Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need a little help [Solved]


  • This topic is locked This topic is locked

#1
andydf

andydf

    Visiting Staff

  • Visiting Consultant
  • 1,660 posts
Hi,
Been a while since I was a helper here and pretty much forgot most of it :blush:

I've managed to pick up a browser hijacker called searchgol and can't seem to get rid of it. Any chance of a bit of help :)

Posted my OTL log below as required.

OTL logfile created on: 10/10/2013 8:20:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.90 Gb Total Physical Memory | 3.54 Gb Available Physical Memory | 60.01% Memory free
11.79 Gb Paging File | 9.15 Gb Available in Paging File | 77.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 290.34 Gb Free Space | 65.08% Space Free | Partition Type: NTFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/10 20:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Downloads\OTL.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/09/06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/04/22 17:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/22 04:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/12/21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/10/29 22:20:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/10/01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 20:02:19 | 000,557,056 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\pysqlite2._sqlite.pyd
MOD - [2013/10/10 20:02:19 | 000,320,512 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32com.shell.shell.pyd
MOD - [2013/10/10 20:02:19 | 000,128,512 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\_elementtree.pyd
MOD - [2013/10/10 20:02:19 | 000,098,816 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32api.pyd
MOD - [2013/10/10 20:02:19 | 000,070,656 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\wx._html2.pyd
MOD - [2013/10/10 20:02:19 | 000,044,032 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\_socket.pyd
MOD - [2013/10/10 20:02:19 | 000,026,624 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\_multiprocessing.pyd
MOD - [2013/10/10 20:02:19 | 000,022,528 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32ts.pyd
MOD - [2013/10/10 20:02:19 | 000,011,264 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32crypt.pyd
MOD - [2013/10/10 20:02:18 | 000,805,888 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\wx._gdi_.pyd
MOD - [2013/10/10 20:02:18 | 000,504,832 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\windows._cacheinvalidation.pyd
MOD - [2013/10/10 20:02:13 | 001,175,040 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\wx._core_.pyd
MOD - [2013/10/10 20:02:13 | 001,153,024 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\_ssl.pyd
MOD - [2013/10/10 20:02:13 | 000,811,008 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\wx._windows_.pyd
MOD - [2013/10/10 20:02:13 | 000,735,232 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\wx._misc_.pyd
MOD - [2013/10/10 20:02:13 | 000,711,680 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\_hashlib.pyd
MOD - [2013/10/10 20:02:13 | 000,364,544 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\pythoncom27.dll
MOD - [2013/10/10 20:02:13 | 000,122,368 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\wx._wizard.pyd
MOD - [2013/10/10 20:02:13 | 000,119,808 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32file.pyd
MOD - [2013/10/10 20:02:13 | 000,110,080 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\PyWinTypes27.dll
MOD - [2013/10/10 20:02:13 | 000,108,544 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32security.pyd
MOD - [2013/10/10 20:02:13 | 000,087,040 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\_ctypes.pyd
MOD - [2013/10/10 20:02:13 | 000,035,840 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32process.pyd
MOD - [2013/10/10 20:02:13 | 000,025,600 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32pdh.pyd
MOD - [2013/10/10 20:02:13 | 000,017,408 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32profile.pyd
MOD - [2013/10/10 20:02:12 | 001,062,400 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\wx._controls_.pyd
MOD - [2013/10/10 20:02:12 | 000,686,080 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\unicodedata.pyd
MOD - [2013/10/10 20:02:12 | 000,127,488 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\pyexpat.pyd
MOD - [2013/10/10 20:02:12 | 000,038,912 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32inet.pyd
MOD - [2013/10/10 20:02:12 | 000,018,432 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\win32event.pyd
MOD - [2013/10/10 20:02:12 | 000,010,240 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI46202\select.pyd
MOD - [2013/10/03 07:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 07:03:04 | 013,611,984 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
MOD - [2013/10/03 07:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 07:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 07:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 07:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/15 21:08:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 21:08:15 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 21:08:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/21 23:48:15 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/07/11 07:57:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 07:56:28 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/04/15 23:56:17 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2013/04/15 23:56:16 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2013/04/15 23:56:15 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2012/12/12 06:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/04/22 17:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/12/17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/21 04:25:01 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/12/17 21:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 21:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/29 22:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/10/08 21:20:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/10 21:06:17 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/04/22 17:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/22 04:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/29 20:20:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/08/26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/26 00:54:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/26 00:54:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/17 16:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/05/17 16:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/05/17 16:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/04/22 17:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 10:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/17 02:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/22 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/17 18:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/15 18:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 15:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/11/29 22:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 17:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/20 20:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/13 03:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/03/19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/04 02:35:14 | 000,020,992 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del...c=uk&l=en&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B7A296BE-D2A3-4B13-B820-B78A60201068}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)


[2013/09/07 20:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.searchgol...125035&tsp=5030
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Bejeweled = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Google Drive = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: LastPass = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.5_0\
CHR - Extension: Cargo Bridge = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/09 21:41:53 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B9D715-F58B-415D-8D05-47E20150465F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCC95268-E39D-4210-86E4-0157F547C353}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b119467-040f-11e2-8d3b-848f69b51b2b}\Shell - "" = AutoRun
O33 - MountPoints2\{4b119467-040f-11e2-8d3b-848f69b51b2b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/09 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2013/10/09 21:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/09 21:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/09 21:53:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/09 21:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/09 21:53:11 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Programs
[2013/09/20 19:50:56 | 000,000,000 | R--D | C] -- C:\Users\Andy\Google Drive
[2013/09/20 19:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/09/12 20:45:27 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\QuickScan
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/10 20:20:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/10 20:08:49 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 20:08:49 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/10 20:06:16 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/10 20:06:16 | 000,665,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/10 20:06:16 | 000,125,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/10 20:02:12 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/10 20:00:58 | 000,376,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 20:00:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/10 20:00:42 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/10 19:49:44 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125032965-450748112-269888994-1002UA.job
[2013/10/10 19:49:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125032965-450748112-269888994-1002Core.job
[2013/10/10 19:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/10 19:42:22 | 000,765,700 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 21:53:38 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/09 21:22:36 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[2013/10/09 19:52:10 | 000,002,358 | ---- | M] () -- C:\Users\Andy\Desktop\Google Chrome.lnk
[2013/09/20 19:50:56 | 000,001,703 | ---- | M] () -- C:\Users\Andy\Desktop\Google Drive.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/09 21:53:38 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/20 19:50:56 | 000,001,703 | ---- | C] () -- C:\Users\Andy\Desktop\Google Drive.lnk
[2012/11/17 16:11:44 | 000,005,120 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 14:12:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/11/26 00:44:34 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/26 00:43:50 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/11/26 00:43:47 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/11/26 00:43:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/01/23 20:04:30 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Amazon
[2013/04/17 20:20:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\avidemux
[2011/12/18 16:56:11 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Bioshock
[2011/12/27 11:56:01 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\EAC
[2013/07/12 23:06:45 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ID3 renamer
[2011/12/17 19:01:47 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PCDr
[2013/09/12 20:45:29 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\QuickScan
[2013/04/16 21:31:51 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Serif
[2013/10/08 22:21:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\SoftGrid Client
[2012/05/19 16:51:22 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TP
[2013/03/17 19:26:18 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\wargaming.net

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Could you post the Extras log from OTL please, it should be located in your downloads folder. Also in the meantime carry out the below for me as follows...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
Posted Image

  • Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-
Posted Image

  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here.
  • 0

#3
andydf

andydf

    Visiting Staff

  • Topic Starter
  • Visiting Consultant
  • 1,660 posts
Thanks for the reply :)

Registry backed up and extras log below as required.

OTL Extras logfile created on: 10/10/2013 8:20:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.90 Gb Total Physical Memory | 3.54 Gb Available Physical Memory | 60.01% Memory free
11.79 Gb Paging File | 9.15 Gb Available in Paging File | 77.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 290.34 Gb Free Space | 65.08% Space Free | Partition Type: NTFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0151C5D7-7550-4450-BF6A-60A2D4A1FF0D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1C4DE856-BE51-4751-88F7-90C27376FCFD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20477B32-7B59-409E-B668-DC2E2A64CCA2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2BB8532E-0959-4F42-86C4-E1E4EBCCB9FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{366BCBCD-B61D-4E50-ABA5-F82758518D1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A2F36EE-C2F2-4765-88B8-79C19EF434B8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5C9FA86F-7156-422E-8467-5EF2660CF24E}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{771C12EE-0E01-4C9C-AD2B-981E247DFD3C}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A70AB90-F924-40B3-9FDC-36076CAE6C82}" = rport=139 | protocol=6 | dir=out | app=system |
"{842A659E-C682-4321-B9F4-D3C2C41B2AA0}" = lport=137 | protocol=17 | dir=in | app=system |
"{8BC389B1-99F1-4973-8DBB-223A0BD071EF}" = rport=137 | protocol=17 | dir=out | app=system |
"{962BF5CF-C4D4-4B41-91CA-7A0DAAD77DA6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9D76A045-7FDB-49E4-9DE1-BFDB341A9122}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A3E459E9-A518-4FE9-9489-E0D247704097}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AC3A53A5-EF7F-419F-8800-FCC4B75BFE8A}" = lport=138 | protocol=17 | dir=in | app=system |
"{C961E0B1-FF60-453D-B842-99C069011320}" = rport=138 | protocol=17 | dir=out | app=system |
"{E410A444-2E83-4110-AE4C-F9284C7AD4B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E51C2B55-8D8A-4A40-8C9E-20A954BED469}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E591E2D2-C98E-4F4B-BAF2-D11D6C078F30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FE29EEF1-F9BD-4592-BA45-632E11FB8A10}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{FEA9F1A5-690D-4782-8767-54ADE8A41B9E}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B335BAB-0038-4EAA-A8E1-D7F8F0495EC1}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{0CB92217-C8AF-4A60-810F-668BB982E91A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{0F1644FF-01E8-42C0-A78D-D1CA9BECA7FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{1E5BD073-F9E6-4BA0-8342-3479675B2AB6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F7BF7D8-BB54-45E4-9F42-198C00733B40}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{22733CE4-B90D-4E4C-8A5D-8842256964AE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{23297F75-6105-4B7D-AA36-45B539119D68}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25345D50-AA36-4D9A-94A4-5D0C764FF3EC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{2E6A57AD-00B8-490C-BE44-C51444F5DB6B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3590173F-8869-40FD-B337-87D1DA5B2F0E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{380B8F1D-995D-463B-A5E9-C62E98696031}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{39A5DD7B-B174-4D2D-A9DA-47C06F3651B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{49931473-0E1E-4816-A972-051D581878E5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4A525D48-CF7B-41F7-B61D-7C2ED202BB60}" = protocol=6 | dir=out | app=system |
"{4C261B63-7E16-434F-92BA-1D83E7EB6D00}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{4C56A7F7-7012-4296-BD9F-DA9B9C58DB4E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{4D9562ED-A8BA-4A54-8607-E03E563E6239}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{585C5B77-983E-46C2-B377-E71FC84BBABB}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{6259CFEC-D4FF-44DB-AE5B-31F7DCB6A6FC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6721F8AE-7658-4A9E-BD00-4D2BAA943C50}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{6E230553-CE76-435A-A6B6-343B0DDB3FDB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6EB73B55-FA87-4EBC-A4A2-2EA924748EB7}" = protocol=58 | dir=in | [email protected],-28545 |
"{7A013CB0-9978-4DAE-84BB-0A6670313C9F}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{7C540F57-522F-48A3-8F87-2E6EB7BEEF61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8017034E-50AF-45C7-99E5-5BAC166B72B7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{8D1833AF-EB66-401C-B6A9-64E542AA9D1A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{919C9971-4C4F-434B-A598-4B3A1E9ABA52}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{92F5E76B-5548-4B00-84C2-92596AA96074}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{A7D11CD7-BF00-4044-989B-79DA638B1015}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{AD5DBC57-3929-4DF3-8C48-2CB085C4F77E}" = protocol=1 | dir=in | [email protected],-28543 |
"{AE118694-CE70-4BBA-9F8E-23FCE58C06B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B71FF450-4224-4EA7-8A44-08AA0D8828D7}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{BA3331A7-A913-4404-B644-87813C13493C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC799202-32AE-423E-98C5-62978E224FF3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{BFA13ECB-C96D-41C5-A6FA-5899C9855B9F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C111F295-3731-42B8-AACA-39CA561ACBB1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C22F7F55-0F82-491B-9DD0-81AF78552C88}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C2CD3017-6DDD-4AC7-B887-E9CD0A0A4F0E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{C5BA65C2-D1B6-41C8-B718-743B564F8D4A}" = protocol=1 | dir=out | [email protected],-28544 |
"{C7D49CD2-1E5E-49C3-BA77-592136297996}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{CA1D51DB-95A2-44BD-80CF-4D3BD74FA18C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{D4B405E8-DEE1-4392-BBE3-8B01BCEC76EF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{D5AFA4DD-A287-41C6-B9F0-AEA53D93A9A8}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{DCBFF8EF-55F3-4A85-819B-66F90866FC6B}" = protocol=58 | dir=out | [email protected],-28546 |
"{E11D7F86-5392-4A8D-B15A-4EDBC8B1C134}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBD4A329-719C-476C-9847-4F3A8FC0BB5E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{F1FBAE3A-47BC-4D51-BBB9-304495235224}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{F4162E63-1827-453F-9489-14D6DE98BD92}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{F5C3907E-F4EB-480E-97F5-35902C11C10F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{FE306DA5-CF06-4F07-A4B1-C11A437B35EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{101CDAFB-D5F1-4844-938B-AA9A8C3FE37C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{5275F71B-58CA-493D-89F2-14735CBB91EA}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"TCP Query User{573DCF89-2ACE-4B7D-9C57-768A8FA74525}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{9C0EA752-2B03-44D3-A208-D606CAB016F7}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{B052C959-BC22-4830-96F2-5ACD68822964}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{B909F0A2-98F0-4220-A69F-CC4CB5BE9A89}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{F42E013B-EE0F-4002-936C-43F804D6D538}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{F7DBABF0-D1BA-4507-9F76-4CDB2E6CC269}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{50B17F3B-5579-4F01-8901-5F92824D6162}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{5957EC47-9C7A-4472-B267-0AEB828F74DF}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{80458F73-3881-4E7C-9E30-8E6B06617BAC}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"UDP Query User{8E98E13E-3921-423E-A81C-C9F0EA4A4DEA}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{96BD1F3D-6C27-4F67-AA72-1AE5AEC8D03C}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{9BEDE74A-00CA-45F7-902F-F20B3A3B71D4}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{A246F7D0-F232-43FC-BBC5-5B5BBD7676D7}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{DE347608-9DC4-468C-BD59-D93188D0BC5E}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{27726449-83B8-428D-92DE-101346C1E15C}" = Microsoft Security Client
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 268.30
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.30
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = My Dell
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel® WiDi
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813}_is1" = World of Warplanes
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DF61899-B4D4-4CD5-9F3D-78ADBBF7DC2A}" = Serif PhotoPlus Starter Edition 3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64AEB598-E518-4AD0-B02B-99F365B8054C}" = Serif PanoramaPlus Starter Edition
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.174
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.8) MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Dell Webcam Central" = Dell Webcam Central
"Diablo III" = Diablo III
"FastStone Image Viewer" = FastStone Image Viewer 4.8
"FastStone Photo Resizer" = FastStone Photo Resizer 3.1
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"SolveigMM AVI Trimmer 2.0.1210.11" = SolveigMM AVI Trimmer
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 7670" = BioShock
"VLC media player" = VLC media player 2.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2013 6:56:35 AM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/28/2013 2:09:48 PM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/29/2013 3:14:47 PM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/30/2013 2:35:23 PM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2013 4:33:33 PM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/1/2013 5:54:15 AM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/3/2013 3:31:00 PM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/4/2013 1:50:29 PM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/5/2013 2:38:02 PM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/6/2013 2:33:08 PM | Computer Name = Andy-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10/6/2013 3:28:09 AM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7000
Description = The Update WebConnect service failed to start due to the following
error: %%2

Error - 10/7/2013 1:38:11 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7000
Description = The Update WebConnect service failed to start due to the following
error: %%2

Error - 10/8/2013 2:03:29 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7000
Description = The Update WebConnect service failed to start due to the following
error: %%2

Error - 10/8/2013 2:03:58 PM | Computer Name = Andy-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 10/9/2013 2:08:35 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7000
Description = The Update WebConnect service failed to start due to the following
error: %%2

Error - 10/10/2013 2:38:30 PM | Computer Name = Andy-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.159.1816.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 10/10/2013 2:38:30 PM | Computer Name = Andy-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.159.1816.0 Update Source: %%859 Update Stage:
%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 10/10/2013 2:38:30 PM | Computer Name = Andy-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.159.1816.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9901.0 Error
code: 0x80240016 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 10/10/2013 3:02:42 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 10/10/2013 3:03:12 PM | Computer Name = Andy-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Thanks for the reply :)

Registry backed up and extras log below as required.

Acknowledged and you're welcome!

Java Advice:

There has been a recent severe exploitation of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that it is installed Java related:-

Java™ 6 Update 24 (64-bit)
Java 7 Update 25


So you need to uninstall all(if still present via Uninstall a program or Programs and Features located in the Control Panel)...Your choice if you wish to go ahead and reinstall but I advise against it and for the present I do not even have anything Java related installed on my machines.

Please let myself know what you wish to do about this in your next reply please and if you opt to re-install I will provide both the appropriate instructions and safety advice etc.

Download/run Rkill:

Please download Rkill from one of the following links and save to your desktop:

(If one fails to work delete it and download/try another):

One, Two,Three, Four or Five

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Post the log created, found on the desktop rkill.txt. in your next reply.
Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
  • Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt
  • 0

#5
andydf

andydf

    Visiting Staff

  • Topic Starter
  • Visiting Consultant
  • 1,660 posts
Sorry for the late replay, been away for a couple of days.

Java has been uninstalled, I'll see how things go without it.

Logs below as required, looks good :) homepage is back to normal.

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 10/13/2013 03:58:17 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Andy\Desktop\rkill\rkill-10-13-2013-03-58-20.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 10/13/2013 03:58:56 PM
Execution time: 0 hours(s), 0 minute(s), and 39 seconds(s)


# AdwCleaner v3.007 - Report created 13/10/2013 at 16:02:44
# Updated 09/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Andy - ANDY-PC
# Running from : C:\Users\Andy\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v

[ File : C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4886 octets] - [08/09/2013 12:39:12]
AdwCleaner[R1].txt - [6055 octets] - [09/10/2013 21:30:14]
AdwCleaner[R2].txt - [1299 octets] - [13/10/2013 16:01:51]
AdwCleaner[S0].txt - [4680 octets] - [08/09/2013 12:41:02]
AdwCleaner[S1].txt - [5810 octets] - [09/10/2013 21:31:05]
AdwCleaner[S2].txt - [1228 octets] - [13/10/2013 16:02:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1288 octets] ##########
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Sorry for the late replay, been away for a couple of days.

Not a problem.

Java has been uninstalled, I'll see how things go without it.

Fair play, in the event you wish to reinstall Java:-

Java Downloads for All Operating Systems

Scroll down to:-

Which should I choose?

Follow the advice per We have detected you may be viewing this page etc etc.

Then follow the advice below:-

How to Disable Java in your Web Browser

Logs below as required, looks good :) homepage is back to normal.

Good.

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right-click on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt in your next reply.
Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Re-scan with OTL:

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • Post the new OTL log in your next reply

  • 0

#7
andydf

andydf

    Visiting Staff

  • Topic Starter
  • Visiting Consultant
  • 1,660 posts
Logs below

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Andy on 13/10/2013 at 17:20:55.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-125032965-450748112-269888994-1002\Software\SweetIM



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\free youtube downloader"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/10/2013 at 17:28:18.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



OTL logfile created on: 10/13/2013 5:30:00 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Andy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

5.90 Gb Total Physical Memory | 3.78 Gb Available Physical Memory | 64.18% Memory free
11.79 Gb Paging File | 9.36 Gb Available in Paging File | 79.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.13 Gb Total Space | 290.21 Gb Free Space | 65.05% Space Free | Partition Type: NTFS

Computer Name: ANDY-PC | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/10 20:20:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Downloads\OTL.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/09/06 19:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/04/22 17:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/22 04:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/04/13 17:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/12/21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/10/29 22:20:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/10/01 23:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/13 16:04:09 | 000,557,056 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\pysqlite2._sqlite.pyd
MOD - [2013/10/13 16:04:09 | 000,128,512 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\_elementtree.pyd
MOD - [2013/10/13 16:04:09 | 000,098,816 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32api.pyd
MOD - [2013/10/13 16:04:09 | 000,044,032 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\_socket.pyd
MOD - [2013/10/13 16:04:09 | 000,022,528 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32ts.pyd
MOD - [2013/10/13 16:04:08 | 001,175,040 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\wx._core_.pyd
MOD - [2013/10/13 16:04:08 | 001,153,024 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\_ssl.pyd
MOD - [2013/10/13 16:04:08 | 000,811,008 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\wx._windows_.pyd
MOD - [2013/10/13 16:04:08 | 000,805,888 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\wx._gdi_.pyd
MOD - [2013/10/13 16:04:08 | 000,735,232 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\wx._misc_.pyd
MOD - [2013/10/13 16:04:08 | 000,711,680 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\_hashlib.pyd
MOD - [2013/10/13 16:04:08 | 000,504,832 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\windows._cacheinvalidation.pyd
MOD - [2013/10/13 16:04:08 | 000,364,544 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\pythoncom27.dll
MOD - [2013/10/13 16:04:08 | 000,320,512 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32com.shell.shell.pyd
MOD - [2013/10/13 16:04:08 | 000,122,368 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\wx._wizard.pyd
MOD - [2013/10/13 16:04:08 | 000,119,808 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32file.pyd
MOD - [2013/10/13 16:04:08 | 000,110,080 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\PyWinTypes27.dll
MOD - [2013/10/13 16:04:08 | 000,108,544 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32security.pyd
MOD - [2013/10/13 16:04:08 | 000,087,040 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\_ctypes.pyd
MOD - [2013/10/13 16:04:08 | 000,070,656 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\wx._html2.pyd
MOD - [2013/10/13 16:04:08 | 000,035,840 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32process.pyd
MOD - [2013/10/13 16:04:08 | 000,026,624 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\_multiprocessing.pyd
MOD - [2013/10/13 16:04:08 | 000,025,600 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32pdh.pyd
MOD - [2013/10/13 16:04:08 | 000,017,408 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32profile.pyd
MOD - [2013/10/13 16:04:08 | 000,011,264 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32crypt.pyd
MOD - [2013/10/13 16:04:05 | 000,038,912 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32inet.pyd
MOD - [2013/10/13 16:04:02 | 001,062,400 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\wx._controls_.pyd
MOD - [2013/10/13 16:04:01 | 000,686,080 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\unicodedata.pyd
MOD - [2013/10/13 16:04:01 | 000,127,488 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\pyexpat.pyd
MOD - [2013/10/13 16:04:01 | 000,018,432 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\win32event.pyd
MOD - [2013/10/13 16:04:00 | 000,010,240 | ---- | M] () -- C:\Users\Andy\AppData\Local\Temp\_MEI26442\select.pyd
MOD - [2013/10/10 21:03:23 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8f5b881951592b2fd05f710650bf7e04\System.Core.ni.dll
MOD - [2013/10/10 20:04:25 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bcf51dc88597d0835c819a2d5a755b74\PresentationFramework.ni.dll
MOD - [2013/10/10 20:04:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 20:04:07 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\51478a61dbd40488e320a0061e23c4df\PresentationCore.ni.dll
MOD - [2013/10/10 20:04:00 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll
MOD - [2013/10/10 20:03:57 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\08d05898be584065b797a6dd48d9ad56\System.Configuration.ni.dll
MOD - [2013/10/03 07:03:05 | 000,415,184 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppgooglenaclpluginchrome.dll
MOD - [2013/10/03 07:03:03 | 004,055,504 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
MOD - [2013/10/03 07:02:12 | 000,698,832 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\libglesv2.dll
MOD - [2013/10/03 07:02:11 | 000,099,792 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\libegl.dll
MOD - [2013/10/03 07:02:09 | 001,604,560 | ---- | M] () -- C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\ffmpegsumo.dll
MOD - [2013/08/15 21:08:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 21:08:15 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 21:08:12 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 07:57:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 07:56:28 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/08/18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/04/22 17:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
MOD - [2010/12/17 17:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/20 20:33:08 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/06/20 20:33:08 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/12/17 21:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/12/17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/12/17 21:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/29 22:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/11/18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/10/08 21:20:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/10 21:06:17 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/04/22 17:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/22 04:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/12/21 01:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/21 01:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/29 20:20:58 | 000,236,016 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/08/26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/26 00:54:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/26 00:54:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/17 16:27:54 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/05/17 16:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/05/17 16:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/04/22 17:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/03/26 10:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/17 02:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/10 23:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 23:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/20 18:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/22 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/17 18:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/15 18:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/13 18:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 15:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/11/29 22:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 17:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/20 20:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/07/13 03:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/03/19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 08:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/04 02:35:14 | 000,020,992 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.del...c=uk&l=en&s=gen
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{B7A296BE-D2A3-4B13-B820-B78A60201068}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.)


[2013/09/07 20:43:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\30.0.1599.69\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.90.7_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Bejeweled = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: Google Drive = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: LastPass = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.5_0\
CHR - Extension: Cargo Bridge = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/10/09 21:41:53 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BDRegion] c:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...10926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B9D715-F58B-415D-8D05-47E20150465F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCC95268-E39D-4210-86E4-0157F547C353}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b119467-040f-11e2-8d3b-848f69b51b2b}\Shell - "" = AutoRun
O33 - MountPoints2\{4b119467-040f-11e2-8d3b-848f69b51b2b}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/13 17:20:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/13 15:58:20 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\rkill
[2013/10/11 09:46:52 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/10/11 09:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/10/11 09:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/10/10 19:44:17 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/10 19:44:16 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/10 19:44:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/10/10 19:44:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/10/10 19:44:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/10/10 19:44:15 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/10/10 19:44:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/10/10 19:44:15 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/10/10 19:44:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/10/10 19:44:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/10/10 19:44:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/10/10 19:44:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/10 19:44:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/10 19:44:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/10 19:44:12 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/09 21:53:44 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Malwarebytes
[2013/10/09 21:53:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/09 21:53:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/09 21:53:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/09 21:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/09 21:53:11 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Programs
[2013/10/09 19:16:43 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/09 19:16:42 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 19:16:42 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 19:16:41 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/09 19:16:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/09 19:16:41 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 19:16:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/09 19:16:41 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 19:16:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/09 19:16:40 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/09 19:16:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/09 19:16:40 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/09 19:16:31 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/09 19:16:31 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/09 19:16:30 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/09 19:16:30 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/09 19:16:29 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/09 19:16:29 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/09 19:16:27 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/09 19:16:27 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/09 19:16:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/09 19:16:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/09 19:16:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/09 19:16:24 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/09 19:16:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/09 19:16:17 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 19:16:17 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 19:16:16 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 19:16:14 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/09 19:16:14 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/08 21:20:18 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/20 19:50:56 | 000,000,000 | R--D | C] -- C:\Users\Andy\Google Drive
[2013/09/20 19:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/13 17:20:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/13 16:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125032965-450748112-269888994-1002UA.job
[2013/10/13 16:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/13 16:11:43 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/13 16:11:43 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/13 16:04:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/13 16:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/13 16:03:32 | 453,640,191 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/13 15:46:39 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/13 15:46:39 | 000,665,232 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/13 15:46:39 | 000,125,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/11 09:47:31 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-ANDY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/10/11 09:46:08 | 000,002,233 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/10/10 20:00:58 | 000,376,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 19:49:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-125032965-450748112-269888994-1002Core.job
[2013/10/10 19:42:22 | 000,765,700 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 21:53:38 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/09 19:52:10 | 000,002,358 | ---- | M] () -- C:\Users\Andy\Desktop\Google Chrome.lnk
[2013/10/08 21:20:31 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 21:20:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/08 21:20:19 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/23 00:27:49 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/23 00:27:48 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/23 00:27:48 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/23 00:27:48 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/23 00:27:48 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/22 23:55:16 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/22 23:54:55 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/22 23:54:51 | 003,959,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/22 23:54:51 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/22 23:54:50 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/22 23:54:50 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/22 23:54:50 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/22 23:54:50 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/21 03:48:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/21 03:39:47 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/20 19:50:56 | 000,001,703 | ---- | M] () -- C:\Users\Andy\Desktop\Google Drive.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/11 09:47:31 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-ANDY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/10/11 09:46:08 | 000,002,233 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/10/09 21:53:38 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/20 19:50:56 | 000,001,703 | ---- | C] () -- C:\Users\Andy\Desktop\Google Drive.lnk
[2012/11/17 16:11:44 | 000,005,120 | ---- | C] () -- C:\Users\Andy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 14:12:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/11/26 00:44:34 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/11/26 00:43:50 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/11/26 00:43:47 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/11/26 00:43:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Logs below

Any particular reason you opted to run the requested OTL re-scan with just Current User selected rather than Scan All Users ? Not a problem however and more curious than anything.

Anyway lets proceed as follows shall we...

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c
netsh winsock reset all /c
netsh int ip reset all /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
C:\Program Files (x86)\Java
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelTBRunOnce"=-

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM's executable and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered ?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

#9
andydf

andydf

    Visiting Staff

  • Topic Starter
  • Visiting Consultant
  • 1,660 posts

Any particular reason you opted to run the requested OTL re-scan with just Current User selected rather than Scan All Users ? Not a problem however and more curious than anything.


Lets pretend I forgot to :whistling:

Computer is running fine, I really need to brush up on my virus fighting abilities :blush:

Tell me, is the UNITE 'club' still relevant?

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2\ deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::bd1c:ac82:ac08:b0b9%12
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{FCC95268-E39D-4210-86E4-0157F547C353}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 14:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Andy\Downloads\cmd.bat deleted successfully.
C:\Users\Andy\Downloads\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 3 while it has its media disconnected.
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::bd1c:ac82:ac08:b0b9%12
IPv4 Address. . . . . . . . . . . : 192.168.0.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{FCC95268-E39D-4210-86E4-0157F547C353}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 14:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:305f:24e5:3f57:fffc
Link-local IPv6 Address . . . . . : fe80::305f:24e5:3f57:fffc%20
Default Gateway . . . . . . . . . : ::
C:\Users\Andy\Downloads\cmd.bat deleted successfully.
C:\Users\Andy\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Andy\Downloads\cmd.bat deleted successfully.
C:\Users\Andy\Downloads\cmd.txt deleted successfully.
< netsh winsock reset all /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Andy\Downloads\cmd.bat deleted successfully.
C:\Users\Andy\Downloads\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
C:\Users\Andy\Downloads\cmd.bat deleted successfully.
C:\Users\Andy\Downloads\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Andy\Downloads\cmd.bat deleted successfully.
C:\Users\Andy\Downloads\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\Andy\Downloads\cmd.bat deleted successfully.
C:\Users\Andy\Downloads\cmd.txt deleted successfully.
C:\Program Files (x86)\Java\jre6\bin folder moved successfully.
C:\Program Files (x86)\Java\jre6 folder moved successfully.
C:\Program Files (x86)\Java folder moved successfully.
File\Folder C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\IntelTBRunOnce not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Andy
->Temp folder emptied: 1203569961 bytes
->Temporary Internet Files folder emptied: 95978322 bytes
->Java cache emptied: 2340702 bytes
->Google Chrome cache emptied: 189187892 bytes
->Flash cache emptied: 80492 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 850013295 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42310724 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 1972340782 bytes

Total Files Cleaned = 4,154.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10132013_210407

Files\Folders moved on Reboot...
C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

MBAM didn't find anything but the log is below as required.

13/10/2013 21:13:10
mbam-log-2013-10-13 (21-13-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218238
Time elapsed: 2 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Lets pretend I forgot to :whistling:

Fair play. :lol:

Levity aside...

Computer is running fine, I really need to brush up on my virus fighting abilities :blush:

I am sure you could get back up to speed in no time as you still have access to relevant material via Visiting Consultant status. No idea if you wish to be a helper again here in GTG and if so my best advice would be contact one of the GeekU Admins to discuss that.

Tell me, is the UNITE 'club' still relevant?

Sent a PM.

Just one final check now as follows...

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the log file first!
  • Now click on: Posted Image
  • Use notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

My friendly advice is you consider keeping the online scanner installed then run it say once per month as a extra check. A quick easy way to do so would be via:-

Click on Start(Windows 7 Orb) >> Computer >> C: >> Program Files (x86) >> ESET >> ESET Online Scanner >> then right click on OnlineScannerApp and select Run as Administrator.
  • 0

#11
andydf

andydf

    Visiting Staff

  • Topic Starter
  • Visiting Consultant
  • 1,660 posts
Eset log below as required.

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b4638c74e4e5dd44bd7470508d4d6453
# engine=15482
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-14 08:20:40
# local_time=2013-10-14 09:20:40 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 8256799 134247090 0 0
# scanned=153842
# found=13
# cleaned=0
# scan_time=4180
sh=F831FBC6A34556761399CE04D4B421C7BA716480 ft=1 fh=d91bac541848e8d7 vn="Win32/Toolbar.Funmoods application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\escortShld.dll.vir"
sh=F6FB123B9F3604629D0CFA93BB8D45DF3DB5E511 ft=1 fh=bae64ff57b12b8e1 vn="a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolApp.dll.vir"
sh=8E9985E14F4C259A48F2730C31816FE01FB3F865 ft=1 fh=4002b95c2b374955 vn="probably a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolEng.dll.vir"
sh=6520D348A6F1EA16BBECE520507946C57065A8FD ft=1 fh=2af50e6cee369def vn="a variant of Win32/Toolbar.Montiera.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolsrv.exe.vir"
sh=57F06A8C7A86599F43AFFF3080D4DA9ADC2FAD73 ft=1 fh=27f83682369f38da vn="a variant of Win32/Toolbar.Montiera.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\searchgolTlbr.dll.vir"
sh=30971B5BE14BBEF177CF34714DD35A0174449A15 ft=1 fh=ff621fdc0f8fcec5 vn="a variant of Win32/Toolbar.Escort.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\searchgol\searchgol\1.8.16.19\bh\searchgol.dll.vir"
sh=2D8A0375397A0CE2F99ADB9D1C7FB9B6AA53D1FF ft=1 fh=891319e7c1f8b5bf vn="a variant of MSIL/BrowseFox.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\updateWebConnect.exe.vir"
sh=3B88B9BD67A6D948F9D70FD055155CA6D3E808D1 ft=1 fh=ca0fa7dbab587652 vn="a variant of MSIL/BrowseFox.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\WebConnect.Common.dll.vir"
sh=387A912265A531AAF768CE5F48ED900E0D6F7066 ft=1 fh=5618ca983c5bf41c vn="probably a variant of Win32/BrowseFox.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WebConnect\WebConnectBHO.dll.vir"
sh=285A99A70BA7F9C85E0E572BFB69C2C648415D9F ft=1 fh=c71c001167af3438 vn="a variant of Win32/Somoto.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Local\TempDir\BetterInstaller.exe.vir"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Andy\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir"
sh=BD3C685B5F9C5FDDBCF46DAF1C89E094C69F87B0 ft=1 fh=62591177f2e83ca9 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=3963D8A5B82F5DD540BB1DDEE8BA5B8D9098C549 ft=1 fh=d69ca3895677d6e5 vn="a variant of Win32/HiddenStart.A application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Eset log below as required.

A favourable outcome, all that has been detected are items quarantined by AdwCleaner which will be fully purged when we remove the application and two false positive detections against Dell DataSafe.

Next:

Congratulations your computer appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall AdwCleaner:

  • Right-click on AdwCleaner.exe nd select Run as Administrator to start the program
  • Click on Uninstall >> Yes, this will remove the application and its log(s) etc.
Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.

Reset the System Restore points:

Create a new, clean System Restore point:-

  • Right click on Computer and select Properties >> System protection >> Create....
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System Properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Flush Old System Restore points:-

  • Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:-
System Restore and Shadow Copies
  • Click on Clean up... >> Delete >> OK >> Delete Files.
Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

Other installed security software:

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also at least once per week.

Registry Backup:

Tweaking.com - Registry Backup, I advise you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Note: As mentioned prior a tutorial for Registry Backup explaining the various features be viewed here.

Further reading/resources:

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

As is this: Computer Security - a short guide to staying safer online

And these are worth reading also: Understanding Windows Firewall settings & Securing Your Router

Keep Your System Updated:

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Plus check Automatic Updates is enabled.

Update to Internet Explorer v10:

IE9 has been superseded by IE10 for Windows 7 and above. I strongly advise you download and install the new browser from here. This will increase overall security whist browsing online.

Even if you do not use IE often having the latest version installed will still increase your machines overall security. This web-page is worth bookmarking/reading for future reference:-

Securing Your Web Browser

Check your third party software is up to date:

Via the Secunia Online Software Inspector if you opt to reinstall Java. Or alternatively download/install and use FileHippo Update Checker...

Be careful when opening attachments and downloading files:

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on FileHippo or MajorGeeks

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

Consider the below extra/layered security for your machine:

Custom Host File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

Only use one of the above!

WinPatrol:

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

Next:

Any questions? Feel free to ask, if not stay safe!
  • 0

#13
andydf

andydf

    Visiting Staff

  • Topic Starter
  • Visiting Consultant
  • 1,660 posts
Many thanks for your help, I know my issue was small in comparison to some I've seen on here, but your help was certainly appreciated.

Hopefully my next post in this forum will be helping rather than needing help, but that may be a while before that happens again ;)

Again, thanks for helping :D
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Acknowledged/good luck and you're most welcome! :)
  • 0

#15
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP