wmiprvse.exe Infected ?

[Pugwash]

It seems I have a similar issue as here: http://forums.malwar...howtopic=122829

I ran AVG and MBAM and they have fouind anything.

 

 

When I start up, immediately the CPU usage rises and when I check it out in TaskManager, I see either or both wmiprvse.exe using upwards of 30% of CPU.

Is anyone available to run me through a fix? Would be very much appreciated!

 

should i just be following the same process as listed in the previous topic ?

Here's my DDS log:

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16496
Run by Simon at 8:05:03 on 2013-07-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3069.863 [GMT 1:00]
.
AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Users\Simon\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.

uWindow Title = Internet Explorer provided by Dell




uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: DivX Browser Bar Toolbar: {77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\divx_browser_bar\prxtbDivX.dll
mURLSearchHooks: DivX Browser Bar Toolbar: {77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\divx_browser_bar\prxtbDivX.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: DivX Browser Bar Toolbar: {77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\divx_browser_bar\prxtbDivX.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: DivX Browser Bar Toolbar: {77E8143B-6759-416E-B521-82CFED75150B} - c:\program files\divx_browser_bar\prxtbDivX.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: DivX Browser Bar Toolbar: {77e8143b-6759-416e-b521-82cfed75150b} - c:\program files\divx_browser_bar\prxtbDivX.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [searchProtect] c:\users\simon\appdata\roaming\searchprotect\bin\cltmng.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [bSDAppUpdater] c:\program files\common files\bsd\appupdater\BSDChecker.exe
mRun: [OCDLMgr] <no file>
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup\uBBMonitor.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: Send To &Bluetooth - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com


DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} - file:///E:/components/hidinputmonitorx.ocx

DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} - file:///E:/components/A9.ocx






TCP: NameServer = 217.32.171.21 213.120.234.62
TCP: Interfaces\{39F0330F-AB2C-465A-ADD3-D6CF3AF086A4} : DHCPNameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{55D1A2F5-90E9-4CEB-9014-59A1DE3C14B5} : DHCPNameServer = 88.82.13.60 88.82.13.60
TCP: Interfaces\{58514816-F247-4D33-8193-23DDD69D4DE0} : DHCPNameServer = 217.32.171.21 213.120.234.62
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\btxppanel.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\simon\appdata\roaming\mozilla\firefox\profiles\d1cu6lnq.default\

FF - prefs.js: browser.search.selectedEngine - DivX Browser Bar Customized Web Search


FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.149\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\trademanager\nptrademanager.dll
FF - plugin: c:\program files\trademanager\npwangwang.dll
FF - plugin: c:\users\simon\appdata\roaming\mozilla\firefox\profiles\d1cu6lnq.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}\plugins\np-mswmp.dll
FF - plugin: c:\users\simon\appdata\roaming\mozilla\firefox\profiles\d1cu6lnq.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}\plugins\npConduitFirefoxPlugin.dll
FF - ExtSQL: 2013-05-18 06:14; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - ExtSQL: 2013-06-17 08:53; {77e8143b-6759-416e-b521-82cfed75150b}; c:\users\simon\appdata\roaming\mozilla\firefox\profiles\d1cu6lnq.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-5-8 31112]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-8 37256]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2011-5-8 21896]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-6-18 102448]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-5-8 15240]
R1 RapportCerberus_53984;RapportCerberus_53984;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\53984\RapportCerberus32_53984.sys [2013-5-30 317424]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-6-18 103120]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-6-18 174320]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-5-8 97056]
R2 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-5-8 56200]
R2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2011-5-6 1085440]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-29 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-29 701512]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-6-18 1124632]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2011-5-8 188808]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-29 22856]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-7-28 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-7-28 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-7-28 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-7-28 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-7-28 25704]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2010-10-25 145920]
S3 CCCP106;TRUST 120 SPACEC@M;c:\windows\system32\drivers\cccp106.sys [2008-12-15 227200]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-5 36608]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-7 30192]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2007-10-10 42112]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-07-15 04:53:33 -------- d-----w- c:\users\simon\appdata\local\{63FE499E-DA10-4B31-9AD9-E72BAA9D228E}
2013-07-14 16:53:11 -------- d-----w- c:\users\simon\appdata\local\{FCA609FC-B779-4312-A92C-6A7101671EA7}
2013-07-14 04:52:46 -------- d-----w- c:\users\simon\appdata\local\{6BB9E503-17E7-47A7-B2A5-22E21DA416DB}
2013-07-13 16:52:22 -------- d-----w- c:\users\simon\appdata\local\{219FFBB5-AD96-4DEA-A24D-6D44C6D3B13B}
2013-07-13 04:52:11 -------- d-----w- c:\users\simon\appdata\local\{F1B12BDF-70BD-47E0-B6BA-D6D55DE17279}
2013-07-12 08:18:16 -------- d-----w- c:\users\simon\appdata\local\{D5A8D224-3D98-42A0-B087-077104A39E27}
2013-07-11 20:00:54 -------- d-----w- c:\users\simon\appdata\local\{D9779468-3CB0-4D0B-9A5D-FCDB8CE01066}
2013-07-11 08:00:43 -------- d-----w- c:\users\simon\appdata\local\{638BDECF-1688-402D-9BAA-3CF6354363DD}
2013-07-10 20:00:31 -------- d-----w- c:\users\simon\appdata\local\{0379A124-902A-4132-9437-D9611E07768B}
2013-07-10 08:00:06 -------- d-----w- c:\users\simon\appdata\local\{D6AD4F86-5587-443C-8246-688FF78314FE}
2013-07-09 19:59:55 -------- d-----w- c:\users\simon\appdata\local\{1EED056E-C3AA-45BC-A0A5-DA9E3380875D}
2013-07-09 07:59:31 -------- d-----w- c:\users\simon\appdata\local\{769A63D1-D16E-4419-925F-87B7709287F6}
2013-07-08 19:59:20 -------- d-----w- c:\users\simon\appdata\local\{39B7E647-A6E0-4F5D-A2C7-2AACCF3CD59E}
2013-07-08 07:58:55 -------- d-----w- c:\users\simon\appdata\local\{F3575567-AB9F-4B8A-988E-12603A128D69}
2013-07-07 19:58:44 -------- d-----w- c:\users\simon\appdata\local\{F914FD7C-9BB2-4B88-973B-895D0B33A49B}
2013-07-07 06:02:11 -------- d-----w- c:\users\simon\appdata\local\{6EBB357F-2BCE-4D99-931A-F149F59EE97E}
2013-07-06 18:02:00 -------- d-----w- c:\users\simon\appdata\local\{AEF78BAB-1A24-4007-9E65-B8A8B08B5EED}
2013-07-06 06:00:19 -------- d-----w- c:\users\simon\appdata\local\{66C14F5C-8F4D-48BF-89A4-1FDF685E412E}
2013-07-05 05:39:22 -------- d-----w- c:\users\simon\appdata\local\{1C4AFDE3-6803-49ED-A156-AFBB2997262A}
2013-07-04 08:54:01 -------- d-----w- c:\users\simon\appdata\local\{45CE9C2D-969C-47B7-B801-87BF9075DF2C}
2013-07-03 20:53:49 -------- d-----w- c:\users\simon\appdata\local\{40BBC42D-04BA-4DBD-B08D-BA9CD077326D}
2013-07-03 08:53:38 -------- d-----w- c:\users\simon\appdata\local\{FF8E58E3-40BF-4FBE-8A5C-109E236835AA}
2013-07-02 20:53:26 -------- d-----w- c:\users\simon\appdata\local\{96902462-1054-4804-ADFB-6C5A058E979B}
2013-07-02 08:53:15 -------- d-----w- c:\users\simon\appdata\local\{911A0FBE-F010-4614-9E24-3984541F0C5D}
2013-07-01 19:38:26 -------- d-----w- c:\programdata\Font Downloader
2013-07-01 19:35:24 -------- dc-h--w- c:\programdata\{6F9E8B22-7CC3-43A0-A6E8-5F715C9A1C7B}
2013-07-01 19:35:11 -------- d-----w- c:\program files\Zebra Technologies
2013-07-01 19:07:28 108544 ----a-w- c:\windows\system32\zdnPMU.dll
2013-07-01 19:07:28 107008 ----a-w- c:\windows\system32\zdnPMS.dll
2013-07-01 19:03:21 -------- d-----w- C:\ZD267718
2013-07-01 17:40:03 -------- d-----w- c:\users\simon\appdata\local\{058B0767-36E6-415D-AB5D-8549B9F742E2}
2013-07-01 05:39:53 -------- d-----w- c:\users\simon\appdata\local\{0A81ADC4-E090-4C50-A929-96B89AF81281}
2013-06-30 16:34:58 -------- d-----w- c:\users\simon\appdata\local\{E9E57468-4F87-4C3B-B557-D887D73A53FD}
2013-06-29 22:08:59 -------- d-----w- c:\users\simon\appdata\roaming\AVG2013
2013-06-29 22:04:36 -------- d-----w- c:\programdata\AVG2013
2013-06-29 21:56:27 -------- d-----w- c:\users\simon\appdata\local\MFAData
2013-06-29 21:56:27 -------- d-----w- c:\users\simon\appdata\local\Avg2013
2013-06-29 21:44:10 -------- d-----w- c:\users\simon\appdata\roaming\Malwarebytes
2013-06-29 21:43:56 -------- d-----w- c:\programdata\Malwarebytes
2013-06-29 21:43:55 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-29 21:43:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-29 00:48:14 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-06-29 00:47:24 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{62f35cbb-7dba-4307-99c5-f6c187a4013e}\mpengine.dll
2013-06-29 00:25:24 -------- d-----w- c:\programdata\HitmanPro
2013-06-28 20:12:26 -------- d-----w- c:\programdata\qmkkp
2013-06-28 19:39:40 -------- d-----w- c:\users\simon\appdata\local\{5972740E-21F0-4C5C-9630-3FD079432F11}
2013-06-28 07:39:15 -------- d-----w- c:\users\simon\appdata\local\{CA4F9DB7-7098-46FB-AE4A-E7557C0B8765}
2013-06-27 19:38:51 -------- d-----w- c:\users\simon\appdata\local\{6F8A8945-93C6-4A44-8BB1-F296880E35F0}
2013-06-27 07:38:27 -------- d-----w- c:\users\simon\appdata\local\{3BEBD0B6-8AC7-41A2-8F4E-215B9F560AF0}
2013-06-26 19:38:15 -------- d-----w- c:\users\simon\appdata\local\{2DEA446E-8D8C-42AE-B4CC-2EFD2A339438}
2013-06-26 07:38:04 -------- d-----w- c:\users\simon\appdata\local\{0E58A897-51FD-4BC2-99E9-35697E846835}
2013-06-25 19:37:53 -------- d-----w- c:\users\simon\appdata\local\{7912FD7B-C80B-48A8-8333-FB702EDA3909}
2013-06-25 07:37:29 -------- d-----w- c:\users\simon\appdata\local\{C9AA371E-507F-4BB1-A852-87E3D7CF85B8}
2013-06-24 19:37:18 -------- d-----w- c:\users\simon\appdata\local\{4A3EBFBD-4342-4897-9F65-CBC51D646B6F}
2013-06-24 07:36:53 -------- d-----w- c:\users\simon\appdata\local\{4627CA2E-58EE-4B2A-9253-2DFBAA48DEE7}
2013-06-23 19:36:43 -------- d-----w- c:\users\simon\appdata\local\{9ACD1E28-906A-487D-A6E7-2F29199A464F}
2013-06-23 07:36:19 -------- d-----w- c:\users\simon\appdata\local\{16E6C162-5023-429F-9D5A-38B869E739A4}
2013-06-22 19:36:08 -------- d-----w- c:\users\simon\appdata\local\{87BD429F-1D3D-4C83-8137-C616160CF2C2}
2013-06-22 07:35:44 -------- d-----w- c:\users\simon\appdata\local\{E8266D7F-C476-48A7-B508-4104D8C7E6E6}
2013-06-21 19:35:33 -------- d-----w- c:\users\simon\appdata\local\{4C2F1C8F-8FC9-4CFE-839C-2377436E2F72}
2013-06-21 07:35:08 -------- d-----w- c:\users\simon\appdata\local\{BFDDE1E0-4499-4B40-B5C1-499AB50FAD12}
2013-06-20 19:34:44 -------- d-----w- c:\users\simon\appdata\local\{90B7161E-BB97-49FB-B612-8668305F1879}
2013-06-20 07:34:19 -------- d-----w- c:\users\simon\appdata\local\{C524D2F8-4624-455F-9833-C6837060845B}
2013-06-19 19:34:07 -------- d-----w- c:\users\simon\appdata\local\{6EF7F0A5-43BF-4211-816D-B1B4288DA9A0}
2013-06-19 07:33:56 -------- d-----w- c:\users\simon\appdata\local\{65FA64BE-57C1-4820-A838-924FED77F57B}
2013-06-18 19:33:45 -------- d-----w- c:\users\simon\appdata\local\{687E6F05-025D-4AFB-AEC0-D880EB8CC6F0}
2013-06-18 15:14:28 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-06-18 07:33:21 -------- d-----w- c:\users\simon\appdata\local\{FC827B21-8656-47F1-BCA9-0A7E153C075D}
2013-06-17 19:32:57 -------- d-----w- c:\users\simon\appdata\local\{F85F862D-318E-4524-99D7-3CC4AF4C24BE}
2013-06-17 07:55:42 -------- d-----w- c:\program files\Conduit
2013-06-17 07:54:20 -------- d-----w- c:\users\simon\appdata\local\Conduit
2013-06-17 07:54:20 -------- d-----w- c:\program files\DivX_Browser_Bar
2013-06-17 07:53:41 -------- d-----w- c:\program files\SearchProtect
2013-06-17 07:53:30 -------- d-----w- c:\users\simon\appdata\roaming\SearchProtect
2013-06-17 07:53:14 81536 ----a-w- C:\ministub.exe
2013-06-17 07:53:13 -------- d-----w- c:\programdata\Conduit
2013-06-17 07:32:34 -------- d-----w- c:\users\simon\appdata\local\{02FD3DD7-5055-40E1-A6CA-F3DF168FD741}
2013-06-16 19:32:23 -------- d-----w- c:\users\simon\appdata\local\{AE3EB953-1313-4C72-B32B-B4D22D7D6701}
2013-06-16 07:32:12 -------- d-----w- c:\users\simon\appdata\local\{FE5FDB1C-7746-4AA5-ADC9-861A449A88E6}
2013-06-15 19:32:01 -------- d-----w- c:\users\simon\appdata\local\{E36D2C74-7DBB-4169-AE47-684F80A1E676}
2013-06-15 07:31:38 -------- d-----w- c:\users\simon\appdata\local\{597BEEAE-7682-4389-9C37-11DBE79F023C}
.
==================== Find3M  ====================
.
2013-07-14 08:16:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-14 08:16:39 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-04 01:50:43 2049024 ----a-w- c:\windows\system32\win32k.sys
2013-06-01 04:06:08 505344 ----a-w- c:\windows\system32\qedit.dll
2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-08 04:37:21 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 04:04:52 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-05-02 22:03:36 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03:36 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 04:04:25 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03:42 37376 ----a-w- c:\windows\system32\printcom.dll
2013-05-02 01:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 12:49:27 103832 ------w- c:\users\simon\GoToAssistDownloadHelper.exe
2013-04-24 04:00:30 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-04-24 04:00:30 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-04-24 04:00:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-04-24 04:00:24 41984 ----a-w- c:\windows\system32\certenc.dll
2013-04-24 01:46:29 812544 ----a-w- c:\windows\system32\certutil.exe
2013-04-17 12:30:06 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-04-17 11:28:53 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-17 11:28:53 189952 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-17 11:28:53 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-17 11:28:53 1029120 ----a-w- c:\windows\system32\d3d10.dll
2013-04-17 10:34:33 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-17 10:33:05 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-17 10:14:27 683008 ----a-w- c:\windows\system32\d2d1.dll
2013-04-17 10:10:35 1069056 ----a-w- c:\windows\system32\DWrite.dll
2013-04-17 10:10:34 798208 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH:  8:08:29.27 ===============
 

 

Thank Simon
 

[kevinf80]

Download http://www.bleepingcomputer.com/download/adwcleaner/ by Xplode onto your Desktop.

 

•   Please close all open programs and internet browsers.
  
•   Double click on Adwcleaner.exe to run the tool.
  
•   Click on Delete.
  
•   Confirm each time with OK.
  
•   Your computer will be rebooted automatically. A text file will open after the restart.
  
•   Please post the content of that logfile in your reply.
  
•   You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.
  

 

Next,

 

download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

• Double-click on the Rkill desktop icon to run the tool.
  
• If using Vista or Windows 7, right-click on it and Run As Administrator.
  
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  
• A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  
• If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  
• If the tool does not run from any of the links provided, please let me know.
  

 

Next,

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 

• 
  

  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

 

Let me see those logs in your next reply...

 

Kevin

 

[Pugwash]

Heres the adwcleaner log :  just going top run the run Rkill now

 

# AdwCleaner v2.305 - Logfile created 07/15/2013 at 08:59:54
# Updated 11/07/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)
# User : Simon - SIMON-PC
# Boot Mode : Normal
# Running from : C:\Users\Simon\Desktop\clan up\AdwCleaner.exe
# Option [Delete]

***** [services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\user.js
File Deleted : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\d1cu6lnq.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\Wondershare
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DivX_Browser_Bar
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Wondershare
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
Folder Deleted : C:\Users\Simon\AppData\Local\Conduit
Folder Deleted : C:\Users\Simon\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Simon\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Simon\AppData\Local\Temp\CT3288691
Folder Deleted : C:\Users\Simon\AppData\Local\Temp\OpenCandy
Folder Deleted : C:\Users\Simon\AppData\Local\Temp\TempDir
Folder Deleted : C:\Users\Simon\AppData\Local\Wondershare
Folder Deleted : C:\Users\Simon\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Simon\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Simon\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Simon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Simon\AppData\LocalLow\DivX_Browser_Bar
Folder Deleted : C:\Users\Simon\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\d1cu6lnq.default\CT3288691
Folder Deleted : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\d1cu6lnq.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
Folder Deleted : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\d1cu6lnq.default\Smartbar
Folder Deleted : C:\Users\Simon\AppData\Roaming\SearchProtect
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\DivX_Browser_Bar
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DivX_Browser_Bar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3288691
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DivX_Browser_Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29E29288-D2C9-4168-B450-4CFFB636A3E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFA3DF43-38D7-4D99-B859-D1F9A7C82CBF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77E8143B-6759-416E-B521-82CFED75150B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD937C23-9304-4E9E-9FD3-0E00B88E2C2E}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DivX_Browser_Bar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\Software\SearchProtect
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{77E8143B-6759-416E-B521-82CFED75150B}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\d1cu6lnq.default\prefs.js

Deleted : user_pref("CT3288691.CONDUIT_UPDATE_converterVersion.enc", "OS4yLjAuMTY=");
Deleted : user_pref("CT3288691.CONDUIT_UPDATE_lastTimeUpdateChecked.enc", -769725730);
Deleted : user_pref("CT3288691.CONDUIT_UPDATE_playerVersion.enc", "MTEuMC4xLjUy");
Deleted : user_pref("CT3288691.CONDUIT_UPDATE_streamerVersion.enc", "MS4yLjEuMjc=");
Deleted : user_pref("CT3288691.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3288691.FF19Solved", "true");
Deleted : user_pref("CT3288691.FirstTime", "true");
Deleted : user_pref("CT3288691.FirstTimeFF3", "true");

Deleted : user_pref("CT3288691.UserID", "UN12424685073165530");
Deleted : user_pref("CT3288691.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3288691.autoDisableScopes", -1);
Deleted : user_pref("CT3288691.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3288691.countryCode", "GB");
Deleted : user_pref("CT3288691.defaultSearch", "true");
Deleted : user_pref("CT3288691.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax[...]
Deleted : user_pref("CT3288691.enableAlerts", "true");
Deleted : user_pref("CT3288691.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3288691.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3288691.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundError", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3288691.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3288691.fixUrls", true);
Deleted : user_pref("CT3288691.fullUserID", "UN12424685073165530.IN.2013061785328");
Deleted : user_pref("CT3288691.installDate", "17/06/2013 8:53:29");
Deleted : user_pref("CT3288691.installId", "stub.exe");
Deleted : user_pref("CT3288691.installSessionId", "{D9C30DD1-6FAF-4026-9355-79C8F0B8C14F}");
Deleted : user_pref("CT3288691.installSp", "true");
Deleted : user_pref("CT3288691.installType", "conduitnsisintegration");
Deleted : user_pref("CT3288691.installUsage", "2013-06-17T14:35:17.5139333+03:00");
Deleted : user_pref("CT3288691.installUsageEarly", "2013-06-17T14:35:15.9851627+03:00");
Deleted : user_pref("CT3288691.installerVersion", "1.4.3.0");
Deleted : user_pref("CT3288691.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3288691.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3288691.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3288691.keyword", "true");

Deleted : user_pref("CT3288691.lastVersion", "10.16.4.519");
Deleted : user_pref("CT3288691.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3288691.migrateAppsAndComponents", true);
Deleted : user_pref("CT3288691.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fsellercentral.a[...]
Deleted : user_pref("CT3288691.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.openThankYouPage", "false");
Deleted : user_pref("CT3288691.openUninstallPage", "true");

Deleted : user_pref("CT3288691.originalSearchAddressUrl", "");
Deleted : user_pref("CT3288691.originalSearchEngine", "");
Deleted : user_pref("CT3288691.revertSettingsEnabled", "false");
Deleted : user_pref("CT3288691.search.searchAppId", "10000002");
Deleted : user_pref("CT3288691.search.searchCount", "2");
Deleted : user_pref("CT3288691.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3288691.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3288691.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3288691.searchRevert", "false");
Deleted : user_pref("CT3288691.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3288691.searchUserMode", "2");
Deleted : user_pref("CT3288691.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3288691.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3288691.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3288691.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3288691.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3288691.serviceLayer_services_Configuration_lastUpdate", "1373706210747");
Deleted : user_pref("CT3288691.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1373619913616");
Deleted : user_pref("CT3288691.serviceLayer_services_appsMetadata_lastUpdate", "1373706214782");
Deleted : user_pref("CT3288691.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1372711074589");
Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1371468906[...]
Deleted : user_pref("CT3288691.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1371468908311")[...]
Deleted : user_pref("CT3288691.serviceLayer_services_location_lastUpdate", "1372711073639");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.2.10_lastUpdate", "1372711074428");
Deleted : user_pref("CT3288691.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373706340352");
Deleted : user_pref("CT3288691.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1372711074722");
Deleted : user_pref("CT3288691.serviceLayer_services_searchAPI_lastUpdate", "1373706210961");
Deleted : user_pref("CT3288691.serviceLayer_services_serviceMap_lastUpdate", "1373706209974");
Deleted : user_pref("CT3288691.serviceLayer_services_toolbarContextMenu_lastUpdate", "1372711074539");
Deleted : user_pref("CT3288691.serviceLayer_services_toolbarSettings_lastUpdate", "1373706227263");
Deleted : user_pref("CT3288691.serviceLayer_services_translation_lastUpdate", "1373706331886");
Deleted : user_pref("CT3288691.settingsINI", true);
Deleted : user_pref("CT3288691.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3288691.showToolbarPermission", "false");
Deleted : user_pref("CT3288691.smartbar.CTID", "CT3288691");
Deleted : user_pref("CT3288691.smartbar.Uninstall", "0");
Deleted : user_pref("CT3288691.smartbar.homepage", "true");
Deleted : user_pref("CT3288691.smartbar.toolbarName", "DivX Browser Bar ");
Deleted : user_pref("CT3288691.startPage", "true");
Deleted : user_pref("CT3288691.toolbarBornServerTime", "17-6-2013");
Deleted : user_pref("CT3288691.toolbarCurrentServerTime", "13-7-2013");
Deleted : user_pref("CT3288691.toolbarLoginClientTime", "Mon Jun 17 2013 12:35:07 GMT+0100 (GMT Daylight Time)[...]
Deleted : user_pref("CT3288691.versionFromInstaller", "10.16.2.10");
Deleted : user_pref("CT3288691_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "DivX Browser Bar Customized Web Search");

Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3288691");
Deleted : user_pref("browser.search.defaultthis.engineName", "DivX Browser Bar Customized Web Search");

Deleted : user_pref("browser.search.selectedEngine", "DivX Browser Bar Customized Web Search");


Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3288691");


Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3288691");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3288691");
Deleted : user_pref("smartbar.machineId", "T2CBGXMJ3GTDHP8QT6KG8UTCTPRTGYZM4MJ9QDMYVYGR8FALCQOONLAZ435N3XUDDVH[...]

*************************

AdwCleaner[s1].txt - [21205 octets] - [15/07/2013 08:59:54]

########## EOF - C:\AdwCleaner[s1].txt - [21266 octets] ##########

[Pugwash]

RKIll  Log   going to now run OTL

 

Rkill 2.5.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/15/2013 09:20:56 AM in x86 mode.
Windows Version: Windows Vista Home Premium Service Pack 2

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  ::1             localhost

Program finished at: 07/15/2013 09:22:46 AM
Execution time: 0 hours(s), 1 minute(s), and 49 seconds(s)

[Pugwash]

OTL logfile created on: 15/07/2013 09:26:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simon\Desktop\clan up
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.28% Memory free
6.21 Gb Paging File | 4.75 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.10 Gb Total Space | 187.87 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.90 Gb Free Space | 49.02% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 614.44 Gb Free Space | 65.98% Space Free | Partition Type: FAT32
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/15 08:55:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\clan up\OTL.com
PRC - [2013/06/18 16:14:14 | 002,115,864 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/16 14:47:30 | 000,026,456 | ---- | M] (Uniblue Systems Ltd) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcfgex.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/11 13:45:54 | 001,660,232 | ---- | M] (Bootstrap Software Development) -- C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/09/16 18:52:14 | 000,331,776 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2007/05/11 14:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2004/10/01 16:06:34 | 000,163,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/03 13:14:11 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/02/13 03:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 03:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2007/10/24 09:50:06 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/07/14 09:16:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/06/17 13:42:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)
SRV - [2010/10/25 14:53:46 | 000,145,920 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/07/07 11:32:38 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/03/13 19:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/10/01 16:06:34 | 000,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe -- (btwdins)
 
 
========== Driver Services (All) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/18 16:14:30 | 000,103,120 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/06/18 16:14:28 | 000,174,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/06/18 16:14:28 | 000,102,448 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/05/30 11:20:52 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/05/08 05:37:21 | 000,905,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip6)
DRV - [2013/05/08 05:37:21 | 000,905,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tcpip.sys -- (Tcpip)
DRV - [2013/04/15 15:20:04 | 000,638,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dxgkrnl.sys -- (DXGKrnl)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/03 20:07:52 | 001,082,232 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\ntfs.sys -- (Ntfs)
DRV - [2012/12/13 14:50:38 | 000,045,056 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/21 13:01:22 | 000,026,840 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/08/21 12:47:42 | 000,224,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volsnap.sys -- (volsnap)
DRV - [2012/07/26 04:39:21 | 000,526,952 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Wdf01000.sys -- (Wdf01000)
DRV - [2012/07/26 03:33:43 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFPf.sys -- (WudfPf)
DRV - [2012/07/26 03:32:51 | 000,155,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUDFRd.sys -- (WUDFRd)
DRV - [2012/06/04 16:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ksecdd.sys -- (KSecDD)
DRV - [2012/05/01 15:03:49 | 000,180,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpwd.sys -- (RDPWD)
DRV - [2012/03/31 11:24:24 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2012/03/31 11:24:24 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2012/03/31 11:24:24 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2012/03/31 11:24:24 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2012/03/31 11:24:24 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2012/03/21 00:28:50 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\partmgr.sys -- (partmgr)
DRV - [2012/02/29 14:32:37 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2011/07/06 16:31:47 | 000,214,016 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb10.sys -- (mrxsmb10)
DRV - [2011/05/10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/04/29 14:25:10 | 000,146,432 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv2.sys -- (srv2)
DRV - [2011/04/29 14:25:09 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srvnet.sys -- (srvnet)
DRV - [2011/04/29 14:24:42 | 000,079,872 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb20.sys -- (mrxsmb20)
DRV - [2011/04/29 14:24:40 | 000,106,496 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxsmb.sys -- (mrxsmb)
DRV - [2011/04/22 18:26:12 | 000,037,256 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/04/22 18:26:10 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2011/04/22 18:26:08 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/04/22 18:26:06 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/04/22 18:26:04 | 000,188,808 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\eudisk.sys -- (EUDISK)
DRV - [2011/04/21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\afd.sys -- (AFD)
DRV - [2011/04/14 15:59:03 | 000,075,264 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\dfsc.sys -- (DfsC)
DRV - [2011/02/22 14:23:55 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\bowser.sys -- (bowser)
DRV - [2011/02/18 15:03:32 | 000,305,152 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srv.sys -- (srv)
DRV - [2010/02/20 21:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\http.sys -- (HTTP)
DRV - [2010/02/18 12:28:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tunnel.sys -- (tunnel)
DRV - [2009/12/08 18:26:18 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tcpipreg.sys -- (tcpipreg)
DRV - [2009/10/01 02:01:54 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/11 07:33:03 | 000,292,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgrx.sys -- (volmgrx)
DRV - [2009/04/11 07:32:55 | 000,149,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pci.sys -- (pci)
DRV - [2009/04/11 07:32:52 | 000,053,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\termdd.sys -- (TermDD)
DRV - [2009/04/11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ndis.sys -- (NDIS)
DRV - [2009/04/11 07:32:49 | 000,014,312 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2009/04/11 07:32:46 | 000,265,688 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\acpi.sys -- (ACPI)
DRV - [2009/04/11 07:32:46 | 000,245,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\clfs.sys -- (CLFS)
DRV - [2009/04/11 07:32:46 | 000,190,424 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fltMgr.sys -- (FltMgr)
DRV - [2009/04/11 07:32:46 | 000,180,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\msiscsi.sys -- (iScsiPrt)
DRV - [2009/04/11 07:32:46 | 000,161,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msrpc.sys -- (MsRPC)
DRV - [2009/04/11 07:32:43 | 000,141,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ecache.sys -- (Ecache)
DRV - [2009/04/11 07:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\disk.sys -- (disk)
DRV - [2009/04/11 07:32:31 | 000,048,104 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\mup.sys -- (Mup)
DRV - [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\atapi.sys -- (atapi)
DRV - [2009/04/11 05:46:40 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rassstp.sys -- (RasSstp)
DRV - [2009/04/11 05:46:32 | 000,121,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndiswan.sys -- (NdisWan)
DRV - [2009/04/11 05:46:30 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspppoe.sys -- (RasPppoe)
DRV - [2009/04/11 05:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tdx.sys -- (tdx)
DRV - [2009/04/11 05:45:51 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\pacer.sys -- (PSched)
DRV - [2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009/04/11 05:45:22 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\smb.sys -- (Smb)
DRV - [2009/04/11 05:43:28 | 000,148,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwifi.sys -- (NativeWifiP)
DRV - [2009/04/11 05:43:16 | 000,196,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbhub.sys -- (usbhub)
DRV - [2009/04/11 05:43:12 | 000,148,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rfcomm.sys -- (RFCOMM)
DRV - [2009/04/11 05:43:10 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthenum.sys -- (BthEnum)
DRV - [2009/04/11 05:42:55 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBSTOR.SYS -- (USBSTOR)
DRV - [2009/04/11 05:42:52 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbehci.sys -- (usbehci)
DRV - [2009/04/11 05:42:48 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidusb.sys -- (HidUsb)
DRV - [2009/04/11 05:42:42 | 000,561,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2009/04/11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2009/04/11 05:38:40 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2009/04/11 05:14:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mrxdav.sys -- (MRxDAV)
DRV - [2009/04/11 05:14:29 | 000,225,280 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\rdbss.sys -- (rdbss)
DRV - [2009/04/11 05:14:01 | 000,035,328 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\npfs.sys -- (Npfs)
DRV - [2009/04/11 05:13:59 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2009/04/11 05:13:53 | 000,136,704 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\exfat.sys -- (exfat)
DRV - [2009/04/11 05:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\fastfat.sys -- (fastfat)
DRV - [2009/04/07 10:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/01/09 17:18:02 | 000,027,136 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/08/21 19:49:56 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 19:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/04/29 02:42:23 | 000,220,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthport.sys -- (BTHPORT)
DRV - [2008/04/29 02:42:21 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHUSB.SYS -- (BTHUSB)
DRV - [2008/03/07 13:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/01/21 03:24:59 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tssecsrv.sys -- (tssecsrv)
DRV - [2008/01/21 03:24:57 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modem.sys -- (Modem)
DRV - [2008/01/21 03:24:55 | 000,076,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rasl2tp.sys -- (Rasl2tp)
DRV - [2008/01/21 03:24:55 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\raspptp.sys -- (PptpMiniport)
DRV - [2008/01/21 03:24:55 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndisuio.sys -- (Ndisuio)
DRV - [2008/01/21 03:24:51 | 000,006,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mstee.sys -- (MSTEE)
DRV - [2008/01/21 03:24:51 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspclock.sys -- (MSPCLOCK)
DRV - [2008/01/21 03:24:51 | 000,005,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mspqm.sys -- (MSPQM)
DRV - [2008/01/21 03:24:50 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vga.sys -- (VgaSave)
DRV - [2008/01/21 03:24:50 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mskssrv.sys -- (MSKSSRV)
DRV - [2008/01/21 03:24:50 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPENCDD.sys -- (RDPENCDD)
DRV - [2008/01/21 03:24:49 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/21 03:24:47 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mpsdrv.sys -- (mpsdrv)
DRV - [2008/01/21 03:24:47 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\nsiproxy.sys -- (nsiproxy)
DRV - [2008/01/21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008/01/21 03:24:45 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipfltdrv.sys -- (IpFilterDriver)
DRV - [2008/01/21 03:24:37 | 000,084,480 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\System32\drivers\luafv.sys -- (luafv)
DRV - [2008/01/21 03:24:37 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rspndr.sys -- (rspndr)
DRV - [2008/01/21 03:24:37 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lltdio.sys -- (lltdio)
DRV - [2008/01/21 03:24:25 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipnat.sys -- (IPNAT)
DRV - [2008/01/21 03:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarpv6)
DRV - [2008/01/21 03:24:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wanarp.sys -- (Wanarp)
DRV - [2008/01/21 03:24:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndproxy.sys -- (NDProxy)
DRV - [2008/01/21 03:24:25 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ndistapi.sys -- (NdisTapi)
DRV - [2008/01/21 03:24:25 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TUNMP.SYS -- (tunmp)
DRV - [2008/01/21 03:24:21 | 000,027,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\filetrace.sys -- (Filetrace)
DRV - [2008/01/21 03:24:20 | 000,035,840 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\netbios.sys -- (NetBIOS)
DRV - [2008/01/21 03:24:19 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2008/01/21 03:24:11 | 000,021,048 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\spldr.sys -- (spldr)
DRV - [2008/01/21 03:24:08 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdtcp.sys -- (TDTCP)
DRV - [2008/01/21 03:24:08 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdpipe.sys -- (TDPIPE)
DRV - [2008/01/21 03:24:06 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPCDD.sys -- (RDPCDD)
DRV - [2008/01/21 03:24:04 | 000,058,936 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fileinfo.sys -- (FileInfo)
DRV - [2008/01/21 03:24:04 | 000,017,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\asyncmac.sys -- (AsyncMac)
DRV - [2008/01/21 03:23:54 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irenum.sys -- (IRENUM)
DRV - [2008/01/21 03:23:51 | 000,070,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\cdfs.sys -- (cdfs)
DRV - [2008/01/21 03:23:51 | 000,022,528 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\msfs.sys -- (Msfs)
DRV - [2008/01/21 03:23:50 | 000,004,608 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\null.sys -- (Null)
DRV - [2008/01/21 03:23:44 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\beep.sys -- (Beep)
DRV - [2008/01/21 03:23:43 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mountmgr.sys -- (MountMgr)
DRV - [2008/01/21 03:23:31 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\qwavedrv.sys -- (QWAVEdrv)
DRV - [2008/01/21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\MegaSR.sys -- (MegaSR)
DRV - [2008/01/21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 03:23:27 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbscan.sys -- (usbscan)
DRV - [2008/01/21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 03:23:27 | 000,009,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV - [2008/01/21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 03:23:26 | 000,041,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2008/01/21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2008/01/21 03:23:26 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2008/01/21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2008/01/21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 03:23:24 | 000,022,072 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2008/01/21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2008/01/21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 03:23:23 | 000,035,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\kbdclass.sys -- (kbdclass)
DRV - [2008/01/21 03:23:23 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2008/01/21 03:23:23 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_mmc.sys -- (sffp_mmc)
DRV - [2008/01/21 03:23:23 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sffp_sd.sys -- (sffp_sd)
DRV - [2008/01/21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 03:23:22 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2008/01/21 03:23:22 | 000,061,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GAGP30KX.SYS -- (gagp30kx)
DRV - [2008/01/21 03:23:22 | 000,059,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UAGP35.SYS -- (uagp35)
DRV - [2008/01/21 03:23:22 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\monitor.sys -- (monitor)
DRV - [2008/01/21 03:23:22 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\umbus.sys -- (umbus)
DRV - [2008/01/21 03:23:22 | 000,024,632 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\crcdisk.sys -- (crcdisk)
DRV - [2008/01/21 03:23:22 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbprint.sys -- (usbprint)
DRV - [2008/01/21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 03:23:21 | 000,094,776 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2008/01/21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 03:23:21 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drmkaud.sys -- (drmkaud)
DRV - [2008/01/21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 03:23:20 | 000,105,016 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2008/01/21 03:23:20 | 000,092,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bthpan.sys -- (BthPan)
DRV - [2008/01/21 03:23:20 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbccgp.sys -- (usbccgp)
DRV - [2008/01/21 03:23:20 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2008/01/21 03:23:20 | 000,034,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\mouclass.sys -- (mouclass)
DRV - [2008/01/21 03:23:20 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2008/01/21 03:23:20 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2008/01/21 03:23:20 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008/01/21 03:23:20 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mouhid.sys -- (mouhid)
DRV - [2008/01/21 03:23:20 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2008/01/21 03:23:03 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbuhci.sys -- (usbuhci)
DRV - [2008/01/21 03:23:02 | 000,030,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2008/01/21 03:23:02 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vgapnp.sys -- (vga)
DRV - [2008/01/21 03:23:01 | 000,248,832 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2008/01/21 03:23:01 | 000,109,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NV_AGP.SYS -- (nv_agp)
DRV - [2008/01/21 03:23:01 | 000,060,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ULIAGPKX.SYS -- (uliagpkx)
DRV - [2008/01/21 03:23:01 | 000,057,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AMDAGP.SYS -- (amdagp)
DRV - [2008/01/21 03:23:01 | 000,056,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VIAAGP.SYS -- (viaagp)
DRV - [2008/01/21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGP440.sys -- (agp440)
DRV - [2008/01/21 03:23:01 | 000,055,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISAGP.SYS -- (sisagp)
DRV - [2008/01/21 03:23:01 | 000,052,792 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\volmgr.sys -- (volmgr)
DRV - [2008/01/21 03:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2008/01/21 03:23:01 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2008/01/21 03:23:01 | 000,031,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mssmbios.sys -- (mssmbios)
DRV - [2008/01/21 03:23:01 | 000,016,440 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\msisadrv.sys -- (msisadrv)
DRV - [2008/01/21 03:23:01 | 000,015,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\swenum.sys -- (swenum)
DRV - [2008/01/21 03:23:00 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2008/01/21 03:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2008/01/21 03:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/01/21 03:23:00 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2008/01/21 03:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2008/01/21 03:23:00 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2008/01/21 03:23:00 | 000,028,728 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2008/01/21 03:23:00 | 000,020,792 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\compbatt.sys -- (Compbatt)
DRV - [2008/01/21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 03:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\intelide.sys -- (intelide)
DRV - [2008/01/21 03:23:00 | 000,017,976 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2008/01/21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/21 03:23:00 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2008/01/21 03:23:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\errdev.sys -- (ErrDev)
DRV - [2007/11/14 03:00:00 | 000,043,840 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2007/10/24 09:50:06 | 003,151,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/10/24 09:50:06 | 003,151,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/10/10 18:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/06/18 16:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/11 14:26:46 | 001,773,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2007/04/29 09:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/04/26 11:41:38 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/11/02 10:51:12 | 000,167,528 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pcmcia.sys -- (pcmcia)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:04:35 | 000,878,080 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PEAuth.sys -- (PEAUTH)
DRV - [2006/11/02 09:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006/11/02 09:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006/11/02 09:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006/11/02 09:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir)
DRV - [2006/11/02 09:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006/11/02 09:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006/11/02 09:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006/11/02 09:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2006/11/02 09:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006/11/02 09:51:25 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serenum.sys -- (Serenum)
DRV - [2006/11/02 09:51:23 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\parvdm.sys -- (Parvdm)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltUp.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrFiltLo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 07:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2004/10/01 15:48:30 | 001,241,482 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/10/01 15:43:44 | 000,054,488 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004/02/18 23:12:00 | 000,299,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd.sys -- (snpstd)
DRV - [2003/04/09 12:17:14 | 000,227,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cccp106.sys -- (CCCP106)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUK
IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm018YYgb&ptnrS=HJxdm018YYgb&si=pconverter&ptb=683E4C76-CC8D-46AF-81B9-D0AE53FBAF62&ind=2012072813&n=77edcb6d&psa=&st=sb&searchfor={searchTerms}
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=4080707
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUK_en-GBGB302&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\SearchScopes\{A4AB67D5-E96F-46AF-A2C4-25C52A259158}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3288691&CUI=UN11716929453874324&UM=2
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HJxdm018YYgb&ptnrS=HJxdm018YYgb&si=pconverter&ptb=683E4C76-CC8D-46AF-81B9-D0AE53FBAF62&ind=2012072813&n=77edcb6d&psa=&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\SearchScopes\{FC92F4EE-49C1-4514-A46E-7BB0D5508A30}: "URL" = http://search.avg.com/route/?d=4b3d2cf0&i=23&tp=chrome&q={searchTerms}&lng={language}&ychte=uk&nt=1
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B77e8143b-6759-416e-b521-82cfed75150b%7D:10.16.4.519
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Program Files\TradeManager\nptrademanager.dll File not found
FF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files\TradeManager\npwangwang.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/18 06:14:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/17 13:42:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/17 13:42:18 | 000,000,000 | ---D | M]
 
[2010/02/03 23:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions
[2008/11/18 12:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2010/02/03 23:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2013/07/15 09:00:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\d1cu6lnq.default\extensions
[2013/07/12 10:00:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\d1cu6lnq.default\extensions\trash
[2013/06/17 13:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/17 13:42:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/12 10:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions
[2013/07/12 10:51:30 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D1CU6LNQ.DEFAULT\EXTENSIONS\{77E8143B-6759-416E-B521-82CFED75150B}
[2012/11/23 07:11:16 | 000,108,576 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\nptrademanager.dll
[2013/01/11 04:45:50 | 000,108,048 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npwangwang.dll
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bSDAppUpdater] C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [OCDLMgr]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://bq.kp.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.32.171.21 213.120.234.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39F0330F-AB2C-465A-ADD3-D6CF3AF086A4}: DhcpNameServer = 88.82.13.60 88.82.13.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55D1A2F5-90E9-4CEB-9014-59A1DE3C14B5}: DhcpNameServer = 88.82.13.60 88.82.13.60
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{58514816-F247-4D33-8193-23DDD69D4DE0}: DhcpNameServer = 217.32.171.21 213.120.234.62
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\Windows\System32\BTXPPanel.dll (Broadcom Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/26 17:15:22 | 000,000,191 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{7240db14-6f0d-11de-a273-00219b003f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{7240db14-6f0d-11de-a273-00219b003f4d}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{7240db20-6f0d-11de-a273-00219b003f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{7240db20-6f0d-11de-a273-00219b003f4d}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{b35cb698-77eb-11e0-ba14-00219b003f4d}\Shell - "" = AutoRun
O33 - MountPoints2\{b35cb698-77eb-11e0-ba14-00219b003f4d}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/15 09:17:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\RK_Quarantine
[2013/07/15 07:18:03 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\clan up
[2013/07/15 05:53:33 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{63FE499E-DA10-4B31-9AD9-E72BAA9D228E}
[2013/07/14 17:53:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FCA609FC-B779-4312-A92C-6A7101671EA7}
[2013/07/14 08:01:19 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/14 08:01:18 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/14 08:01:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/14 08:01:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/14 08:01:18 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/14 08:01:17 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/14 08:01:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/14 08:01:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/14 05:52:46 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6BB9E503-17E7-47A7-B2A5-22E21DA416DB}
[2013/07/13 17:52:22 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{219FFBB5-AD96-4DEA-A24D-6D44C6D3B13B}
[2013/07/13 05:52:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{F1B12BDF-70BD-47E0-B6BA-D6D55DE17279}
[2013/07/12 09:18:16 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{D5A8D224-3D98-42A0-B087-077104A39E27}
[2013/07/11 21:00:54 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{D9779468-3CB0-4D0B-9A5D-FCDB8CE01066}
[2013/07/11 09:00:43 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{638BDECF-1688-402D-9BAA-3CF6354363DD}
[2013/07/11 03:50:51 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/11 03:50:35 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/11 03:50:35 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/07/11 03:50:34 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/07/11 03:50:34 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/07/11 03:50:34 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/07/11 03:50:34 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/07/11 03:50:34 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/07/11 03:50:34 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/07/11 03:50:32 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/11 03:50:31 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/10 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{0379A124-902A-4132-9437-D9611E07768B}
[2013/07/10 09:00:06 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{D6AD4F86-5587-443C-8246-688FF78314FE}
[2013/07/10 07:44:32 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Bouncy castles
[2013/07/09 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{1EED056E-C3AA-45BC-A0A5-DA9E3380875D}
[2013/07/09 08:59:31 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{769A63D1-D16E-4419-925F-87B7709287F6}
[2013/07/08 20:59:20 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{39B7E647-A6E0-4F5D-A2C7-2AACCF3CD59E}
[2013/07/08 08:58:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{F3575567-AB9F-4B8A-988E-12603A128D69}
[2013/07/07 20:58:44 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{F914FD7C-9BB2-4B88-973B-895D0B33A49B}
[2013/07/07 12:05:37 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\2013-07-07
[2013/07/07 07:02:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6EBB357F-2BCE-4D99-931A-F149F59EE97E}
[2013/07/06 19:02:00 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{AEF78BAB-1A24-4007-9E65-B8A8B08B5EED}
[2013/07/06 07:00:19 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{66C14F5C-8F4D-48BF-89A4-1FDF685E412E}
[2013/07/05 06:39:22 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{1C4AFDE3-6803-49ED-A156-AFBB2997262A}
[2013/07/04 09:54:01 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{45CE9C2D-969C-47B7-B801-87BF9075DF2C}
[2013/07/03 21:53:49 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{40BBC42D-04BA-4DBD-B08D-BA9CD077326D}
[2013/07/03 09:53:38 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FF8E58E3-40BF-4FBE-8A5C-109E236835AA}
[2013/07/02 21:53:26 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{96902462-1054-4804-ADFB-6C5A058E979B}
[2013/07/02 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{911A0FBE-F010-4614-9E24-3984541F0C5D}
[2013/07/01 21:53:50 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\June figures HIKS
[2013/07/01 20:38:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Font Downloader
[2013/07/01 20:35:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6F9E8B22-7CC3-43A0-A6E8-5F715C9A1C7B}
[2013/07/01 20:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zebra Technologies
[2013/07/01 20:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Zebra Technologies
[2013/07/01 20:07:28 | 000,108,544 | ---- | C] (Euro Plus d.o.o.) -- C:\Windows\System32\zdnPMU.dll
[2013/07/01 20:07:28 | 000,107,008 | ---- | C] (Euro Plus d.o.o.) -- C:\Windows\System32\zdnPMS.dll
[2013/07/01 20:03:21 | 000,000,000 | ---D | C] -- C:\ZD267718
[2013/07/01 20:00:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Zebra
[2013/07/01 18:40:03 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{058B0767-36E6-415D-AB5D-8549B9F742E2}
[2013/07/01 06:39:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{0A81ADC4-E090-4C50-A929-96B89AF81281}
[2013/06/30 17:34:58 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{E9E57468-4F87-4C3B-B557-D887D73A53FD}
[2013/06/29 23:08:59 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\AVG2013
[2013/06/29 23:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/06/29 23:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/06/29 22:56:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\MFAData
[2013/06/29 22:56:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\Avg2013
[2013/06/29 22:44:10 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
[2013/06/29 22:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/29 22:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/29 22:43:55 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/06/29 22:43:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/06/29 22:43:01 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\New Folder
[2013/06/29 22:43:01 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\malware
[2013/06/29 01:48:14 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/06/29 01:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/06/28 21:21:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/28 21:12:26 | 000,000,000 | ---D | C] -- C:\ProgramData\qmkkp
[2013/06/28 20:39:40 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{5972740E-21F0-4C5C-9630-3FD079432F11}
[2013/06/28 08:39:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{CA4F9DB7-7098-46FB-AE4A-E7557C0B8765}
[2013/06/27 20:38:51 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6F8A8945-93C6-4A44-8BB1-F296880E35F0}
[2013/06/27 09:18:47 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\2013-06-27
[2013/06/27 08:38:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{3BEBD0B6-8AC7-41A2-8F4E-215B9F560AF0}
[2013/06/26 20:38:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{2DEA446E-8D8C-42AE-B4CC-2EFD2A339438}
[2013/06/26 08:38:04 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{0E58A897-51FD-4BC2-99E9-35697E846835}
[2013/06/25 20:37:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{7912FD7B-C80B-48A8-8333-FB702EDA3909}
[2013/06/25 08:37:29 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{C9AA371E-507F-4BB1-A852-87E3D7CF85B8}
[2013/06/25 08:34:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Tree
[2013/06/24 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{4A3EBFBD-4342-4897-9F65-CBC51D646B6F}
[2013/06/24 08:36:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{4627CA2E-58EE-4B2A-9253-2DFBAA48DEE7}
[2013/06/23 21:38:23 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\OneNote Notebooks
[2013/06/23 20:36:43 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{9ACD1E28-906A-487D-A6E7-2F29199A464F}
[2013/06/23 08:36:19 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{16E6C162-5023-429F-9D5A-38B869E739A4}
[2013/06/22 20:36:08 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{87BD429F-1D3D-4C83-8137-C616160CF2C2}
[2013/06/22 08:35:44 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{E8266D7F-C476-48A7-B508-4104D8C7E6E6}
[2013/06/21 20:35:33 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{4C2F1C8F-8FC9-4CFE-839C-2377436E2F72}
[2013/06/21 08:35:08 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{BFDDE1E0-4499-4B40-B5C1-499AB50FAD12}
[2013/06/20 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{90B7161E-BB97-49FB-B612-8668305F1879}
[2013/06/20 08:34:19 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{C524D2F8-4624-455F-9833-C6837060845B}
[2013/06/19 20:34:07 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6EF7F0A5-43BF-4211-816D-B1B4288DA9A0}
[2013/06/19 08:33:56 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{65FA64BE-57C1-4820-A838-924FED77F57B}
[2013/06/18 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{687E6F05-025D-4AFB-AEC0-D880EB8CC6F0}
[2013/06/18 16:14:28 | 000,102,448 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/06/18 08:33:21 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FC827B21-8656-47F1-BCA9-0A7E153C075D}
[2013/06/17 20:32:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{F85F862D-318E-4524-99D7-3CC4AF4C24BE}
[2013/06/17 13:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/17 08:53:14 | 000,081,536 | ---- | C] (Conduit) -- C:\ministub.exe
[2013/06/17 08:32:34 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{02FD3DD7-5055-40E1-A6CA-F3DF168FD741}
[2013/06/16 20:32:23 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{AE3EB953-1313-4C72-B32B-B4D22D7D6701}
[2013/06/16 08:32:12 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FE5FDB1C-7746-4AA5-ADC9-861A449A88E6}
[2013/06/15 20:32:01 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{E36D2C74-7DBB-4169-AE47-684F80A1E676}
[2013/06/15 12:22:42 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Henry Sports day 2013
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/15 09:15:24 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/15 09:09:39 | 000,002,651 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/07/15 09:03:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/15 09:03:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/15 09:03:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/15 09:03:50 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2013/07/15 09:03:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/15 09:03:35 | 3217,252,352 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/15 09:01:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/14 19:03:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/14 09:18:05 | 000,609,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/14 09:18:05 | 000,108,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/14 09:16:39 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/14 09:16:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/07/14 08:54:28 | 000,337,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/10 16:40:26 | 000,002,196 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Zebra Setup Utilities.lnk
[2013/07/10 16:36:02 | 000,002,609 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2013/07/10 14:39:07 | 000,001,666 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2013/07/10 14:38:46 | 000,001,065 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Cucusoft iPhone Ringtone Maker.lnk
[2013/07/10 13:19:54 | 000,002,711 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Vodafone Mobile Connect.lnk
[2013/07/10 09:19:26 | 000,034,271 | ---- | M] () -- C:\Users\Simon\Desktop\untitled.png
[2013/07/09 12:13:18 | 000,002,583 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office OneNote 2007.lnk
[2013/07/09 12:13:17 | 000,002,619 | ---- | M] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk
[2013/07/07 12:05:37 | 002,854,671 | ---- | M] () -- C:\Users\Simon\Desktop\IMG_3026.JPG
[2013/07/06 18:00:50 | 000,025,679 | ---- | M] () -- C:\Users\Simon\Desktop\photo.JPG
[2013/06/30 05:50:23 | 000,000,036 | ---- | M] () -- C:\Windows\avgui.INI
[2013/06/29 02:32:14 | 000,000,680 | ---- | M] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat
[2013/06/29 01:48:14 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013/06/28 09:34:06 | 000,138,003 | ---- | M] () -- C:\Users\Simon\Desktop\ebay.pdf
[2013/06/23 21:39:15 | 000,116,824 | ---- | M] () -- C:\Users\Simon\Desktop\Unfiled Notes.pdf
[2013/06/23 21:37:46 | 000,193,567 | ---- | M] () -- C:\Users\Simon\Desktop\123.xps
[2013/06/18 16:14:28 | 000,102,448 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/06/17 08:55:02 | 000,001,396 | ---- | M] () -- C:\Users\Simon\Desktop\DivX Movies.lnk
[2013/06/17 08:53:44 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013/06/17 08:53:14 | 000,081,536 | ---- | M] (Conduit) -- C:\ministub.exe
 
========== Files Created - No Company Name ==========
 
[2013/07/10 16:40:26 | 000,002,196 | ---- | C] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Zebra Setup Utilities.lnk
[2013/07/10 14:39:07 | 000,001,666 | ---- | C] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2013/07/10 14:38:46 | 000,001,065 | ---- | C] () -- C:\Users\Simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Cucusoft iPhone Ringtone Maker.lnk
[2013/07/10 09:19:26 | 000,034,271 | ---- | C] () -- C:\Users\Simon\Desktop\untitled.png
[2013/07/07 12:05:37 | 002,854,671 | ---- | C] () -- C:\Users\Simon\Desktop\IMG_3026.JPG
[2013/07/06 17:59:10 | 000,025,679 | ---- | C] () -- C:\Users\Simon\Desktop\photo.JPG
[2013/06/30 05:50:22 | 000,000,036 | ---- | C] () -- C:\Windows\avgui.INI
[2013/06/29 01:07:08 | 3217,252,352 | -HS- | C] () -- C:\hiberfil.sys
[2013/06/28 09:34:06 | 000,138,003 | ---- | C] () -- C:\Users\Simon\Desktop\ebay.pdf
[2013/06/23 21:39:13 | 000,116,824 | ---- | C] () -- C:\Users\Simon\Desktop\Unfiled Notes.pdf
[2013/06/23 21:37:46 | 000,193,567 | ---- | C] () -- C:\Users\Simon\Desktop\123.xps
[2013/06/17 08:55:02 | 000,001,396 | ---- | C] () -- C:\Users\Simon\Desktop\DivX Movies.lnk
[2013/05/01 13:49:27 | 000,103,832 | ---- | C] () -- C:\Users\Simon\GoToAssistDownloadHelper.exe
[2012/09/29 17:38:35 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/10/27 12:37:51 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys
[2011/10/27 12:37:51 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini
[2008/11/18 18:01:29 | 000,000,680 | ---- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat
[2008/11/18 10:06:48 | 816,250,880 | ---- | C] () -- C:\Users\Simon\outlook.pst
[2008/11/18 09:43:35 | 000,000,100 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\wklnhst.dat
[2008/11/18 09:37:05 | 000,030,720 | ---- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/07 16:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/03/07 13:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010/07/10 10:23:08 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Trusteer
[2010/07/10 10:23:08 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Trusteer
[2011/10/27 14:09:06 | 000,000,000 | -HSD | M] -- C:\Users\Simon\AppData\Roaming\.#
[2013/05/21 18:03:14 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Alibaba
[2011/11/20 13:21:42 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Avery
[2013/06/29 23:08:59 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\AVG2013
[2011/02/25 22:53:44 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BitTorrent
[2011/12/13 12:34:37 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\BSD
[2012/07/13 19:40:38 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Canon
[2013/04/12 11:50:50 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Digiarty
[2011/11/18 09:10:19 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\eTeks
[2012/03/24 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\EurekaLog
[2011/04/08 17:46:00 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Flip Video
[2012/06/04 23:15:01 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\FrostWire
[2010/04/05 12:32:55 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\GetRightToGo
[2011/02/25 22:41:33 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\LimeWire
[2009/06/24 19:18:05 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\NCH Swift Sound
[2009/05/04 15:39:18 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Nokia
[2010/03/19 15:19:31 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PC Suite
[2010/05/14 20:28:33 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Research In Motion
[2012/07/13 11:51:57 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Samsung
[2011/09/14 06:53:50 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Spotify
[2008/11/18 09:43:37 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Template
[2008/11/18 12:08:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\TomTom
[2010/06/20 12:21:10 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Trusteer
[2013/04/10 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Uniblue
[2009/07/19 07:47:02 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Vodafone
[2010/11/13 07:48:14 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Windows Live Writer
[2012/07/28 18:35:46 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Wondershare Video Converter Ultimate
 
========== Purity Check ==========
 
 

< End of report >

[Pugwash]

OTL Extras logfile created on: 15/07/2013 09:26:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Simon\Desktop\clan up
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.28% Memory free
6.21 Gb Paging File | 4.75 Gb Available in Paging File | 76.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 586.10 Gb Total Space | 187.87 Gb Free Space | 32.05% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.90 Gb Free Space | 49.02% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 614.44 Gb Free Space | 65.98% Space Free | Partition Type: FAT32
 
Computer Name: SIMON-PC | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E2C9292-3259-4E97-8798-2E142A039739}" = lport=24726 | protocol=6 | dir=in | name=flipshareserver |
"{34494D86-205F-4DBE-BB44-F3AD2340DDD3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{983B29B7-E400-4003-8D64-7DB0ACAA1688}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9B1AFEAB-8227-436A-ABCD-84CC4CA82E67}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B4DDAF8F-F44A-4F13-AECF-D89A8A93CB1D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F914B704-C845-4D62-8D03-7214BBE43B90}" = lport=24727 | protocol=6 | dir=in | name=flipshareserver |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F634936-DD50-494B-97A1-07F67ACEC3C2}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{1469E2D7-E23B-4607-88DE-5BF4C4330ECA}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{186CCC16-3FC3-4D8C-9A91-EBE2EFD8F670}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{18A62C67-7E8E-4BFA-94C1-C22F1A0CFB93}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{2D7F5B1D-C987-46DB-8F64-32A84B412793}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{325EF997-3044-4EBE-913E-F84D6247B65E}" = protocol=6 | dir=in | app=e:\installer\hpbcsiinstaller.exe |
"{3A4FC27C-30E1-478E-A020-24896F13D746}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{3B508019-6A84-4ECE-871B-03AECF3A8264}" = protocol=17 | dir=in | app=c:\program files\trademanager\aliim.exe |
"{445BEDAB-4C6B-4CE1-879F-3B9CB64471DF}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5AFCD6A6-F4DE-4756-8419-4CBA9ECF8919}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{64E8252E-685D-4022-866E-89AB49F80CED}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{67BAF155-7BB7-46F4-B42D-7EA8BEA3DD12}" = protocol=17 | dir=in | app=e:\installer\hpbcsiinstaller.exe |
"{68AB2759-0D55-4855-B901-4A29DAFF9395}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{71877A54-16CE-4682-BBE6-4F14F94C8CE1}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{80818F32-50FA-485A-86DC-9B7C06888DC7}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{8665580B-A810-418C-8796-10746B3FB7BD}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{8B01DBC5-E2FA-43B1-907B-976B062AF069}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{913EF483-B165-4397-ACCF-E08C1AFA8198}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A22A9C83-90E8-4D26-B812-4B93EA090E14}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{AE89E190-4F96-45D7-8D54-A92FA507A0AD}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{C73CE23A-649A-444D-AA82-5BA6DD94CED2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{D25FA93D-90D2-4EA4-84F5-CC01D92B7BC7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D92F7D40-A2FA-4C07-9085-D4D5029A4D2D}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{E13FF32D-F99B-4271-B3AC-2E90DE0157B2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E3585E5F-00C7-41C8-A5E6-63B33083BA75}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E54CDDF0-7CDF-4F48-AE43-C2E346C5697A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EB3E80F4-4682-466D-9B34-A76486D5982B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EB4630BE-D9D4-4A50-8AFE-CAB5FB6770A1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{F32BB31F-EE25-4852-94CB-8B4E1D350CA5}" = protocol=6 | dir=in | app=c:\program files\trademanager\aliim.exe |
"{F762B35D-0447-4ED2-820A-D8739616AF28}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{1507DE45-373B-4A41-A5B3-F28FB9E82653}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"TCP Query User{363F847A-4BB5-48A9-9B9A-E5DABE896FD9}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{3A0A3747-1715-4F4A-8CC0-D90B9104EC34}C:\program files\philips\media manager\philips media manager.exe" = protocol=6 | dir=in | app=c:\program files\philips\media manager\philips media manager.exe |
"TCP Query User{74E9BDA7-0371-4B72-8FAB-B7CDCBB8DF8F}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{7A168292-7D16-4C10-8337-60A7EF8F82DF}C:\program files\philips\media manager\philips media manager.exe" = protocol=6 | dir=in | app=c:\program files\philips\media manager\philips media manager.exe |
"TCP Query User{8ACB3BEE-DE91-4F68-87D7-8B1A491E91BE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B3913FB6-FF88-4441-9C4B-348BA2EE59D0}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{0BA7469B-1C41-4426-82BD-31947FF8DA80}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{0D929F73-0747-4F37-8F9E-E182EDBCAE22}C:\program files\philips\media manager\philips media manager.exe" = protocol=17 | dir=in | app=c:\program files\philips\media manager\philips media manager.exe |
"UDP Query User{13BAAE86-1167-4DE6-9E68-079D360A079D}C:\program files\philips\media manager\philips media manager.exe" = protocol=17 | dir=in | app=c:\program files\philips\media manager\philips media manager.exe |
"UDP Query User{275B209C-3225-4DEF-B72E-6CD77CF6FA86}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{465E1978-3084-4ACB-B76A-D41D7B056439}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"UDP Query User{53F5A828-BDA9-42B8-BF45-16682D6B73F1}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{98AF972A-80C2-4C4B-8517-2A79FF2B74D2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{00CD9341-46BF-C386-1D4C-4D980B615549}" = Catalyst Control Center Localization Chinese Standard
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06F8CD93-C722-45E9-A9A4-F48F78E39E84}" = hppFaxUtilityCM1410
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0EF0EA0D-F945-4958-85CC-60FF1E86D216}" = HP LaserJet Professional CM1410 Series
"{0F81061C-661C-D357-F79C-31B1D78609F9}" = Catalyst Control Center Localization Spanish
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{170715E4-3235-8999-C05D-54156AC3F163}" = CCC Help German
"{174C89F3-EBA7-17AB-2FCA-82AE6AF7C8C5}" = CCC Help Japanese
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D9C9979-7B3D-0EBA-06B5-1A648DE8ECFC}" = Skins
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21749F4E-02A1-4828-9A1E-BBDF5929C5D0}" = HP LJ CM1410 MFP Series HP Scan
"{229D6185-BD7E-494B-A73B-C5215BE0690E}" = HPLJUT
"{22FE3793-5961-4ADE-AE66-69D9291C22B1}" = HPLaserJetHelp_LearnCenter
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241DBC8D-14E3-4240-8EE5-3AC35086B638}" = AVG 2013
"{250AD9EB-E6A4-FEE1-AAAF-66EB69E96060}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java 6 Update 29
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B64ACEB-703E-6D90-5CBE-140B9A66C85B}" = Catalyst Control Center Localization Portuguese
"{2CADE3B6-6B69-2050-7B7C-2E6BB1183458}" = Catalyst Control Center Localization Thai
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30C042F8-B207-313E-F932-3599ADF24651}" = CCC Help Korean
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{3AE375B7-4C1A-8954-D87B-126990CA06ED}" = Catalyst Control Center Localization Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4006E354-3D24-49BA-A36F-7EB75D50D575}" = hppLaserJetService
"{42DB15D5-DAAD-A187-252F-80B669BFC970}" = CCC Help Turkish
"{44F70E24-C55E-4C6E-29F1-573C03BDFB9D}" = CCC Help Chinese Traditional
"{4517895C-2CCB-9CA7-D24A-E74559551426}" = Catalyst Control Center Localization Chinese Traditional
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49041980-E77D-DCAD-8365-F22688D3A8AE}" = Catalyst Control Center Localization Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.3
"{569F35EF-9A3E-7EA6-3817-01F7A142E608}" = CCC Help Thai
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57E08EAC-F4FA-E453-6516-CA4D8AF4BD6D}" = CCC Help English
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5D9748ED-2EC3-E694-68E7-14AE077AA686}" = Catalyst Control Center Core Implementation
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}" = Motorola Software Update
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EA78F57-89F2-4B2E-8ADB-3FA6865D32EF}" = AVG 2013
"{6FC963A4-D7C2-743E-4634-0BE6893D2D30}" = ccc-utility
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}" = Avery Wizard 4.0
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7484FF63-DFD5-4703-5D5A-7B197CBC6AF7}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79D4609A-AE25-B8CA-9FD2-9DC5A919414E}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F19855D-DB03-2435-858D-8CD809994A3F}" = Catalyst Control Center Localization Korean
"{7FAB3316-11F4-44F3-8483-7278717496EC}" = hppTLBXFXCM1410
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8958DFF1-3103-8A70-9108-40D7D359D8C6}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E3A5EA8-DE6D-9333-0DB4-55FB9B6EED46}" = CCC Help Chinese Standard
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Belkin Bluetooth Software
"{90CA0C98-4E23-8B12-29EC-FCEB49983E7E}" = Catalyst Control Center Localization Japanese
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{9207A8EC-3B2D-4A4A-8BF7-957FC19BB3DE}" = Zebra Setup Utilities
"{92F91A05-8241-4651-B9F4-9D04EE1F2634}" = hppSendFaxCM1410
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95381165-5D16-4CD4-9162-57799A3F3AB5}" = PCLinq2 High-Speed USB Bridge Cable
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{9A57F3E7-F32D-FD92-124C-B9C9D7231C20}" = Catalyst Control Center Graphics Light
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A3752427-9AAA-4B1C-B428-01723E0E9FFA}" = 2x1/4x1 USB Peripheral Switch
"{A3A18593-62BE-4AE1-AF3F-E35179CF042E}" = hpzTLBXFX
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A82D0C46-EBDF-4B27-A731-D06EF2056E81}" = HP FWUpdateEDO3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BB22EB20-70C4-32D9-CAE5-816E24F458CA}" = Catalyst Control Center Graphics Full Existing
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{C3A0F1A3-7AD3-F7E3-D81A-0A5EC68F0397}" = Catalyst Control Center Localization Polish
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CD65BFB7-291F-9D67-760B-4FD16337FCB9}" = CCC Help Italian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFA679D8-5216-4E10-B7D3-BA4033A6991E}" = i80 Setup Utility
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D85A16FA-3408-4EEF-973F-05C1D23901B9}" = hppCM1410LaserJetService
"{DB98F489-0D1B-0244-2B95-24F4C9D6A5BD}" = CCC Help Spanish
"{DC0D3295-0697-808C-4F1F-44E58330C3E8}" = Catalyst Control Center Localization German
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E79066AE-9AF1-9C3C-6F3A-95BC4A3C3E33}" = Catalyst Control Center Graphics Previews Common
"{E87B8271-8225-31ED-95BE-0C7DB1813F7C}" = CCC Help French
"{E87FE5BA-2E1B-A6F2-F40E-9D6865ADF886}" = Catalyst Control Center Localization French
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18E39EE-5306-6765-9EE3-CD3ECFE9678F}" = Catalyst Control Center Graphics Previews Vista
"{F318B83E-27E2-2EFF-12EE-667C02A062D9}" = CCC Help Portuguese
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}" = Marketsplash Shortcuts
"{FCDBE9CF-CFB4-2260-8F84-09B6F7FD9A87}" = Catalyst Control Center Localization Italian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD7B2D9-AC9D-468C-83A2-21017A811623}" = hppFaxDrvCM1410
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem  (05/22/2008 7.00.0.1)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AudibleDownloadManager" = Audible Download Manager
"AVG" = AVG 2013
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem  (05/22/2008 3.8)
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Cucusoft iPhone Ringtone Maker_is1" = Cucusoft iPhone Ringtone Maker 2.4.4
"DivX Setup" = DivX Setup
"D-Link CIF Webcam" = D-Link CIF Webcam
"DPP" = Canon Utilities Digital Photo Professional 3.10
"Duplicate Finder - Free Edition_is1" = Duplicate Finder v4.1.0.4
"EASEUS Todo Backup Home 2.5_is1" = EASEUS Todo Backup Home 2.5
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"FrostWire 5" = FrostWire 5.3.6
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ieSpell" = ieSpell
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Philips Media Manager 3.3.12.0004" = Philips Media Manager 3.3.12.0004
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"Rapport_msi" = Rapport
"Spotify" = Spotify
"Switch" = Switch Sound File Converter
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TRUST 120 SPACEC@M" = TRUST 120 SPACEC@M
"VideoWizard_is1" = VideoWizard
"VLC media player" = VLC media player 1.0.1
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 7.0.0
"Wondershare Video Converter Ultimate_is1" = Wondershare Video Converter Ultimate(Build 5.7.6.7)
"Zebra Font Downloader_is1" = Zebra Font Downloader
"Zebra Setup Utilities" = Zebra Setup Utilities
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"JNLP" = JNLP
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07/10/2011 21:18:10 | Computer Name = Simon-PC | Source = VSS | ID = 8193
Description =
 
Error - 08/10/2011 19:00:05 | Computer Name = Simon-PC | Source = VSS | ID = 8193
Description =
 
Error - 09/10/2011 19:13:04 | Computer Name = Simon-PC | Source = VSS | ID = 8193
Description =
 
Error - 10/10/2011 11:23:25 | Computer Name = Simon-PC | Source = Bonjour Service | ID = 100
Description = 368: ERROR: read_msg errno 10054 (An existing connection was forcibly
 closed by the remote host.)
 
Error - 10/10/2011 11:28:24 | Computer Name = Simon-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 10/10/2011 11:29:28 | Computer Name = Simon-PC | Source = VSS | ID = 8194
Description =
 
Error - 10/10/2011 11:29:28 | Computer Name = Simon-PC | Source = VSS | ID = 8193
Description =
 
Error - 10/10/2011 11:29:58 | Computer Name = Simon-PC | Source = VSS | ID = 8193
Description =
 
Error - 10/10/2011 21:35:16 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 10/10/2011 21:35:16 | Computer Name = Simon-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ OSession Events ]
Error - 02/10/2010 03:26:40 | Computer Name = Simon-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 36892
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14/07/2013 04:07:09 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 14/07/2013 04:07:09 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14/07/2013 04:07:09 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 14/07/2013 04:07:09 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 14/07/2013 04:07:09 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 14/07/2013 04:07:20 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7006
Description =
 
Error - 14/07/2013 04:12:13 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 14/07/2013 04:12:13 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 15/07/2013 04:08:19 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 15/07/2013 04:08:19 | Computer Name = Simon-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

[kevinf80]

Re-Run   by double left click, Vista and Widows 7 users accept UAC alert.

• Under the box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL
  
  

  :OTLIE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebs...or={searchTerms}IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value foundIE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value foundIE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\SearchScopes\{A4AB67D5-E96F-46AF-A2C4-25C52A259158}: "URL" = http://search.condui...9453874324&UM=2IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = http://search.mywebs...or={searchTerms}IE - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\SearchScopes\{FC92F4EE-49C1-4514-A46E-7BB0D5508A30}: "URL" =FF - HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0: C:\Program Files\TradeManager\nptrademanager.dll File not foundFF - HKLM\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0: C:\Program Files\TradeManager\npwangwang.dll File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFile not found (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\D1CU6LNQ.DEFAULT\EXTENSIONS\{77E8143B-6759-416E-B521-82CFED75150B}O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.O3 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.O3 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.O4 - HKLM..\Run: [OCDLMgr]  File not foundO15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: alipay.com ([]http in Trusted sites)O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: alipay.com ([]https in Trusted sites)O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: alisoft.com ([]http in Trusted sites)O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: alisoft.com ([]https in Trusted sites)O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: localhost ([]http in Local intranet)O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: taobao.com ([]http in Trusted sites)O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Domains: taobao.com ([]https in Trusted sites)O15 - HKU\S-1-5-21-1635976761-3228609540-1281885715-1000\..Trusted Ranges: GD ([http] in Local intranet)[2013/07/15 05:53:33 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{63FE499E-DA10-4B31-9AD9-E72BAA9D228E}[2013/07/14 17:53:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FCA609FC-B779-4312-A92C-6A7101671EA7}[2013/07/14 05:52:46 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6BB9E503-17E7-47A7-B2A5-22E21DA416DB}[2013/07/13 17:52:22 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{219FFBB5-AD96-4DEA-A24D-6D44C6D3B13B}[2013/07/13 05:52:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{F1B12BDF-70BD-47E0-B6BA-D6D55DE17279}[2013/07/12 09:18:16 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{D5A8D224-3D98-42A0-B087-077104A39E27}[2013/07/11 21:00:54 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{D9779468-3CB0-4D0B-9A5D-FCDB8CE01066}[2013/07/11 09:00:43 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{638BDECF-1688-402D-9BAA-3CF6354363DD}[2013/07/10 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{0379A124-902A-4132-9437-D9611E07768B}[2013/07/10 09:00:06 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{D6AD4F86-5587-443C-8246-688FF78314FE}[2013/07/09 20:59:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{1EED056E-C3AA-45BC-A0A5-DA9E3380875D}[2013/07/09 08:59:31 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{769A63D1-D16E-4419-925F-87B7709287F6}[2013/07/08 20:59:20 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{39B7E647-A6E0-4F5D-A2C7-2AACCF3CD59E}[2013/07/08 08:58:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{F3575567-AB9F-4B8A-988E-12603A128D69}[2013/07/07 20:58:44 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{F914FD7C-9BB2-4B88-973B-895D0B33A49B}[2013/07/07 07:02:11 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6EBB357F-2BCE-4D99-931A-F149F59EE97E}[2013/07/06 19:02:00 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{AEF78BAB-1A24-4007-9E65-B8A8B08B5EED}[2013/07/06 07:00:19 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{66C14F5C-8F4D-48BF-89A4-1FDF685E412E}[2013/07/05 06:39:22 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{1C4AFDE3-6803-49ED-A156-AFBB2997262A}[2013/07/04 09:54:01 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{45CE9C2D-969C-47B7-B801-87BF9075DF2C}[2013/07/03 21:53:49 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{40BBC42D-04BA-4DBD-B08D-BA9CD077326D}[2013/07/03 09:53:38 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FF8E58E3-40BF-4FBE-8A5C-109E236835AA}[2013/07/02 21:53:26 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{96902462-1054-4804-ADFB-6C5A058E979B}[2013/07/02 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{911A0FBE-F010-4614-9E24-3984541F0C5D}[2013/06/28 20:39:40 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{5972740E-21F0-4C5C-9630-3FD079432F11}[2013/06/28 08:39:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{CA4F9DB7-7098-46FB-AE4A-E7557C0B8765}[2013/06/27 20:38:51 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6F8A8945-93C6-4A44-8BB1-F296880E35F0}[2013/06/27 08:38:27 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{3BEBD0B6-8AC7-41A2-8F4E-215B9F560AF0}[2013/06/26 20:38:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{2DEA446E-8D8C-42AE-B4CC-2EFD2A339438}[2013/06/26 08:38:04 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{0E58A897-51FD-4BC2-99E9-35697E846835}[2013/06/25 20:37:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{7912FD7B-C80B-48A8-8333-FB702EDA3909}[2013/06/25 08:37:29 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{C9AA371E-507F-4BB1-A852-87E3D7CF85B8}[2013/06/24 20:37:18 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{4A3EBFBD-4342-4897-9F65-CBC51D646B6F}[2013/06/24 08:36:53 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{4627CA2E-58EE-4B2A-9253-2DFBAA48DEE7}[2013/06/23 20:36:43 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{9ACD1E28-906A-487D-A6E7-2F29199A464F}[2013/06/23 08:36:19 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{16E6C162-5023-429F-9D5A-38B869E739A4}[2013/06/22 20:36:08 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{87BD429F-1D3D-4C83-8137-C616160CF2C2}[2013/06/22 08:35:44 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{E8266D7F-C476-48A7-B508-4104D8C7E6E6}[2013/06/21 20:35:33 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{4C2F1C8F-8FC9-4CFE-839C-2377436E2F72}[2013/06/21 08:35:08 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{BFDDE1E0-4499-4B40-B5C1-499AB50FAD12}[2013/06/20 20:34:44 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{90B7161E-BB97-49FB-B612-8668305F1879}[2013/06/20 08:34:19 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{C524D2F8-4624-455F-9833-C6837060845B}[2013/06/19 20:34:07 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{6EF7F0A5-43BF-4211-816D-B1B4288DA9A0}[2013/06/19 08:33:56 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{65FA64BE-57C1-4820-A838-924FED77F57B}[2013/06/18 20:33:45 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{687E6F05-025D-4AFB-AEC0-D880EB8CC6F0}[2013/06/18 08:33:21 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FC827B21-8656-47F1-BCA9-0A7E153C075D}[2013/06/17 20:32:57 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{F85F862D-318E-4524-99D7-[2013/06/17 08:32:34 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{02FD3DD7-5055-40E1-A6CA-F3DF168FD741}[2013/06/16 20:32:23 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{AE3EB953-1313-4C72-B32B-B4D22D7D6701}[2013/06/16 08:32:12 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{FE5FDB1C-7746-4AA5-ADC9-861A449A88E6}[2013/06/15 20:32:01 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Local\{E36D2C74-7DBB-4169-AE47-684F80A1E676}:Filesipconfig /flushdns /cC:\ProgramData\HitmanProC:\ProgramData\qmkkpC:\ministub.exe:Commands[emptytemp][CREATERESTOREPOINT]

• Then click button at the top
• Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
• Please post that log in your next reply.
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop.

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Also unless Trusteer is absolutely essential you may want to uninstall that, it is known to slow down your system..

 

Kevin

[Pugwash]

OTL Log  just going to run security checker now

 

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A4AB67D5-E96F-46AF-A2C4-25C52A259158}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4AB67D5-E96F-46AF-A2C4-25C52A259158}\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FC92F4EE-49C1-4514-A46E-7BB0D5508A30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC92F4EE-49C1-4514-A46E-7BB0D5508A30}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OCDLMgr deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com\ not found.
Registry value HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\Users\Simon\AppData\Local\{63FE499E-DA10-4B31-9AD9-E72BAA9D228E} folder moved successfully.
C:\Users\Simon\AppData\Local\{FCA609FC-B779-4312-A92C-6A7101671EA7} folder moved successfully.
C:\Users\Simon\AppData\Local\{6BB9E503-17E7-47A7-B2A5-22E21DA416DB} folder moved successfully.
C:\Users\Simon\AppData\Local\{219FFBB5-AD96-4DEA-A24D-6D44C6D3B13B} folder moved successfully.
C:\Users\Simon\AppData\Local\{F1B12BDF-70BD-47E0-B6BA-D6D55DE17279} folder moved successfully.
C:\Users\Simon\AppData\Local\{D5A8D224-3D98-42A0-B087-077104A39E27} folder moved successfully.
C:\Users\Simon\AppData\Local\{D9779468-3CB0-4D0B-9A5D-FCDB8CE01066} folder moved successfully.
C:\Users\Simon\AppData\Local\{638BDECF-1688-402D-9BAA-3CF6354363DD} folder moved successfully.
C:\Users\Simon\AppData\Local\{0379A124-902A-4132-9437-D9611E07768B} folder moved successfully.
C:\Users\Simon\AppData\Local\{D6AD4F86-5587-443C-8246-688FF78314FE} folder moved successfully.
C:\Users\Simon\AppData\Local\{1EED056E-C3AA-45BC-A0A5-DA9E3380875D} folder moved successfully.
C:\Users\Simon\AppData\Local\{769A63D1-D16E-4419-925F-87B7709287F6} folder moved successfully.
C:\Users\Simon\AppData\Local\{39B7E647-A6E0-4F5D-A2C7-2AACCF3CD59E} folder moved successfully.
C:\Users\Simon\AppData\Local\{F3575567-AB9F-4B8A-988E-12603A128D69} folder moved successfully.
C:\Users\Simon\AppData\Local\{F914FD7C-9BB2-4B88-973B-895D0B33A49B} folder moved successfully.
C:\Users\Simon\AppData\Local\{6EBB357F-2BCE-4D99-931A-F149F59EE97E} folder moved successfully.
C:\Users\Simon\AppData\Local\{AEF78BAB-1A24-4007-9E65-B8A8B08B5EED} folder moved successfully.
C:\Users\Simon\AppData\Local\{66C14F5C-8F4D-48BF-89A4-1FDF685E412E} folder moved successfully.
C:\Users\Simon\AppData\Local\{1C4AFDE3-6803-49ED-A156-AFBB2997262A} folder moved successfully.
C:\Users\Simon\AppData\Local\{45CE9C2D-969C-47B7-B801-87BF9075DF2C} folder moved successfully.
C:\Users\Simon\AppData\Local\{40BBC42D-04BA-4DBD-B08D-BA9CD077326D} folder moved successfully.
C:\Users\Simon\AppData\Local\{FF8E58E3-40BF-4FBE-8A5C-109E236835AA} folder moved successfully.
C:\Users\Simon\AppData\Local\{96902462-1054-4804-ADFB-6C5A058E979B} folder moved successfully.
C:\Users\Simon\AppData\Local\{911A0FBE-F010-4614-9E24-3984541F0C5D} folder moved successfully.
C:\Users\Simon\AppData\Local\{5972740E-21F0-4C5C-9630-3FD079432F11} folder moved successfully.
C:\Users\Simon\AppData\Local\{CA4F9DB7-7098-46FB-AE4A-E7557C0B8765} folder moved successfully.
C:\Users\Simon\AppData\Local\{6F8A8945-93C6-4A44-8BB1-F296880E35F0} folder moved successfully.
C:\Users\Simon\AppData\Local\{3BEBD0B6-8AC7-41A2-8F4E-215B9F560AF0} folder moved successfully.
C:\Users\Simon\AppData\Local\{2DEA446E-8D8C-42AE-B4CC-2EFD2A339438} folder moved successfully.
C:\Users\Simon\AppData\Local\{0E58A897-51FD-4BC2-99E9-35697E846835} folder moved successfully.
C:\Users\Simon\AppData\Local\{7912FD7B-C80B-48A8-8333-FB702EDA3909} folder moved successfully.
C:\Users\Simon\AppData\Local\{C9AA371E-507F-4BB1-A852-87E3D7CF85B8} folder moved successfully.
C:\Users\Simon\AppData\Local\{4A3EBFBD-4342-4897-9F65-CBC51D646B6F} folder moved successfully.
C:\Users\Simon\AppData\Local\{4627CA2E-58EE-4B2A-9253-2DFBAA48DEE7} folder moved successfully.
C:\Users\Simon\AppData\Local\{9ACD1E28-906A-487D-A6E7-2F29199A464F} folder moved successfully.
C:\Users\Simon\AppData\Local\{16E6C162-5023-429F-9D5A-38B869E739A4} folder moved successfully.
C:\Users\Simon\AppData\Local\{87BD429F-1D3D-4C83-8137-C616160CF2C2} folder moved successfully.
C:\Users\Simon\AppData\Local\{E8266D7F-C476-48A7-B508-4104D8C7E6E6} folder moved successfully.
C:\Users\Simon\AppData\Local\{4C2F1C8F-8FC9-4CFE-839C-2377436E2F72} folder moved successfully.
C:\Users\Simon\AppData\Local\{BFDDE1E0-4499-4B40-B5C1-499AB50FAD12} folder moved successfully.
C:\Users\Simon\AppData\Local\{90B7161E-BB97-49FB-B612-8668305F1879} folder moved successfully.
C:\Users\Simon\AppData\Local\{C524D2F8-4624-455F-9833-C6837060845B} folder moved successfully.
C:\Users\Simon\AppData\Local\{6EF7F0A5-43BF-4211-816D-B1B4288DA9A0} folder moved successfully.
C:\Users\Simon\AppData\Local\{65FA64BE-57C1-4820-A838-924FED77F57B} folder moved successfully.
C:\Users\Simon\AppData\Local\{687E6F05-025D-4AFB-AEC0-D880EB8CC6F0} folder moved successfully.
C:\Users\Simon\AppData\Local\{FC827B21-8656-47F1-BCA9-0A7E153C075D} folder moved successfully.
Folder C:\Users\Simon\AppData\Local\{F85F862D-318E-4524-99D7-\ not found.
C:\Users\Simon\AppData\Local\{02FD3DD7-5055-40E1-A6CA-F3DF168FD741} folder moved successfully.
C:\Users\Simon\AppData\Local\{AE3EB953-1313-4C72-B32B-B4D22D7D6701} folder moved successfully.
C:\Users\Simon\AppData\Local\{FE5FDB1C-7746-4AA5-ADC9-861A449A88E6} folder moved successfully.
C:\Users\Simon\AppData\Local\{E36D2C74-7DBB-4169-AE47-684F80A1E676} folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Simon\Desktop\clan up\cmd.bat deleted successfully.
C:\Users\Simon\Desktop\clan up\cmd.txt deleted successfully.
C:\ProgramData\HitmanPro\Quarantine folder moved successfully.
C:\ProgramData\HitmanPro\Logs folder moved successfully.
C:\ProgramData\HitmanPro folder moved successfully.
C:\ProgramData\qmkkp folder moved successfully.
C:\ministub.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default

[kevinf80]

OTL fix log is not complete?

[Pugwash]

Log for Security Check, i will look gain for the OTL Log

 

 

 

 Results of screen317's Security Check version 0.99.69 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG Anti-Virus 2013  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java 6 Update 29 
 Java 6 Update 5 
 Java 6 Update 7 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 10.1.1 Adobe Reader out of Date! 
 Mozilla Firefox 21.0 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 

[Pugwash]

complete OTL log :

 

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A4AB67D5-E96F-46AF-A2C4-25C52A259158}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4AB67D5-E96F-46AF-A2C4-25C52A259158}\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FC92F4EE-49C1-4514-A46E-7BB0D5508A30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FC92F4EE-49C1-4514-A46E-7BB0D5508A30}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alibaba.com/npwangwang;version=1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\OCDLMgr deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alipay.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alisoft.com\ not found.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\taobao.com\ not found.
Registry value HKEY_USERS\S-1-5-21-1635976761-3228609540-1281885715-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
C:\Users\Simon\AppData\Local\{63FE499E-DA10-4B31-9AD9-E72BAA9D228E} folder moved successfully.
C:\Users\Simon\AppData\Local\{FCA609FC-B779-4312-A92C-6A7101671EA7} folder moved successfully.
C:\Users\Simon\AppData\Local\{6BB9E503-17E7-47A7-B2A5-22E21DA416DB} folder moved successfully.
C:\Users\Simon\AppData\Local\{219FFBB5-AD96-4DEA-A24D-6D44C6D3B13B} folder moved successfully.
C:\Users\Simon\AppData\Local\{F1B12BDF-70BD-47E0-B6BA-D6D55DE17279} folder moved successfully.
C:\Users\Simon\AppData\Local\{D5A8D224-3D98-42A0-B087-077104A39E27} folder moved successfully.
C:\Users\Simon\AppData\Local\{D9779468-3CB0-4D0B-9A5D-FCDB8CE01066} folder moved successfully.
C:\Users\Simon\AppData\Local\{638BDECF-1688-402D-9BAA-3CF6354363DD} folder moved successfully.
C:\Users\Simon\AppData\Local\{0379A124-902A-4132-9437-D9611E07768B} folder moved successfully.
C:\Users\Simon\AppData\Local\{D6AD4F86-5587-443C-8246-688FF78314FE} folder moved successfully.
C:\Users\Simon\AppData\Local\{1EED056E-C3AA-45BC-A0A5-DA9E3380875D} folder moved successfully.
C:\Users\Simon\AppData\Local\{769A63D1-D16E-4419-925F-87B7709287F6} folder moved successfully.
C:\Users\Simon\AppData\Local\{39B7E647-A6E0-4F5D-A2C7-2AACCF3CD59E} folder moved successfully.
C:\Users\Simon\AppData\Local\{F3575567-AB9F-4B8A-988E-12603A128D69} folder moved successfully.
C:\Users\Simon\AppData\Local\{F914FD7C-9BB2-4B88-973B-895D0B33A49B} folder moved successfully.
C:\Users\Simon\AppData\Local\{6EBB357F-2BCE-4D99-931A-F149F59EE97E} folder moved successfully.
C:\Users\Simon\AppData\Local\{AEF78BAB-1A24-4007-9E65-B8A8B08B5EED} folder moved successfully.
C:\Users\Simon\AppData\Local\{66C14F5C-8F4D-48BF-89A4-1FDF685E412E} folder moved successfully.
C:\Users\Simon\AppData\Local\{1C4AFDE3-6803-49ED-A156-AFBB2997262A} folder moved successfully.
C:\Users\Simon\AppData\Local\{45CE9C2D-969C-47B7-B801-87BF9075DF2C} folder moved successfully.
C:\Users\Simon\AppData\Local\{40BBC42D-04BA-4DBD-B08D-BA9CD077326D} folder moved successfully.
C:\Users\Simon\AppData\Local\{FF8E58E3-40BF-4FBE-8A5C-109E236835AA} folder moved successfully.
C:\Users\Simon\AppData\Local\{96902462-1054-4804-ADFB-6C5A058E979B} folder moved successfully.
C:\Users\Simon\AppData\Local\{911A0FBE-F010-4614-9E24-3984541F0C5D} folder moved successfully.
C:\Users\Simon\AppData\Local\{5972740E-21F0-4C5C-9630-3FD079432F11} folder moved successfully.
C:\Users\Simon\AppData\Local\{CA4F9DB7-7098-46FB-AE4A-E7557C0B8765} folder moved successfully.
C:\Users\Simon\AppData\Local\{6F8A8945-93C6-4A44-8BB1-F296880E35F0} folder moved successfully.
C:\Users\Simon\AppData\Local\{3BEBD0B6-8AC7-41A2-8F4E-215B9F560AF0} folder moved successfully.
C:\Users\Simon\AppData\Local\{2DEA446E-8D8C-42AE-B4CC-2EFD2A339438} folder moved successfully.
C:\Users\Simon\AppData\Local\{0E58A897-51FD-4BC2-99E9-35697E846835} folder moved successfully.
C:\Users\Simon\AppData\Local\{7912FD7B-C80B-48A8-8333-FB702EDA3909} folder moved successfully.
C:\Users\Simon\AppData\Local\{C9AA371E-507F-4BB1-A852-87E3D7CF85B8} folder moved successfully.
C:\Users\Simon\AppData\Local\{4A3EBFBD-4342-4897-9F65-CBC51D646B6F} folder moved successfully.
C:\Users\Simon\AppData\Local\{4627CA2E-58EE-4B2A-9253-2DFBAA48DEE7} folder moved successfully.
C:\Users\Simon\AppData\Local\{9ACD1E28-906A-487D-A6E7-2F29199A464F} folder moved successfully.
C:\Users\Simon\AppData\Local\{16E6C162-5023-429F-9D5A-38B869E739A4} folder moved successfully.
C:\Users\Simon\AppData\Local\{87BD429F-1D3D-4C83-8137-C616160CF2C2} folder moved successfully.
C:\Users\Simon\AppData\Local\{E8266D7F-C476-48A7-B508-4104D8C7E6E6} folder moved successfully.
C:\Users\Simon\AppData\Local\{4C2F1C8F-8FC9-4CFE-839C-2377436E2F72} folder moved successfully.
C:\Users\Simon\AppData\Local\{BFDDE1E0-4499-4B40-B5C1-499AB50FAD12} folder moved successfully.
C:\Users\Simon\AppData\Local\{90B7161E-BB97-49FB-B612-8668305F1879} folder moved successfully.
C:\Users\Simon\AppData\Local\{C524D2F8-4624-455F-9833-C6837060845B} folder moved successfully.
C:\Users\Simon\AppData\Local\{6EF7F0A5-43BF-4211-816D-B1B4288DA9A0} folder moved successfully.
C:\Users\Simon\AppData\Local\{65FA64BE-57C1-4820-A838-924FED77F57B} folder moved successfully.
C:\Users\Simon\AppData\Local\{687E6F05-025D-4AFB-AEC0-D880EB8CC6F0} folder moved successfully.
C:\Users\Simon\AppData\Local\{FC827B21-8656-47F1-BCA9-0A7E153C075D} folder moved successfully.
Folder C:\Users\Simon\AppData\Local\{F85F862D-318E-4524-99D7-\ not found.
C:\Users\Simon\AppData\Local\{02FD3DD7-5055-40E1-A6CA-F3DF168FD741} folder moved successfully.
C:\Users\Simon\AppData\Local\{AE3EB953-1313-4C72-B32B-B4D22D7D6701} folder moved successfully.
C:\Users\Simon\AppData\Local\{FE5FDB1C-7746-4AA5-ADC9-861A449A88E6} folder moved successfully.
C:\Users\Simon\AppData\Local\{E36D2C74-7DBB-4169-AE47-684F80A1E676} folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Simon\Desktop\clan up\cmd.bat deleted successfully.
C:\Users\Simon\Desktop\clan up\cmd.txt deleted successfully.
C:\ProgramData\HitmanPro\Quarantine folder moved successfully.
C:\ProgramData\HitmanPro\Logs folder moved successfully.
C:\ProgramData\HitmanPro folder moved successfully.
C:\ProgramData\qmkkp folder moved successfully.
C:\ministub.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Simon
->Temp folder emptied: 2037028315 bytes
->Java cache emptied: 26160185 bytes
->FireFox cache emptied: 81663587 bytes
->Flash cache emptied: 141723 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 458931378 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3242799091 bytes
 
Total Files Cleaned = 5,576.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 07152013_102836

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[kevinf80]

Thanks, looks better. Do the following:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to http://java.com/en/ and click on "Do I have Java"
It will check your current version and then offer to update to the latest version.
Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them.

These show in your logs, if still present remove them:

Java™ 6 Update 29
 Java™ 6 Update 5
 Java™ 6 Update 7

Next,

Adobe Reader is outdated...
Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

Step 1 - Select your Operating System.
Step 2 - Select your Langauge.
Step 3 - Select latest version.

Untick the option for McAfee security scanner if offered.

Download and install.

Having the latest updates ensures there are no security vulnerabilities in your system.

Next,

Go here www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.
There maybe an offer of Google Chrome etc, untick those options if offered...

Let me know how your system now responds, also if any remaining issues or concerns..

Kevin..

[Pugwash]

All done

 

Seem to be much better Thanks Kevin

 

can we keep the thread open for another 24 hrs just incase ?

[kevinf80]

Yes of course good idea to wait awhile to see if all is ok for you. We still need to do an online AV scan to ensure we`ve missed nothing sinister:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report here

 

ESET scan is very thorough so may take a few hours to complete..

 

Kevin...

[Pugwash]

looks like quitre few found:

 

:\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
C:\Program Files\Mozilla Firefox\nsprotector.js Win32/Conduit.SearchProtect.A application
C:\Program Files\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application
C:\Program Files\Mozilla Firefox\updated\nsprotector.js Win32/Conduit.SearchProtect.A application
C:\Program Files\Mozilla Firefox\updated\browser\nsprotector.js Win32/Conduit.SearchProtect.A application
C:\Users\Simon\.frostwire5\updates\frostwire-5.6.1.windows.exe multiple threats
C:\Users\Simon\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe multiple threats
C:\Users\Simon\Downloads\cnet_dfsetup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Simon\Downloads\videowizardtrialsetup.exe multiple threats
F:\weely back up\C\Users\Simon\.frostwire5\updates\frostwire-5.5.5.windows.exe multiple threats
F:\weely back up\C\Users\Simon\AppData\Local\Temp\AskInstallChecker.exe a variant of Win32/Bundled.Toolbar.Ask application
F:\weely back up\C\Users\Simon\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
F:\weely back up\C\Users\Simon\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask application
F:\weely back up\C\Users\Simon\AppData\Local\Temp\wajam_install.exe Win32/Wajam.A application
F:\weely back up\C\Users\Simon\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application
F:\weely back up\C\Users\Simon\AppData\Local\Temp\ICReinstall\cnet2_DivXInstaller_exe.exe a variant of Win32/InstallCore.D application
F:\weely back up\C\Users\Simon\AppData\Local\Temp\ICReinstall\cnet_dfsetup_exe.exe a variant of Win32/InstallCore.D application
F:\weely back up\C\Users\Simon\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe multiple threats
F:\weely back up\C\Users\Simon\AppData\Local\Temp\is754907076\FreeTwitTubeSetup-Silent-B2.exe multiple threats
F:\weely back up\C\Users\Simon\AppData\Local\Temp\is754907076\MyBabylonTB.exe Win32/Toolbar.Babylon application
F:\weely back up\C\Users\Simon\AppData\Local\Temp\is754907076\wajam_download.exe Win32/Wajam.C application
F:\weely back up\C\Users\Simon\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application
F:\weely back up\C\Users\Simon\AppData\LocalLow\AskToolbar\setup.exe a variant of Win32/Bundled.Toolbar.Ask application
F:\weely back up\C\Users\Simon\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe multiple threats
F:\weely back up\C\Users\Simon\Downloads\cnet_dfsetup_exe.exe a variant of Win32/InstallCore.D application
F:\weely back up\C\Users\Simon\Downloads\mozilla-firefox.exe a variant of Win32/InstallCore.X application
F:\weely back up\C\Users\Simon\Downloads\videowizardtrialsetup.exe multiple threats
F:\Weekley incrimetal\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal0\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal1\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal1\C\Users\Simon\.frostwire5\updates\frostwire-5.5.5.windows.exe multiple threats
F:\Weekley incrimetal2\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal3\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal3\C\Users\Simon\.frostwire5\updates\frostwire-5.5.6.windows.exe multiple threats
F:\Weekley incrimetal4\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal5\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal6\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal7\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal8\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal9\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal9\C\Users\Simon\AppData\Roaming\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application
F:\Weekley incrimetal9\C\Users\Simon\AppData\Roaming\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application
F:\Weekley incrimetal9\C\Users\Simon\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application
F:\Weekley incrimetal9\C\Users\Simon\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application
F:\Weekley incrimetal9\C\Users\Simon\AppData\Roaming\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application
F:\Weekley incrimetal9\C\Users\Simon\AppData\Roaming\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application
F:\Weekley incrimetal9\C\Users\Simon\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application
F:\Weekley incrimetal10\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal10\C\Users\Simon\.frostwire5\updates\frostwire-5.6.1.windows.exe multiple threats
F:\Weekley incrimetal11\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\AskInstallChecker.exe a variant of Win32/Bundled.Toolbar.Ask application
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\setup.exe a variant of Win32/Bundled.Toolbar.Ask application
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\wajam_install.exe Win32/Wajam.A application
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\ICReinstall\cnet2_DivXInstaller_exe.exe a variant of Win32/InstallCore.D application
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\ICReinstall\cnet_dfsetup_exe.exe a variant of Win32/InstallCore.D application
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\is754907076\FreeTwitTubeSetup-Silent-B2.exe multiple threats
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\is754907076\MyBabylonTB.exe Win32/Toolbar.Babylon application
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\is754907076\wajam_download.exe Win32/Wajam.C application
F:\Weekley incrimetal11\C\Users\Simon\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application
F:\Weekley incrimetal12\C\Program Files\FrostWire 5\frostwire-installer.exe multiple threats
 

[kevinf80]

Yep quite a bit of dross, ok run the following:

 

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....

• Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :FilesC:\Program Files\FrostWire 5\frostwire-installer.exeC:\Program Files\Mozilla Firefox\nsprotector.jsC:\Program Files\Mozilla Firefox\browser\nsprotector.jsC:\Program Files\Mozilla Firefox\updated\nsprotector.jsC:\Program Files\Mozilla Firefox\updated\browser\nsprotector.jsC:\Users\Simon\.frostwire5\updates\frostwire-5.6.1.windows.exeC:\Users\Simon\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exeC:\Users\Simon\Downloads\cnet_dfsetup_exe.exeC:\Users\Simon\Downloads\videowizardtrialsetup.exe:Commands[EmptyTemp]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM
  

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

You`ll note I have not included any of the backups from F:\ drive, when you are satisfied your system is ok I recommend you DELETE all data on F:|\ and create a fresh back up...

 

Post OTM log, also let me know if there are any remaining issues or concerns....

 

Kevin..

[Pugwash]

Hi Kevin

 

tried to run OTM.exe and my AVG anti virus advised that it was infected with IDP.Trojan.5BD43515.  should i let this progran run ?

[kevinf80]

Yes let it run, if AVG still complain either accept the alert or turn AVG off altogether, OTM is very safe...

[Pugwash]

All processes killed
========== FILES ==========
C:\Program Files\FrostWire 5\frostwire-installer.exe moved successfully.
C:\Program Files\Mozilla Firefox\nsprotector.js moved successfully.
C:\Program Files\Mozilla Firefox\browser\nsprotector.js moved successfully.
C:\Program Files\Mozilla Firefox\updated\nsprotector.js moved successfully.
C:\Program Files\Mozilla Firefox\updated\browser\nsprotector.js moved successfully.
C:\Users\Simon\.frostwire5\updates\frostwire-5.6.1.windows.exe moved successfully.
C:\Users\Simon\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.3.6.windows.exe moved successfully.
C:\Users\Simon\Downloads\cnet_dfsetup_exe.exe moved successfully.
C:\Users\Simon\Downloads\videowizardtrialsetup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Simon
->Temp folder emptied: 2583312 bytes
->Java cache emptied: 37877 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1107 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 740 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13114654 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 25734087 bytes
RecycleBin emptied: 1149285 bytes
 
Total Files Cleaned = 41.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 07152013_215231

Files moved on Reboot...

Registry entries deleted on Reboot...

[kevinf80]

What is system status now, any issues or concerns?

[Pugwash]

no seem stable thanks

[kevinf80]

Delete the following from the Desktop if present:

 

DDS plus logs

Security Checks plus logs

RKill plus logs

 

Next,

 

Uninstall adwcleaner.exe

•   Please close all open programs and internet browsers.
  
•   Double click on adwcleaner.exe to run the tool.
  
•   Click on Uninstall
  
• Click Yes at Would you like to Uninstall Adwcleaner
  

 

Next,

 

Remove ESET Online Scanner (Only if installed)

 

• 
  

Click Start, type programs and features in the Search box, and then press ENTER.
Click to select the product to be uninstalled from the listing of installed products(ESET Online Scanner), and then click Uninstall/Change from the bar that displays the available tasks to remove ESET.

Only re-boot if prompted

 

Next,

 

• Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
  
• Double click icon to start the program.
  If you are using Vista or Windows 7 accept UAC
  
• Then Click the big button.
  
• You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  
• Restart your computer when prompted.
  
• This will remove tools we have used and itself.
  

 

Any tools/logs remaining on the Desktop can be deleted.

 

Next,

 

Flush System Restore-Vista

 

1. Click Start

2. Right click Computer > Properties > Choose Advanced System Settings option in left menu listing.

3. If UAC enabled you will get a UAC prompt at this click Continue

4. Click System Protection tab

5. Then Untick any Drive Listed ( see pic below ) and in the popup window click Turn Off System Restore

6. Click Apply > OK

 

 

Turn ON System Restore-Vista

 

 1. Click the Vista/Start icon

 2.  Right Click >> Computer

 3.  Click Properties.

 4.  Click the System Protection tab.

 5.  Checkmark All drives that were selected previously then click Apply.

 6.  Use the create button to create a new Restore Point, follow the prompts to complete...

 

Let me know if those steps complete OK...

 

Kevin

[Pugwash]

Hi Kevin

 

yes all completed OK. Thanks

[kevinf80]

If all is ok with no issues here are some tips to reduce the potential for malware infection in the future:

 

Make proper use of your antivirus and firewall

 

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

 

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

 

Install and use WinPatrol from here http://www.winpatrol.com/download.html  This will inform you of any attempted unauthorized changes to your system.

 

WinPatrol features explained here http://www.winpatrol.com/features.html

 

Go here http://www.filehippo.com/updatechecker/ run the FileHippo Update Checker, update all applications as suggested by the Update Checker. Ignore any Beta updates. (Use stand alone version, not a full install)

If Java or Adobe are updated please check under Start > Control Panel > Add/Remove Programs, ensure any old versions are removed. <--- Very important

 

Use a safer web browser

 

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

 

FireFox http://www.mozilla.com/en-US/,

 

Opera http://www.opera.com/, and

 

Chrome http://www.google.com/chrome.

 

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial here http://www.bleepingcomputer.com/tutorials/tutorial102.html which will help you to make IE MUCH safer.

 

These browser add-ons will help to make your browser safer:

 

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

 

Available for Firefox and Internet Explorer.

 

Green to go,

Yellow for caution, and

Red to stop.

 

 

Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

 

These are just a couple of the most popular add-ons, if you're interested in more, take a look at this article:

http://browsers.about.com/od/addonsplugi2/tp/browser_security_privacy.htm

 

Here a couple of links by two security experts that will give some excellent tips and advice.

 

So how did I get infected in the first place by Tony Klein from here: http://www.spywareinfoforum.com/index.php?/topic/60955-so-how-did-i-get-infected-in-the-first-place/

 

How to prevent Malware by Miekiemoes from here: http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

 

Finally this link http://www.geekstogo.com/forum/topic/38-free-antivirus-and-antispyware-software will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

 

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

 

Let me know when its OK to close out your thread....

 

Take care,

 

Kevin

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!