-30 22:25:24 -------- d-----w- C:\Program Files (x86)\Anders3408
2013-01-30 21:51:31 -------- d-----w- C:\ruu_log
2013-01-30 16:30:52 -------- d-----w- C:\Users\TCrew\AppData\Local\Htc
2013-01-30 16:30:12 -------- d-----w- C:\Users\TCrew\AppData\Roaming\HTC
2013-01-30 16:28:54 -------- d-----w- C:\Program Files (x86)\HTC
2013-01-30 16:28:02 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2013-01-24 23:40:39 -------- d-----w- C:\S.onyTablet.S [FLASHER] v2.5
2013-01-24 23:22:44 -------- d-----w- C:\S.onyTablet.S__ALLinONE__v5.3
.
==================== Find3M ====================
.
2013-02-08 03:51:12 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-08 03:51:12 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-03 23:59:09 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-02-03 23:59:09 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-27 02:01:06 724992 ----a-w- C:\Windows\iun6002.exe
2012-12-27 01:48:36 249856 ------w- C:\Windows\Setup1.exe
2012-12-27 01:48:35 73216 ----a-w- C:\Windows\ST6UNST.EXE
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2006-05-03 11:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 12:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 14:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
2010-01-06 23:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll
.
============= FINISH: 0:11:27.27 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 NVIDIA 2010
Boot Device: \Device\HarddiskVolume1
Install Date: 23/07/2012 11:15:04
System Uptime: 21/02/2013 23:34:48 (1 hours ago)
.
Motherboard: ASRock | | H61M/U3S3
Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz | CPUSocket | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 58.594 GiB free.
E: is CDROM ()
F: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP147: 09/02/2013 02:30:51 - Scheduled Checkpoint
RP148: 12/02/2013 05:59:03 - Windows Update
RP149: 18/02/2013 22:34:56 - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.2
Alt.Binz 0.39.4
Android SDK Tools
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
µTorrent
AviSynth 2.5
BitTornado 0.3.7
Bonjour
CD+G AutoName
Construct 2 r110.2
DAEMON Tools Lite
Dropbox
EditCDG
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
EPSON Scan
EPSON Stylus SX400 Series Printer Uninstall
ESET Smart Security
FlashFXP v3.2.0 (Build 1080) Scene Edition
GameMaker-Studio 1.1
Google Chrome
Google Chrome Frame
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
Graphics Converter Pro v5.94
Hex Workshop v6
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HTC BMP USB Driver
HTC Driver Installer
HTC Sync
ImgBurn
iTunes
J2SE Runtime Environment 5.0 Update 7
Java 7 Update 13
Java 7 Update 9 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 9 (64-bit)
JavaFX 2.1.1
K-Lite Codec Pack 9.1.0 (64-bit)
K-Lite Mega Codec Pack 9.1.0
Karaoke for DirectX (remove only)
Karaoke Song List Creator Professional KJ Edition
KJ File Manager
KJ Pro
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MKVToolNix 5.2.1
Mozilla Firefox 14.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Music Manager
My MP4Box GUI 0.5.6.0
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 270.61
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.2.22.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Paint.NET v3.5.10
PKZIP for Windows 9.00.0010
Plex
Plex Media Server
PowerISO
QuickPar 0.9
Realtek High Definition Audio Driver
ResizeIt! 2.0
Runnymede AIO Tool V.2
SABnzbd 0.7.4
Safari
Samsung AllShare
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52
Uberizer v1.1
Unzbin 1.8
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
WinCDG Pro 2 2.503
Windows 7 USB/DVD Download Tool
Windows XP Mode
WinRAR archiver
XMedia Recode 2.3.0.4
XMedia Recode version 3.1.4.1
.
==== Event Viewer Messages From Past Week ========
.
21/02/2013 23:37:30, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
21/02/2013 23:37:30, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
21/02/2013 23:30:47, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2013 23:30:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
21/02/2013 23:29:01, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
21/02/2013 23:29:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
21/02/2013 23:28:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
21/02/2013 23:28:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21/02/2013 23:28:54, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/02/2013 23:28:40, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21/02/2013 23:28:35, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eamonm ehdrv EpfwLWF NetBIOS NetBT nsiproxy pctgntdi PCTSD Psched rdbss SCDEmu spldr tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2013 23:28:35, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2013 23:28:35, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
21/02/2013 23:26:23, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
21/02/2013 23:25:35, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
21/02/2013 23:23:12, Error: PCTCore [280] -
21/02/2013 23:09:07, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
21/02/2013 22:07:53, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume H:.
21/02/2013 19:20:29, Error: Microsoft-Windows-Smartcard-Server [616] - Reader monitor 'Gemplus USB SmartCard Reader 0' received uncaught error code: Access is denied.
21/02/2013 19:20:29, Error: Microsoft-Windows-Smartcard-Server [615] - Reader removal monitor error retry threshold reached: Access is denied.
21/02/2013 19:20:21, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'Gemplus USB SmartCard Reader 0' rejected IOCTL EJECT: The request is not supported. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
19/02/2013 20:44:15, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume USB STORAGE.
19/02/2013 01:14:23, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
17/02/2013 05:49:13, Error: Service Control Manager [7022] - The Samsung AllShare PC service hung on starting.
16/02/2013 18:04:59, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR8.
.
==== End Of File ===========================

RogueKiller V8.5.1 _x64_ [Feb 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : TCrew [Admin rights]
Mode : Scan -- Date : 02/22/2013 00:16:26
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] TCREW-PC.exe -- C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : TCREW-PC (C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-13296136-4219326523-653956509-1000[...]\Run : TCREW-PC (C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe) [-] -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD1600AAJS-00PSA0 ATA Device +++++
--- User ---
[MBR] 9e913425afd43d9381cac9975ca1157b
[BSP] 0ec5b66dc3fcb5756cb607f34d9242f9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152524 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_02222013_02d0016.txt >>
RKreport[1]_S_02222013_02d0016.txt

[MrCharlie]

Please don't put logs in code or quotes, they're too hard to read.

-----------------------------

Please disable Windows Defender:

http://www.howtogeek.com/howto/15788/how-to-uninstall-disable-and-remove-windows-defender.-also-how-turn-it-off/

----------------------

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion methode. It can be easily uninstalled using the "Uninstall" mode.

1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.
   

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

[tonycrew]

Ok here's the log i dont see anything i want to save.

# AdwCleaner v2.112 - Logfile created 02/22/2013 at 08:15:35

# Updated 10/02/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : TCrew - TCREW-PC

# Boot Mode : Normal

# Running from : C:\Users\TCrew\Desktop\adwcleaner0.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\staged

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\Alexa Internet

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\Software\Iminent

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.info

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.info

-\\ Mozilla Firefox v14.0.1 (en-GB)

File : C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\prefs.js

Found : user_pref("browser.startup.homepage", "hxxp://startsear.info");

Found : user_pref("browser.startup.homepage", "hxxp://startsear.info");

Found : user_pref("browser.startup.homepage", "hxxp://startsear.info");

Found : user_pref("browser.startup.homepage", "hxxp://startsear.info");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\TCrew\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.4] : urls_to_restore_on_startup = [ "hxxp://startsear.info" ]

*************************

AdwCleaner[R1].txt - [1806 octets] - [22/02/2013 08:15:35]

########## EOF - C:\AdwCleaner[R1].txt - [1866 octets] ##########

[MrCharlie]

Some adware found....lets clear it out.....

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK if asked.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
   

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Let me know how it is.

----------------------------

If there's still a problem:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[tonycrew]

Thanks its my browsers are back to normal now

# AdwCleaner v2.112 - Logfile created 02/23/2013 at 01:00:50

# Updated 10/02/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : TCrew - TCREW-PC

# Boot Mode : Normal

# Running from : C:\Users\TCrew\Desktop\adwcleaner0.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\Alexa Internet

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\Software\Iminent

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.info --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://startsear.info --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-GB)

File : C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://startsear.info");

Deleted : user_pref("browser.startup.homepage", "hxxp://startsear.info");

Deleted : user_pref("browser.startup.homepage", "hxxp://startsear.info");

Deleted : user_pref("browser.startup.homepage", "hxxp://startsear.info");

-\\ Google Chrome v24.0.1312.57

File : C:\Users\TCrew\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.4] : urls_to_restore_on_startup = [ "hxxp://startsear.info" ]

*************************

AdwCleaner[R1].txt - [1935 octets] - [22/02/2013 08:15:35]

AdwCleaner[R2].txt - [1995 octets] - [23/02/2013 01:00:39]

AdwCleaner[s1].txt - [2026 octets] - [23/02/2013 01:00:50]

########## EOF - C:\AdwCleaner[s1].txt - [2086 octets] ##########

[MrCharlie]

All of the browsers are OK now??

If so........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt.
  
• Please Post the contents of that document.
  
• Do Not Attach It!!!
  

MrC

[tonycrew]

Yes all browsers are fine thanks

Results of screen317's Security Check version 0.99.59

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

ESET Smart Security 5.2

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

JavaFX 2.1.1

Java 7 Update 13

Adobe Flash Player 11.5.502.149 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 14.0.1 Firefox out of Date!

Google Chrome 24.0.1312.57

Google Chrome 25.0.1364.97

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

[MrCharlie]

Please check for updates on these if available:

Adobe Flash Player 11.5.502.149 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox 14.0.1 Firefox out of Date!

---------------------------

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[tonycrew]

Thankyou you have been very helpfull, i've updated

Adobe Flash Player 11.5.502.149 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

cant seem to update firefox its supposed to auto update so i'll un install it and download it fresh from their site.

i've run OTL and run the clean up and manually deleted the txt logs.

I can't believe i got all this help for free, so thanks once again.

[tonycrew]

Dam its back again this morning...

[tonycrew]

Ok i run AdwCleaner again and its now gone again, but i'm wondering tere's a tcrew.exe that keeps appearing in my startup no matter how many times i delete it.

[MrCharlie]

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassoci...T-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

[tonycrew]

Ok heres the logs

OTL logfile created on: 23/02/2013 12:50:12 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TCrew\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 5.13 Gb Available Physical Memory | 64.32% Memory free

15.96 Gb Paging File | 12.88 Gb Available in Paging File | 80.67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 148.95 Gb Total Space | 58.07 Gb Free Space | 38.99% Space Free | Partition Type: NTFS

Drive H: | 465.76 Gb Total Space | 75.03 Gb Free Space | 16.11% Space Free | Partition Type: NTFS

Drive J: | 931.51 Gb Total Space | 199.44 Gb Free Space | 21.41% Space Free | Partition Type: NTFS

Drive L: | 931.51 Gb Total Space | 3.81 Gb Free Space | 0.41% Space Free | Partition Type: NTFS

Computer Name: TCREW-PC | User Name: TCrew | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/23 12:49:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TCrew\Desktop\OTL.exe

PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

PRC - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

PRC - [2012/03/01 23:59:26 | 000,285,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe

PRC - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/23 12:01:12 | 001,024,616 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\windows._cacheinvalidation.pyd

MOD - [2013/02/23 12:01:12 | 000,792,576 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\wx._gdi_.pyd

MOD - [2013/02/23 12:01:12 | 000,571,392 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\pysqlite2._sqlite.pyd

MOD - [2013/02/23 12:01:12 | 000,263,168 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32com.shell.shell.pyd

MOD - [2013/02/23 12:01:12 | 000,153,088 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\pyexpat.pyd

MOD - [2013/02/23 12:01:12 | 000,096,256 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32api.pyd

MOD - [2013/02/23 12:01:12 | 000,086,016 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\_elementtree.pyd

MOD - [2013/02/23 12:01:12 | 000,073,728 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\_ctypes.pyd

MOD - [2013/02/23 12:01:12 | 000,070,656 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\wx._html2.pyd

MOD - [2013/02/23 12:01:12 | 000,040,448 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\_socket.pyd

MOD - [2013/02/23 12:01:12 | 000,023,040 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32ts.pyd

MOD - [2013/02/23 12:01:12 | 000,017,920 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32profile.pyd

MOD - [2013/02/23 12:01:12 | 000,011,776 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32crypt.pyd

MOD - [2013/02/23 12:01:11 | 001,169,408 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\wx._core_.pyd

MOD - [2013/02/23 12:01:11 | 000,731,136 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\wx._misc_.pyd

MOD - [2013/02/23 12:01:11 | 000,645,120 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\_ssl.pyd

MOD - [2013/02/23 12:01:11 | 000,354,304 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\pythoncom26.dll

MOD - [2013/02/23 12:01:11 | 000,311,808 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\_hashlib.pyd

MOD - [2013/02/23 12:01:11 | 000,110,592 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32security.pyd

MOD - [2013/02/23 12:01:11 | 000,110,592 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\PyWinTypes26.dll

MOD - [2013/02/23 12:01:11 | 000,036,352 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32process.pyd

MOD - [2013/02/23 12:01:11 | 000,022,528 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32pdh.pyd

MOD - [2013/02/23 12:01:10 | 000,807,424 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\wx._windows_.pyd

MOD - [2013/02/23 12:01:10 | 000,121,856 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\wx._wizard.pyd

MOD - [2013/02/23 12:01:10 | 000,111,104 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32file.pyd

MOD - [2013/02/23 12:01:10 | 000,039,424 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32inet.pyd

MOD - [2013/02/23 12:01:07 | 001,056,256 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\wx._controls_.pyd

MOD - [2013/02/23 12:01:06 | 000,585,728 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\unicodedata.pyd

MOD - [2013/02/23 12:01:06 | 000,017,920 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\win32event.pyd

MOD - [2013/02/23 12:01:06 | 000,011,776 | ---- | M] () -- C:\Users\TCrew\AppData\Local\Temp\_MEI30202\select.pyd

MOD - [2013/02/19 01:31:44 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\40ec6eb5a95de56636ea90f638d1eb2c\System.ServiceProcess.ni.dll

MOD - [2013/02/19 01:31:43 | 012,082,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\d4593afc94701312b24fa76ec4d9b871\System.Web.ni.dll

MOD - [2013/02/18 22:41:51 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0783e0b01fd91c2c42abe0cb3e5d0c19\System.Windows.Forms.ni.dll

MOD - [2013/01/20 21:18:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f62409df88e3dde635df0808c7177097\System.Runtime.Remoting.ni.dll

MOD - [2013/01/20 20:23:48 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\6e5a88684e45c45cddf654a902b9c789\PresentationCore.ni.dll

MOD - [2013/01/20 20:23:42 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\5434074a2458956c9a421cf3a8aab676\System.Core.ni.dll

MOD - [2013/01/20 20:23:41 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\54fef0787e00fc172cf386ba94bb7f10\WindowsBase.ni.dll

MOD - [2013/01/20 20:23:40 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\353fd535963fff2f9086c2f655a47ace\System.Xml.ni.dll

MOD - [2013/01/20 20:23:38 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\293b5e60e01e652ae1bf4096bc6e9f9e\System.Drawing.ni.dll

MOD - [2013/01/20 20:23:38 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7600fa0122191abced58b5e98303dfb3\System.Configuration.ni.dll

MOD - [2013/01/20 20:23:36 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\73507c607e4c46f5e04122de0cc5f3fd\System.ni.dll

MOD - [2013/01/20 20:23:32 | 014,417,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3ef97e67e8d2c09fd2495ed952e1afbc\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/03/07 14:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)

SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/02/23 01:48:55 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/07/14 00:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/02 17:00:26 | 000,025,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe -- (SamsungAllShareV2.0)

SRV - [2012/03/02 17:00:20 | 000,027,584 | ---- | M] (Samsung Electronics Co., Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe -- (SimpleSlideShowServer)

SRV - [2011/03/31 16:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk-x64.sys -- (SliceDisk5)

DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/31 10:37:11 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/08/24 07:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/20 15:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)

DRV:64bit: - [2012/08/20 15:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)

DRV:64bit: - [2012/03/28 12:33:24 | 000,126,720 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID)

DRV:64bit: - [2012/03/14 07:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)

DRV:64bit: - [2012/03/14 07:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)

DRV:64bit: - [2012/03/14 07:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)

DRV:64bit: - [2012/03/14 07:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2012/03/14 07:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/03 15:59:18 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/12/29 16:55:46 | 000,370,152 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)

DRV:64bit: - [2010/12/29 16:55:44 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)

DRV:64bit: - [2010/11/20 13:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)

DRV:64bit: - [2010/11/20 13:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 11:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)

DRV:64bit: - [2010/11/20 11:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)

DRV:64bit: - [2010/11/19 16:41:30 | 000,034,400 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)

DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/08/24 17:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)

DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2009/11/01 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/04/29 15:28:30 | 000,030,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)

DRV:64bit: - [2008/07/22 06:42:58 | 000,060,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)

DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-13296136-4219326523-653956509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-13296136-4219326523-653956509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-13296136-4219326523-653956509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB

IE - HKU\S-1-5-21-13296136-4219326523-653956509-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 86 7B 08 F8 FC CD 01 [binary data]

IE - HKU\S-1-5-21-13296136-4219326523-653956509-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-13296136-4219326523-653956509-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-13296136-4219326523-653956509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-13296136-4219326523-653956509-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www,yahoo.com"

FF - prefs.js..extensions.enabledAddons: youtube_downloader@anishsane.googlepages.com:3.6

FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.8.2

FF - prefs.js..extensions.enabledAddons: anttoolbar@ant.com:2.4.7.4

FF - prefs.js..extensions.enabledAddons: netvideohunter@netvideohunter.com:1.9.5

FF - prefs.js..extensions.enabledAddons: youtubeunblocker@unblocker.yt:0.3.0

FF - prefs.js..extensions.enabledAddons: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:1.5.1

FF - prefs.js..extensions.enabledAddons: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:1.26

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TCrew\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TCrew\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/23 10:30:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/23 12:02:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/23 10:30:33 | 000,000,000 | ---D | M]

[2012/08/07 22:19:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Extensions

[2013/02/23 01:00:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions

[2013/02/16 19:10:41 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2012/12/22 01:03:11 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\anttoolbar@ant.com

[2012/12/22 01:03:12 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\netvideohunter@netvideohunter.com

[2012/12/22 00:59:58 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\artur.dubovoy@gmail.com.xpi

[2013/02/01 16:07:46 | 000,224,945 | ---- | M] () (No name found) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\gophoto@gophoto.it.xpi

[2012/12/02 22:49:47 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\torntv@torntv.com.xpi

[2013/02/16 19:10:40 | 000,004,412 | ---- | M] () (No name found) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\youtubeunblocker@unblocker.yt.xpi

[2012/08/07 22:21:19 | 000,012,710 | ---- | M] () (No name found) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\youtube_downloader@anishsane.googlepages.com.xpi

[2013/02/16 19:10:40 | 000,013,750 | ---- | M] () (No name found) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi

[2013/01/09 16:09:00 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

[2012/07/23 12:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/07/14 00:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/07/14 01:02:55 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml

[2012/07/14 01:02:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/07/14 01:02:55 | 000,000,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml

[2012/07/14 01:02:55 | 000,001,166 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml

[2012/07/14 01:02:55 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

[2012/07/14 01:02:55 | 000,001,121 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - Extension: GoPhoto.it = C:\Users\TCrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.4_0\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\npchrome_frame.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files (x86)\WinCDG Pro 2\msdxm.ocx (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-13296136-4219326523-653956509-1000..\Run: [EPSON Stylus SX400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEGE.EXE /FU "C:\Windows\TEMP\E_S186F.tmp" /EF "HKCU" File not found

O4 - HKU\S-1-5-21-13296136-4219326523-653956509-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

O4 - HKU\S-1-5-21-13296136-4219326523-653956509-1000..\Run: [TCREW-PC] C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe ()

O4 - HKU\S-1-5-21-13296136-4219326523-653956509-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\TCrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCrew.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1

O7 - HKU\S-1-5-21-13296136-4219326523-653956509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} https://britishgastopup.paypoint.com/HomeVend.cab (HomeVendGasCard Class)

O16 - DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} https://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab (KeyBox Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 10.13.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37B8A3DB-7AA6-41DC-AD5B-EE40AC18F2F9}: DhcpNameServer = 192.168.1.254 192.168.1.254

O18:64bit: - Protocol\Handler\gcf - No CLSID value found

O18:64bit: - Protocol\Handler\vnd.ms.radio - No CLSID value found

O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\npchrome_frame.dll (Google Inc.)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files (x86)\WinCDG Pro 2\msdxm.ocx (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/11/27 22:35:15 | 000,000,000 | ---D | M] - J:\AutoNZBDownloads -- [ NTFS ]

O33 - MountPoints2\{a752526b-2aea-11e2-be96-002522a4efc4}\Shell - "" = AutoRun

O33 - MountPoints2\{a752526b-2aea-11e2-be96-002522a4efc4}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL K:\autorun.bat

O33 - MountPoints2\{e731ec83-fbf7-11e1-be07-002522a4efc4}\Shell - "" = AutoRun

O33 - MountPoints2\{e731ec83-fbf7-11e1-be07-002522a4efc4}\Shell\AutoRun\command - "" = K:\HPLauncher.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/23 12:49:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TCrew\Desktop\OTL.exe

[2013/02/21 23:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools

[2013/02/21 23:01:47 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys

[2013/02/21 23:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2013/02/21 22:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2013/02/21 22:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2013/02/21 22:46:47 | 000,000,000 | ---D | C] -- C:\Users\TCrew\AppData\Roaming\TestApp

[2013/02/21 22:46:29 | 004,125,360 | ---- | C] (PC Tools) -- C:\Users\TCrew\Desktop\PCTools_Safe_Install_SDAV.exe

[2013/02/19 23:49:10 | 000,000,000 | ---D | C] -- C:\Users\TCrew\Desktop\Karaoke

[2013/02/17 00:56:53 | 000,000,000 | ---D | C] -- C:\Carls do not delete yet )))))17.02.13(((((

[2013/02/10 21:56:43 | 000,000,000 | ---D | C] -- C:\WFS

[2013/02/10 12:52:30 | 000,000,000 | ---D | C] -- C:\HTCS

[2013/02/08 00:37:46 | 000,000,000 | ---D | C] -- C:\Users\TCrew\AppData\Roaming\Malwarebytes

[2013/02/08 00:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/02/04 03:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2013/02/04 03:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2013/02/04 03:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2013/02/04 03:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2013/02/04 03:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2013/02/04 03:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2013/02/04 03:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2013/02/02 22:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server

[2013/02/02 22:04:01 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2013/02/02 21:59:57 | 000,000,000 | -HSD | C] -- C:\Users\TCrew\AppData\Roaming\Default Browser

[2013/01/31 23:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

[2013/01/31 23:20:07 | 000,000,000 | ---D | C] -- C:\Users\TCrew\AppData\Roaming\SHAPE

[2013/01/31 03:08:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013/01/30 23:20:27 | 000,000,000 | ---D | C] -- C:\XLMultiTool.v2.1

[2013/01/30 22:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC

[2013/01/30 22:30:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications

[2013/01/30 22:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runnymede AIO Tool

[2013/01/30 22:25:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anders3408

[2013/01/30 21:51:31 | 000,000,000 | ---D | C] -- C:\ruu_log

[2013/01/30 16:30:52 | 000,000,000 | ---D | C] -- C:\Users\TCrew\AppData\Local\Htc

[2013/01/30 16:30:12 | 000,000,000 | ---D | C] -- C:\Users\TCrew\AppData\Roaming\HTC

[2013/01/30 16:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync

[2013/01/30 16:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC

[2013/01/30 16:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR

[2013/01/30 16:28:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe

[2013/01/30 16:28:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2013/01/24 23:40:39 | 000,000,000 | ---D | C] -- C:\S.onyTablet.S [flashER] v2.5

[2013/01/24 23:22:44 | 000,000,000 | ---D | C] -- C:\S.onyTablet.S__ALLinONE__v5.3

========== Files - Modified Within 30 Days ==========

[2013/02/23 12:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/23 12:49:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TCrew\Desktop\OTL.exe

[2013/02/23 12:28:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13296136-4219326523-653956509-1000UA.job

[2013/02/23 12:27:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/23 12:08:24 | 000,014,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/23 12:08:24 | 000,014,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/23 12:00:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/23 12:00:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/23 12:00:32 | 2133,868,543 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/23 01:36:01 | 000,077,976 | ---- | M] () -- C:\Users\TCrew\Desktop\D300979SLH.pdf

[2013/02/23 01:34:02 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/02/23 01:15:43 | 000,881,935 | ---- | M] () -- C:\Users\TCrew\Desktop\SecurityCheck.exe

[2013/02/22 11:28:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-13296136-4219326523-653956509-1000Core.job

[2013/02/22 08:15:20 | 000,587,671 | ---- | M] () -- C:\Users\TCrew\Desktop\adwcleaner0.exe

[2013/02/22 00:11:25 | 000,774,656 | ---- | M] () -- C:\Users\TCrew\Desktop\RogueKillerX64.exe

[2013/02/21 23:03:14 | 002,279,826 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2013/02/21 22:46:31 | 004,125,360 | ---- | M] (PC Tools) -- C:\Users\TCrew\Desktop\PCTools_Safe_Install_SDAV.exe

[2013/02/19 23:42:21 | 000,008,107 | ---- | M] () -- C:\Windows\w7dsd.reg

[2013/02/19 23:42:21 | 000,008,089 | ---- | M] () -- C:\Windows\w7dse.reg

[2013/02/19 23:23:28 | 000,666,490 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/02/19 23:23:28 | 000,126,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/02/19 23:23:27 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/02/19 08:46:21 | 000,268,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/02/14 21:57:20 | 000,120,001 | ---- | M] () -- C:\Users\TCrew\Documents\EheimEcco2232PartsList.pdf

[2013/02/02 22:54:30 | 001,942,400 | ---- | M] () -- C:\Windows\SysWow64\scrypt121016GeForce GT 240glg2tc4096w256l4.bin

[2013/02/02 00:19:39 | 004,125,569 | --S- | M] () -- C:\Users\TCrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCrew.exe

[2013/02/02 00:19:39 | 004,125,569 | -HS- | M] () -- C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe

[2013/01/31 23:33:33 | 000,002,020 | ---- | M] () -- C:\Users\TCrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk

[2013/01/28 01:38:13 | 000,000,994 | ---- | M] () -- C:\Users\TCrew\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2013/02/23 01:36:01 | 000,077,976 | ---- | C] () -- C:\Users\TCrew\Desktop\D300979SLH.pdf

[2013/02/23 01:34:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2013/02/23 01:34:02 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/02/23 01:15:43 | 000,881,935 | ---- | C] () -- C:\Users\TCrew\Desktop\SecurityCheck.exe

[2013/02/22 08:15:20 | 000,587,671 | ---- | C] () -- C:\Users\TCrew\Desktop\adwcleaner0.exe

[2013/02/22 00:11:23 | 000,774,656 | ---- | C] () -- C:\Users\TCrew\Desktop\RogueKillerX64.exe

[2013/02/21 23:35:57 | 004,125,569 | --S- | C] () -- C:\Users\TCrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCrew.exe

[2013/02/21 23:01:52 | 002,279,826 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2013/02/19 23:33:23 | 000,008,107 | ---- | C] () -- C:\Windows\w7dsd.reg

[2013/02/19 23:33:23 | 000,008,089 | ---- | C] () -- C:\Windows\w7dse.reg

[2013/02/14 21:57:20 | 000,120,001 | ---- | C] () -- C:\Users\TCrew\Documents\EheimEcco2232PartsList.pdf

[2013/02/04 03:19:10 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2013/02/02 22:54:30 | 001,942,400 | ---- | C] () -- C:\Windows\SysWow64\scrypt121016GeForce GT 240glg2tc4096w256l4.bin

[2013/02/02 00:19:40 | 004,125,569 | -HS- | C] () -- C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe

[2013/01/31 23:33:33 | 000,002,020 | ---- | C] () -- C:\Users\TCrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung AllShare.lnk

[2012/12/06 23:28:39 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2012/12/03 23:26:29 | 000,000,128 | ---- | C] () -- C:\Windows\ODBC.INI

[2012/12/03 23:26:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2012/12/03 23:20:59 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\Hlinkprx.dll

[2012/11/24 23:48:11 | 000,016,637 | ---- | C] () -- C:\Windows\SysWow64\Vantage.dll

[2012/11/18 00:05:12 | 000,000,380 | ---- | C] () -- C:\Users\TCrew\appMobiToolkit.props

[2012/11/15 23:04:36 | 000,256,459 | ---- | C] () -- C:\Users\TCrew\hejhglxbdkqpgh.exe

[2012/11/15 23:04:35 | 000,256,459 | ---- | C] () -- C:\Users\TCrew\mvrlbiawifjfihaapsw.exe

[2012/11/15 23:04:35 | 000,256,459 | ---- | C] () -- C:\Users\TCrew\afmwcxuriswrohczbcqurm.exe

[2012/11/09 02:11:11 | 003,870,720 | ---- | C] () -- C:\Windows\SysWow64\qt-mt323.dll

[2012/10/22 23:23:58 | 000,765,458 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/09/17 22:30:35 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll

[2012/09/17 22:30:34 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

[2012/08/21 21:21:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2012/08/21 21:19:44 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll

[2012/07/24 22:54:49 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2012/07/24 22:54:49 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2012/07/24 22:54:49 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll

[2012/07/24 22:54:47 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2012/07/24 22:54:45 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2012/07/23 21:39:29 | 000,012,499 | ---- | C] () -- C:\Windows\SysWow64\Seagate.bin

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 13:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 13:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 13:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/20 00:01:52 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\.BitTornado

[2012/11/27 11:54:39 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\calibre

[2012/08/31 10:38:55 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\DAEMON Tools Lite

[2013/02/02 22:02:09 | 000,000,000 | -HSD | M] -- C:\Users\TCrew\AppData\Roaming\Default Browser

[2013/02/21 23:24:14 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\Dropbox

[2012/09/12 21:06:17 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\EPSON

[2012/07/23 10:32:12 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\ESET

[2012/11/22 00:23:37 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\GameMaker-Studio

[2013/01/30 16:30:55 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\HTC

[2012/08/19 16:32:09 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\ImgBurn

[2012/09/28 22:05:29 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\J-Runner

[2012/11/11 14:37:09 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\PKWARE

[2012/10/29 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\PowerISO

[2013/01/31 23:34:51 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\Samsung

[2013/02/02 22:12:47 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\SHAPE

[2012/08/21 21:18:32 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\systweak

[2013/02/21 22:46:47 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\TestApp

[2013/02/18 22:40:43 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\Unzbin

[2013/02/23 12:01:56 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\uTorrent

[2013/01/10 23:55:24 | 000,000,000 | ---D | M] -- C:\Users\TCrew\AppData\Roaming\XMedia Recode

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 23/02/2013 12:50:12 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\TCrew\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.98 Gb Total Physical Memory | 5.13 Gb Available Physical Memory | 64.32% Memory free

15.96 Gb Paging File | 12.88 Gb Available in Paging File | 80.67% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 148.95 Gb Total Space | 58.07 Gb Free Space | 38.99% Space Free | Partition Type: NTFS

Drive H: | 465.76 Gb Total Space | 75.03 Gb Free Space | 16.11% Space Free | Partition Type: NTFS

Drive J: | 931.51 Gb Total Space | 199.44 Gb Free Space | 21.41% Space Free | Partition Type: NTFS

Drive L: | 931.51 Gb Total Space | 3.81 Gb Free Space | 0.41% Space Free | Partition Type: NTFS

Computer Name: TCREW-PC | User Name: TCrew | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [openNew] -- explorer %1 (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [openNew] -- explorer %1 (Microsoft Corporation)

Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\FlashFXP\flashfxp.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

"C:\Program Files (x86)\FlashFXP\flashfxp.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\FlashFXP\flashfxp.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

"C:\Program Files (x86)\FlashFXP\flashfxp.exe" = C:\Program Files (x86)\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08DB1970-8EA3-4EC6-B087-68BD1259FD80}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0BE3AF44-C2F3-40B8-B6C5-5F3606314B3A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{0E693F1F-6AFE-4783-9FF6-3047DAA2B29E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{0F5872FA-6848-46EA-9756-B1447AAF0D67}" = rport=10243 | protocol=6 | dir=out | app=system |

"{1C26642E-44FC-45DE-B985-924DB1B1A1E8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3ED0DABA-0D26-44CD-9AAD-EBD7A8184D67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{554A5CF1-1959-47EE-8210-5E31352F9581}" = rport=138 | protocol=17 | dir=out | app=system |

"{6956E6AA-ED54-479B-AB4A-DA697E51C03A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{6D3490BF-D1EC-4364-8565-0061822F9FBB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{76EC3FF7-5712-4E0F-822D-296F1EEB274F}" = lport=445 | protocol=6 | dir=in | app=system |

"{77122FE6-7FF2-4F7E-B2A4-ED9E8D0DC18E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{7FA1904F-660F-4B1C-9BFC-962BC9178DE2}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

"{8E81D2D3-2FC1-461B-B8F3-CEB0C175B33B}" = rport=139 | protocol=6 | dir=out | app=system |

"{9958195D-E4D8-4871-AFF8-BB4818DA8A90}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A0376875-E05A-416C-9087-014621260CE9}" = lport=10243 | protocol=6 | dir=in | app=system |

"{A215FC2E-ACC8-4CFD-9255-2122E954E829}" = lport=139 | protocol=6 | dir=in | app=system |

"{B20B665D-A558-49FC-9E42-D364CA52668E}" = lport=138 | protocol=17 | dir=in | app=system |

"{B3AB14AC-A22A-4F86-A40B-3B026CA6E839}" = rport=137 | protocol=17 | dir=out | app=system |

"{BA3022FB-FDFE-4303-987D-7D52E4A7E58B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BB20DFEB-B53C-402E-93E6-67770A091096}" = lport=137 | protocol=17 | dir=in | app=system |

"{D4CFA88D-FD89-4027-9EF7-8A7EB6BF246A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{EEA2FC09-2700-4263-A4AC-136450DFC6C5}" = lport=3389 | protocol=6 | dir=in | app=system |

"{F7C0E07E-1A40-4222-BAC3-3FD8E3287F22}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

"{FADFC870-BAAD-4F0C-9F70-1FCDFBF4ADAD}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00CD0454-67BA-4447-B67A-16D0304710A8}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |

"{0183BAB1-3108-419A-BC5F-2FC8D0BBAFE7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{03200532-9D8F-4F0C-B1FB-A78FA79929A7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{11C6E6E7-AAB5-435F-A3F6-EA6AB4C0B817}" = protocol=6 | dir=out | app=system |

"{2BA27A82-62CB-4A92-9AC3-0B1796F7281B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3F6EF3EA-5915-41BA-9D7F-49279DB92F8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{452C2348-18B7-4C40-8D0C-CC5968697FF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4D9095AB-F2A8-4BD1-B04A-3A8E45AE7BE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{51846473-F8BC-4A9E-9304-C84F26CBD2A9}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |

"{6378B401-ABA9-4EDD-8058-7D8A76F3AE60}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{6F867F06-B2D9-4718-B45A-34D67A3E1838}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{76C21019-FB03-4F24-918B-5412D1EB98A2}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |

"{8688B8B5-D8F6-41F2-A1E3-1EA6EE4CABE0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{8C226632-FCD3-4BE2-A297-A037404382C5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{8CBE060A-A2AD-4849-A689-3F4B585091D0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{938D73C2-2C9B-4695-89EB-EA670C575EED}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"{977F101A-06F6-4EE7-9AA4-3B4D9C76A017}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{97B914BA-454C-4037-B3D6-60E31F364A52}" = dir=in | app=c:\program files (x86)\wyse\pocketcloud windows companion\pocketcloudinstallwizard.exe |

"{99DED4A0-DA74-4E06-AAA0-9D977AAE0616}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9C3DC3C6-20E7-4A9B-808F-0D98B1928664}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9DD52C0F-1990-4516-B3B1-C72746707252}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{9E2B8A3C-922F-4E03-BEA9-F84A4099C9E5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A04436D3-133E-4D93-A5F3-23CD8B1A4583}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A0CB5960-2772-4D7E-9F5D-69308D683C16}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{BA4475C7-C9BF-4E1D-9B92-39E5BFD63AA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BEF7C258-1244-4972-87BC-AD3EE9ABF564}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{D258A4D5-676B-413C-808F-7CC30B59D901}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |

"{D4730594-FFCD-46FE-AD9B-751159766C38}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |

"{D7BF229F-B4DF-4CAE-BD4C-83EC7D2D1368}" = protocol=6 | dir=in | app=c:\users\tcrew\appdata\roaming\dropbox\bin\dropbox.exe |

"{DBB55019-F4EA-4153-A2CC-2E9446B5E76B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{DBDEB5F0-FEA4-46E4-BEB9-D952E91F2945}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{DDEA2C24-01D3-442F-B647-3C00114D26D3}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |

"{E5B2A90D-FBD7-4A14-A432-207CFE16CBEE}" = protocol=17 | dir=in | app=c:\users\tcrew\appdata\roaming\dropbox\bin\dropbox.exe |

"{E6EF0210-2530-48AC-AAE9-5F6BA3868BEF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{EAB1869D-F74A-49D2-8CF0-DCA265AC6D62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{EFBD8DF7-926E-4528-8610-4E3701BC2AC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes

"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode

"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)

"{470F4A33-DA87-4CF5-9E5A-42BD4F218B39}_is1" = My MP4Box GUI 0.5.6.0

"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6

"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.22.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security

"Construct 2_is1" = Construct 2 r110.2

"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall

"KLiteCodecPack64_is1" = K-Lite Codec Pack 9.1.0 (64-bit)

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{10F9F5C7-0C42-11D6-8255-000102030406}" = CD+G AutoName

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AA9EC83-83B2-4279-88A8-1ADE6A1D807C}" = Plex Media Server

"{5B570B8A-7090-47D3-A86D-7CB9383173C4}" = KJ File Manager

"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive

"{8F311E2E-C275-4CF0-8154-B63991832668}_is1" = SUPER © v2012.build.52 (July 7, 2012) version v2012.build.52

"{94FA9FA6-5294-494D-A8F1-1E654CBB5736}" = Epson Easy Photo Print 2

"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)

"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

"{B78CFC07-B623-4995-ADCC-B2B4D59D083A}" = HTC Sync

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BE8DD809-A406-40E2-AB9F-28E69E737383}" = PKZIP for Windows 9.00.0010

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool

"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode version 3.1.4.1

"{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare

"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FF03226F-443C-47F6-8B2D-C4A649B11DBF}" = Runnymede AIO Tool V.2

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Alt.Binz" = Alt.Binz 0.39.4

"Android SDK Tools" = Android SDK Tools

"AviSynth" = AviSynth 2.5

"BitTornado" = BitTornado 0.3.7

"DAEMON Tools Lite" = DAEMON Tools Lite

"EPSON Scanner" = EPSON Scan

"FlashFXP v3.2.0 (Build 1080) Scene Edition" = FlashFXP v3.2.0 (Build 1080) Scene Edition

"Google Chrome Frame" = Google Chrome Frame

"Graphics Converter Pro v5.94" = Graphics Converter Pro v5.94

"ImgBurn" = ImgBurn

"InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}" = Samsung AllShare

"Karaoke Song List Creator Professional KJ Edition" = Karaoke Song List Creator Professional KJ Edition

"Karaoke-DX" = Karaoke for DirectX (remove only)

"KJ Pro" = KJ Pro

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.1.0

"MKVToolNix" = MKVToolNix 5.2.1

"Mozilla Firefox 14.0.1 (x86 en-GB)" = Mozilla Firefox 14.0.1 (x86 en-GB)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PowerISO" = PowerISO

"QuickPar" = QuickPar 0.9

"ResizeIt!_is1" = ResizeIt! 2.0

"SABnzbd" = SABnzbd 0.7.4

"ST6UNST #1" = EditCDG

"Uberizer_is1" = Uberizer v1.1

"Unzbin" = Unzbin 1.8

"uTorrent" = µTorrent

"WinCDG_Pro_2_2.50" = WinCDG Pro 2 2.503

"WinRAR archiver" = WinRAR archiver

"XMedia Recode" = XMedia Recode 2.3.0.4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-13296136-4219326523-653956509-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"GameMaker-Studio11" = GameMaker-Studio 1.1

"Google Chrome" = Google Chrome

"MusicManager" = Music Manager

"Plex" = Plex

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 23/02/2013 03:29:23 | Computer Name = TCrew-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files\BreakPoint

Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 23/02/2013 07:31:18 | Computer Name = TCrew-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files\BreakPoint

Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 23/02/2013 07:31:49 | Computer Name = TCrew-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files\BreakPoint

Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 23/02/2013 07:41:00 | Computer Name = TCrew-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files\BreakPoint

Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 23/02/2013 07:43:34 | Computer Name = TCrew-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files\BreakPoint

Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 23/02/2013 07:50:23 | Computer Name = TCrew-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files\BreakPoint

Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 23/02/2013 07:50:45 | Computer Name = TCrew-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files\BreakPoint

Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 23/02/2013 07:53:53 | Computer Name = TCrew-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16464 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 6fc Start

Time: 01ce11bc24b46a07 Termination Time: 40 Application Path: C:\Program Files\Internet

Explorer\iexplore.exe Report Id:

Error - 23/02/2013 08:01:29 | Computer Name = TCrew-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files\BreakPoint

Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 23/02/2013 08:10:25 | Computer Name = TCrew-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files\BreakPoint

Software\Hex Workshop v6\HWorks32.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]

Error - 14/02/2013 12:23:11 | Computer Name = TCrew-PC | Source = SCardSvr | ID = 610

Description =

Error - 14/02/2013 18:08:53 | Computer Name = TCrew-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume USB STORAGE.

Error - 16/02/2013 14:04:57 | Computer Name = TCrew-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk4\DR8.

Error - 16/02/2013 14:04:59 | Computer Name = TCrew-PC | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk4\DR8.

Error - 17/02/2013 01:42:47 | Computer Name = TCrew-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 05:41:11 on ?17/?02/?2013 was unexpected.

Error - 17/02/2013 01:47:06 | Computer Name = TCrew-PC | Source = Service Control Manager | ID = 7038

Description = The nvUpdatusService service was unable to log on as .\UpdatusUser

with the currently configured password due to the following error: %%1330 To ensure

that the service is configured properly, use the Services snap-in in Microsoft

Management Console (MMC).

Error - 17/02/2013 01:47:06 | Computer Name = TCrew-PC | Source = Service Control Manager | ID = 7000

Description = The NVIDIA Update Service Daemon service failed to start due to the

following error: %%1069

Error - 17/02/2013 01:49:13 | Computer Name = TCrew-PC | Source = Service Control Manager | ID = 7022

Description = The Samsung AllShare PC service hung on starting.

Error - 17/02/2013 19:52:24 | Computer Name = TCrew-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume USB STORAGE.

Error - 18/02/2013 18:25:30 | Computer Name = TCrew-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 09:26:55 on ?18/?02/?2013 was unexpected.

< End of report >

[MrCharlie]

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

Then..............

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

[2013/02/02 00:19:39 | 004,125,569 | --S- | M] () -- C:\Users\TCrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCrew.exe

[2013/02/02 00:19:39 | 004,125,569 | -HS- | M] () -- C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe

O4 - HKU\S-1-5-21-13296136-4219326523-653956509-1000..\Run: [TCREW-PC] C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe ()

:Files

C:\Users\TCrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCrew.exe

C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

[tonycrew]

Ok heres the log

All processes killed

========== OTL ==========

C:\Users\TCrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TCrew.exe moved successfully.

C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe moved successfully.

Registry value HKEY_USERS\S-1-5-21-13296136-4219326523-653956509-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TCREW-PC deleted successfully.

File C:\Users\TCrew\AppData\Roaming\TCREW-PC.exe not found.

File PTYJAVA] not found.

File ptytemp] not found.

File PTYFLASH not found.

OTL by OldTimer - Version 3.2.69.0 log created on 02232013_132748

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[MrCharlie]

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[tonycrew]

heres the combo log

ComboFix 13-02-23.01 - TCrew 23/02/2013 15:10:05.1.4 - x64

Microsoft Windows 7 NVIDIA 2010 6.1.7601.1.1252.44.1033.18.8175.6269 [GMT 0:00]

Running from: c:\users\TCrew\Desktop\ComboFix.exe

AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\TCrew\afmwcxuriswrohczbcqurm.exe

c:\users\TCrew\AppData\Local\Temp\_MEI21322\_ctypes.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\_elementtree.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\_hashlib.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\_socket.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\_ssl.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\pyexpat.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\pysqlite2._sqlite.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\python26.dll

c:\users\TCrew\AppData\Local\Temp\_MEI21322\pythoncom26.dll

c:\users\TCrew\AppData\Local\Temp\_MEI21322\PyWinTypes26.dll

c:\users\TCrew\AppData\Local\Temp\_MEI21322\select.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\unicodedata.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32api.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32com.shell.shell.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32crypt.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32event.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32file.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32inet.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32pdh.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32process.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32profile.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32security.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\win32ts.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\windows._cacheinvalidation.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wx._controls_.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wx._core_.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wx._gdi_.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wx._html2.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wx._misc_.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wx._windows_.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wx._wizard.pyd

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wxbase293u_net_vc.dll

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wxbase293u_vc.dll

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wxmsw293u_adv_vc.dll

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wxmsw293u_core_vc.dll

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wxmsw293u_html_vc.dll

c:\users\TCrew\AppData\Local\Temp\_MEI21322\wxmsw293u_webview_vc.dll

c:\users\TCrew\hejhglxbdkqpgh.exe

c:\users\TCrew\mvrlbiawifjfihaapsw.exe

c:\windows\iun6002.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-01-23 to 2013-02-23 )))))))))))))))))))))))))))))))

.

.

2013-02-23 13:27 . 2013-02-23 13:27 -------- d-----w- C:\_OTL

2013-02-21 23:03 . 2013-02-21 23:03 -------- d-----w- c:\program files (x86)\PC Tools

2013-02-21 23:01 . 2012-11-01 15:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2013-02-21 23:01 . 2013-02-21 23:35 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2013-02-21 22:46 . 2013-02-21 23:29 -------- d-----w- c:\programdata\PC Tools

2013-02-21 22:46 . 2013-02-21 22:46 -------- d-----w- c:\users\TCrew\AppData\Roaming\TestApp

2013-02-20 04:17 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{06A38B53-5D5D-443A-8AB6-736F8D0C8139}\mpengine.dll

2013-02-19 23:33 . 2013-02-19 23:42 8107 ----a-w- c:\windows\w7dsd.reg

2013-02-19 23:33 . 2013-02-19 23:42 8089 ----a-w- c:\windows\w7dse.reg

2013-02-19 23:33 . 2013-02-19 23:33 275360 ----a-w- c:\windows\system32\DreamScene.dll

2013-02-18 22:37 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-18 22:37 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-18 22:34 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-18 22:34 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-18 22:34 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-18 22:34 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-18 22:34 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-18 22:34 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-18 22:34 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-18 22:34 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-18 22:34 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-18 22:34 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-18 22:33 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-18 22:33 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2013-02-17 00:56 . 2013-02-17 18:58 -------- d-----w- C:\Carls do not delete yet )))))17.02.13(((((

2013-02-10 21:56 . 2012-11-18 15:57 -------- d-----w- C:\WFS

2013-02-10 12:52 . 2013-02-10 21:53 -------- d-----w- C:\HTCS

2013-02-08 00:37 . 2013-02-08 00:37 -------- d-----w- c:\users\TCrew\AppData\Roaming\Malwarebytes

2013-02-08 00:37 . 2013-02-08 00:37 -------- d-----w- c:\programdata\Malwarebytes

2013-02-04 03:20 . 2012-08-21 13:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2013-02-04 03:19 . 2013-02-04 03:19 -------- d-----w- c:\program files\iPod

2013-02-04 03:19 . 2013-02-04 03:20 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-02-04 03:19 . 2013-02-04 03:20 -------- d-----w- c:\program files\iTunes

2013-02-04 03:19 . 2013-02-04 03:20 -------- d-----w- c:\program files (x86)\iTunes

2013-02-04 03:19 . 2013-02-04 03:19 -------- d-----w- c:\program files (x86)\Apple Software Update

2013-02-04 03:18 . 2013-02-04 03:18 -------- d-----w- c:\program files\Common Files\Apple

2013-02-03 23:59 . 2013-02-03 23:59 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-02 22:54 . 2013-02-02 22:54 1942400 ----a-w- c:\windows\SysWow64\scrypt121016GeForce GT 240glg2tc4096w256l4.bin

2013-02-02 21:59 . 2013-02-02 22:02 -------- d-sh--w- c:\users\TCrew\AppData\Roaming\Default Browser

2013-01-31 23:20 . 2013-02-02 22:12 -------- d-----w- c:\users\TCrew\AppData\Roaming\SHAPE

2013-01-30 23:20 . 2013-01-31 11:55 -------- d-----w- C:\XLMultiTool.v2.1

2013-01-30 22:30 . 2013-01-30 22:30 -------- d-----w- c:\program files (x86)\Spirent Communications

2013-01-30 22:25 . 2013-01-30 22:25 -------- d-----w- c:\program files (x86)\Anders3408

2013-01-30 21:51 . 2013-01-30 21:51 -------- d-----w- C:\ruu_log

2013-01-30 16:30 . 2013-02-02 22:01 -------- d-----w- c:\users\TCrew\AppData\Local\Htc

2013-01-30 16:30 . 2013-01-30 16:30 -------- d-----w- c:\users\TCrew\AppData\Roaming\HTC

2013-01-30 16:28 . 2013-01-30 22:30 -------- d-----w- c:\program files (x86)\HTC

2013-01-30 16:28 . 2013-01-30 16:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR

2013-01-30 16:28 . 2013-01-30 16:28 -------- d-----w- c:\program files (x86)\MSXML 4.0

2013-01-24 23:40 . 2013-01-24 23:59 -------- d-----w- C:\S.onyTablet.S [flashER] v2.5

2013-01-24 23:22 . 2013-01-24 23:22 -------- d-----w- C:\S.onyTablet.S__ALLinONE__v5.3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-23 01:48 . 2012-07-23 21:52 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-23 01:48 . 2012-07-23 21:52 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-18 22:42 . 2012-07-23 11:10 70004024 ----a-w- c:\windows\system32\MRT.exe

2013-02-03 23:59 . 2012-07-25 11:11 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-02-03 23:59 . 2012-07-25 11:11 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-01-17 01:28 . 2012-07-23 10:30 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-04 04:43 . 2013-02-18 22:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-27 01:48 . 2012-12-27 01:48 249856 ------w- c:\windows\Setup1.exe

2012-12-27 01:48 . 2012-12-27 01:48 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-12-16 17:11 . 2012-12-22 00:15 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 00:15 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 00:15 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 00:15 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-07 13:20 . 2013-01-08 21:22 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-08 21:22 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-08 21:22 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-08 21:22 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-08 21:22 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-08 21:22 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-08 21:22 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-08 21:22 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-08 21:22 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-08 21:22 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-08 21:22 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-08 21:22 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-08 21:22 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-08 21:22 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-08 21:22 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-08 21:22 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-08 21:22 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-08 21:22 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-08 21:22 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-08 21:22 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-08 21:22 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-08 21:22 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-08 21:22 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-08 21:22 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-08 21:22 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-08 21:22 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-08 21:22 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-08 21:22 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-08 21:22 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-08 21:22 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-08 21:22 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-08 21:22 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-11-30 05:45 . 2013-01-08 21:26 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-08 21:26 243200 ----a-w- c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-08 21:26 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-11-30 05:43 . 2013-01-08 21:26 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-08 21:26 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-08 21:26 1161216 ----a-w- c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:38 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:53 . 2013-01-08 21:26 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:45 . 2013-01-08 21:26 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 04:45 . 2013-01-08 21:26 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2006-05-03 11:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll

2007-02-21 12:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll

2008-03-16 14:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll

2010-01-06 23:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\TCrew\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\TCrew\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\TCrew\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\TCrew\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 16328976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-01 285072]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"Welcome Center"="c:\windows\system32\OobeFldr.dll" [2010-11-20 859648]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

"NoSMBalloonTip"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 DxkgFilter;Filtering Dxkg;c:\program files (x86)\iDisplay\idisplay.sys [x]

R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [2012-03-28 126720]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]

R3 SliceDisk5;SliceDisk5;c:\program files\A-FF Find and Mount\slicedisk-x64.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-24 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2010-11-19 34400]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-31 283200]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-29 122856]

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-29 370152]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]

S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2008-07-22 60416]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-23 01:48]

.

2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 21:52]

.

2013-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-23 21:52]

.

2013-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13296136-4219326523-653956509-1000Core.job

- c:\users\TCrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 11:59]

.

2013-02-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-13296136-4219326523-653956509-1000UA.job

- c:\users\TCrew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 11:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\TCrew\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\TCrew\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\TCrew\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\TCrew\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-17 19:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-07-23 4081008]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.254 192.168.1.254

DPF: {0920DBB1-D098-4ACE-9DDD-7A6F18A9ED66} - hxxps://britishgastopup.paypoint.com/HomeVend.cab

DPF: {283B7DE7-A1ED-4D27-AA59-C6E7427544D2} - hxxps://bg.itronenergypoint.net/IHVConnect/KeyBoxControl.cab

FF - ProfilePath - c:\users\TCrew\AppData\Roaming\Mozilla\Firefox\Profiles\hv0eztom.default\

FF - prefs.js: browser.startup.homepage - www,yahoo.com

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-KJ Pro - c:\program files (x86)\Kjpro\uninstall.exe

AddRemove-WinCDG_Pro_2_2.50 - c:\windows\iun6002.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_168.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2013-02-23 15:25:41 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-23 15:25

.

Pre-Run: 66,720,964,608 bytes free

Post-Run: 66,182,606,848 bytes free

.

- - End Of File - - 456B37BFC84A360C17230EF3935E1111

[MrCharlie]

How are things now??? MrC

[tonycrew]

After several reboots its not reapeared thankyou

[MrCharlie]

OK..Take Care....MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!