Author Topic: MBAM detected a problem (Read 1998 times)

Allans · « **on:** January 10, 2014, 09:03:35 AM »

Every month I routinely run MBAM & AVAST on \'full scan\' prior to backup. This month they both flagged problems - which I allowed them to clean. They both give a clean bill of health - but I\'ve noticed the odd unexpected pop-up.

All problems reported by AVAST were \\Sun\\Java\\Deployment\\cache related.

After AVSAST \'moved files o Chest\' I went to Sun website, downloaded Java removal tool, removed and then reinstalled Java from a fresh download.

MBAM LOG:

Registry Keys Detected: 4

HKCR\\CLSID\\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Video Converter (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3A787631-66A2-4634-B928-A37E73B58FB6} (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

HKCU\\Software\\Distromatic\\Toolbars (PUP.Optional.AlexaTB.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 2

C:\\Users\\allans\\AppData\\Roaming\\Slick Savings (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

C:\\Users\\allans\\AppData\\Local\\Slick Savings (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

Files Detected: 7

C:\\Program Files (x86)\\Conduit\\Community Alerts\\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

C:\\Program Files (x86)\\VideoConverter\\Uninstall\\__Uninstall_.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.

C:\\Users\\allans\\AppData\\Roaming\\Slick Savings\\Uninstall.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

C:\\Users\\allans\\AppData\\Roaming\\Slick Savings\\coupons_2.4.crx (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

C:\\Users\\allans\\AppData\\Roaming\\Slick Savings\\CouponsHelper.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

C:\\Users\\allans\\AppData\\Roaming\\Slick Savings\\coupons_2.7.xpi (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

C:\\Users\\allans\\AppData\\Local\\Slick Savings\\coupons.crx (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.

Please can someone take a look at the HJT log below

Thanks

Allan

Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 13:52:59, on 10/01/2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16750)

FIREFOX: 26.0 (en-US)

Boot mode: Normal

Running processes:

C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe

C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe

C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe

C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe

C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe

C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe

C:\\Program Files (x86)\\Internet Explorer\\IELowutil.exe

C:\\Program Files (x86)\\Microsoft Office\\Office12\\OUTLOOK.EXE

C:\\Program Files\\WinZip\\zipsendservice.exe

C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE

C:\\Users\\allans\\Desktop\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = Preserve

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://telfordsteamrailway.easysearch.org.uk/\'>http://telfordsteamrailway.easysearch.org.uk/

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896\'>http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141\'>http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,SearchAssistant =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Search,CustomizeSearch =

R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveShellExtensions.dll

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll

O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll

O2 - BHO: uTorrentControl_v6 - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_32.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll

O3 - Toolbar: uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_32.dll

O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll

O4 - HKLM\\..\\Run: [avast5] \"C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe\" /nogui

O4 - HKLM\\..\\Run: [Samsung PanelMgr] C:\\Windows\\Samsung\\PanelMgr\\ssmmgr.exe /autorun

O4 - HKLM\\..\\Run: [Adobe ARM] \"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"

O4 - HKLM\\..\\Run: [GrooveMonitor] \"C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveMonitor.exe\"

O4 - HKLM\\..\\Run: [TrueImageMonitor.exe] C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe

O4 - HKLM\\..\\Run: [APSDaemon] \"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"

O4 - HKLM\\..\\Run: [QuickTime Task] \"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime

O4 - HKLM\\..\\Run: [AvastUI.exe] \"C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe\" /nogui

O4 - HKLM\\..\\Run: [SunJavaUpdateSched] \"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\"

O4 - HKCU\\..\\Run: [Sidebar] C:\\Program Files\\Windows Sidebar\\sidebar.exe /autoRun

O4 - HKCU\\..\\Run: [LightScribe Control Panel] C:\\Program Files (x86)\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden

O4 - HKUS\\S-1-5-19\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-19\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'LOCAL SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\Run: [Sidebar] %ProgramFiles%\\Windows Sidebar\\Sidebar.exe /autoRun (User \'NETWORK SERVICE\')

O4 - HKUS\\S-1-5-20\\..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe (User \'NETWORK SERVICE\')

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra \'Tools\' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\\PROGRA~2\\MICROS~2\\Office12\\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~2\\MICROS~2\\Office12\\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://www.samsungsetup.com\'>http://www.samsungsetup.com

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\..\\{AC1A5663-2FE9-4823-9A85-C38F921565D1}: NameServer = 10.0.0.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\\Program Files (x86)\\Microsoft Office\\Office12\\GrooveSystemServices.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedul2.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe

O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe

O23 - Service: @%SystemRoot%\\system32\\Alg.exe,-112 (ALG) - Unknown owner - C:\\Windows\\System32\\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe

O23 - Service: @%SystemRoot%\\system32\\efssvc.dll,-100 (EFS) - Unknown owner - C:\\Windows\\System32\\lsass.exe (file missing)

O23 - Service: @%systemroot%\\system32\\fxsresm.dll,-118 (Fax) - Unknown owner - C:\\Windows\\system32\\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\\Program Files (x86)\\Google\\Update\\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\\Program Files (x86)\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\\Program Files (x86)\\Common Files\\LightScribe\\LSSrvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\\Windows\\System32\\msdtc.exe (file missing)

O23 - Service: @C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe

O23 - Service: @%SystemRoot%\\System32\\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\\Windows\\system32\\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe

O23 - Service: Polar Daemon - Unknown owner - C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe

O23 - Service: @%systemroot%\\system32\\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe

O23 - Service: @%systemroot%\\system32\\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\\Windows\\system32\\locator.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\samsrv.dll,-1 (SamSs) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\\Windows\\System32\\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\\system32\\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\\Windows\\System32\\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\\Windows\\system32\\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\\Windows\\system32\\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\\Windows\\system32\\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\vds.exe,-100 (vds) - Unknown owner - C:\\Windows\\System32\\vds.exe (file missing)

O23 - Service: @%systemroot%\\system32\\vssvc.exe,-102 (VSS) - Unknown owner - C:\\Windows\\system32\\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\\system32\\Wat\\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\\Windows\\system32\\Wat\\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\\system32\\wbengine.exe,-104 (wbengine) - Unknown owner - C:\\Windows\\system32\\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\\system32\\wbem\\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\\Windows\\system32\\wbem\\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\\Windows Media Player\\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\\Program Files (x86)\\Windows Media Player\\wmpnetwk.exe (file missing)

--

End of file - 10213 bytes

guestolo · « **Reply #1 on:** January 10, 2014, 02:14:21 PM »

It looks like some optional software/toolbars got installed with other software
Let\'s take a closer look please

Download http://oldtimer.geekstogo.com/OTL.exe\'>OTL.exe by OldTimer to your Desktop.

Close all windows and right click on OTL.exe and choose to \"Run as Administrator\"
Put a tick in \"Scan All Users\"
Click Run Scan and let the program run uninterrupted.
It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Allans · « **Reply #2 on:** January 16, 2014, 03:41:41 AM »

Thanks. Here\'s the scans you wanted.

OTL logfile created on: 15/01/2014 15:03:29 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\allans\\Desktop

64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.05% Memory free

8.00 Gb Paging File | 6.18 Gb Available in Paging File | 77.26% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 78.13 Gb Total Space | 27.17 Gb Free Space | 34.77% Space Free | Partition Type: NTFS

Drive D: | 97.65 Gb Total Space | 69.99 Gb Free Space | 71.67% Space Free | Partition Type: NTFS

Drive E: | 105.47 Gb Total Space | 29.13 Gb Free Space | 27.62% Space Free | Partition Type: NTFS

Drive F: | 106.38 Gb Total Space | 38.23 Gb Free Space | 35.93% Space Free | Partition Type: NTFS

Drive G: | 982.72 Mb Total Space | 38.11 Mb Free Space | 3.88% Space Free | Partition Type: FAT

Drive T: | 78.13 Gb Total Space | 52.63 Gb Free Space | 67.36% Space Free | Partition Type: NTFS

Computer Name: LEMURIA | User Name: allans | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe

PRC - [2013/12/24 09:18:20 | 003,764,024 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe

PRC - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe

PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2013/12/05 10:07:04 | 000,223,112 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\GoogleCrashHandler.exe

PRC - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe

PRC - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe

PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\reader_sl.exe

PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe

PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe

PRC - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe

PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe

PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/23 13:33:16 | 019,336,120 | ---- | M] () -- C:\\Program Files\\Alwil Software\\Avast5\\libcef.dll

MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtGui4.dll

MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\plugins\\imageformats\\qjpeg4.dll

MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtCore4.dll

MOD - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\appmgmts.dll -- (AppMgmt)

SRV - [2014/01/08 17:52:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2013/12/17 19:31:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe -- (afcdpsrv)

SRV - [2013/02/10 03:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe -- (nvUpdatusService)

SRV - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe -- (Polar Daemon)

SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe -- (NAUpdate)

SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedul2.exe -- (AcrSch2Svc)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\aswstm.sys -- (aswStm)

DRV:64bit: - [2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswsp.sys -- (aswSP)

DRV:64bit: - [2013/12/24 09:18:23 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/10/23 13:33:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/10/23 13:33:17 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/03/04 09:43:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\afcdp.sys -- (afcdp)

DRV:64bit: - [2013/03/04 09:43:31 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\tdrpm251.sys -- (tdrpman251)

DRV:64bit: - [2013/03/04 09:43:29 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\timntr.sys -- (timounter)

DRV:64bit: - [2013/03/04 09:43:22 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\snapman.sys -- (snapman)

DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\netr7364.sys -- (netr7364)

DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\point64.sys -- (Point64)

DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 20:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\HCW85BDA.sys -- (HCW85BDA)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\e1e6232e.sys -- (e1express)

DRV:64bit: - [2008/04/30 09:32:27 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\SSPORT.SYS -- (SSPORT)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\URLSearchHook: {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll (Conduit Ltd.)

IE - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = Preserve

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://telfordsteamrailway.easysearch.org.uk/\'>http://telfordsteamrailway.easysearch.org.uk/

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp\'>http://uk.msn.com/?ocid=iehp

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes,DefaultScope = {9A86E642-C27A-47E6-B502-BEF8FD7DECAE}

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes\\{9A86E642-C27A-47E6-B502-BEF8FD7DECAE}: \"URL\" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: \"Google\"

FF - prefs.js..browser.search.defaultenginename: \"Yahoo!\"

FF - prefs.js..browser.search.selectedEngine: \"Yahoo!\"

FF - prefs.js..browser.search.useDBForOrder: false

FF - prefs.js..browser.startup.homepage: \"http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\"

FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

FF - prefs.js..keyword.URL: \"http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p\'>http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=\"

FF - user.js - File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.45.2: C:\\Program Files\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.45.2: C:\\Program Files\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_9_900_170.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@Nero.com/KM: C:\\PROGRA~2\\COMMON~1\\Nero\\BROWSE~1\\NPBROW~1.DLL (Nero AG)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVision: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVisionStreaming: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Alwil Software\\Avast5\\WebRep\\FF [2013/12/24 09:18:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]

[2013/03/03 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Extensions

[2013/12/05 13:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions

[2013/12/05 13:25:48 | 000,010,433 | ---- | M] () (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions\\[email protected]

[2013/05/06 06:38:42 | 000,002,308 | ---- | M] () -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\askcom.xml

[2013/09/24 07:16:07 | 000,000,911 | ---- | M] () -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\yahoo_ff.xml

[2014/01/08 17:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions

[2014/01/08 17:52:20 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2012/06/28 15:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)

CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command=%7BsearchTerms\'>http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},

CHR - homepage: http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch

CHR - plugin: Winamp Application Detector (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll

CHR - Extension: Google Docs = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\

CHR - Extension: Google Drive = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\

CHR - Extension: YouTube = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: Ebay Shopping Assistant by Spigot = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\hbcennhacfaagdopikcegfcobcadeocj\\1.0_0\\

CHR - Extension: Domain Error Assistant = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\icdlfehblmklkikfigmjhbmmpmkmpooj\\1.1_0\\

CHR - Extension: Slick Savings = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mhkaekfpcppmmioggniknbnbdbcigpkk\\2.4_0\\

CHR - Extension: Google Wallet = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.5.0_0\\

CHR - Extension: Amazon Shopping Assistant by Spigot = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pfndaklgolladniicklehhancnlgocpp\\1.0_0\\

CHR - Extension: Gmail = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll (Conduit Ltd.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\\..\\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\\..\\Toolbar: (uTorrentControl_v6 Toolbar) - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll (Conduit Ltd.)

O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)

O3 - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\Toolbar\\WebBrowser: (uTorrentControl_v6 Toolbar) - {96F454EA-9D38-474F-B504-56193E00C1A5} - C:\\Program Files (x86)\\uTorrentControl_v6\\prxtbuTor.dll (Conduit Ltd.)

O4:64bit: - HKLM..\\Run: [Acronis Scheduler2 Service] C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\\Run: [IntelliPoint] C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\\Run: [itype] C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe (Microsoft Corporation)

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [avast5] C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [AvastUI.exe] C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [Samsung PanelMgr] C:\\Windows\\Samsung\\PanelMgr\\ssmmgr.exe ()

O4 - HKLM..\\Run: [TrueImageMonitor.exe] C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe (Acronis)

O4 - HKU\\S-1-5-19..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)

O4 - HKU\\S-1-5-20..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)

O4 - HKU\\S-1-5-19..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found

O4 - HKU\\S-1-5-20..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: EnableLinkedConnections = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{AC1A5663-2FE9-4823-9A85-C38F921565D1}: NameServer = 10.0.0.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{F4C083AD-AE62-4150-B954-D5D7D0D6D7BC}: DhcpNameServer = 192.168.169.1

O18:64bit: - Protocol\\Handler\\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/15 14:57:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe

[2014/01/15 14:56:42 | 000,000,000 | -HSD | C] -- C:\\Config.Msi

[2014/01/15 14:53:12 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbport.sys

[2014/01/15 14:53:11 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbd.sys

[2014/01/15 14:53:00 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\netio.sys

[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\VC

[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Documents\\TEncoder

[2014/01/14 08:09:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\TEncoder Video Converter

[2014/01/14 08:09:18 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\TEncoder Video Converter

[2014/01/10 13:44:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe

[2014/01/08 17:52:12 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox

[2014/01/07 18:36:17 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Sun

[2014/01/07 18:36:16 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Common Files\\Java

[2014/01/07 18:36:08 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2014/01/07 18:36:02 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2014/01/07 18:36:02 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2014/01/07 18:36:02 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2014/01/07 18:29:48 | 000,312,744 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysNative\\javaws.exe

[2014/01/07 18:29:43 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysNative\\javaw.exe

[2014/01/07 18:29:43 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysNative\\java.exe

[2014/01/07 18:29:43 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysNative\\WindowsAccessBridge-64.dll

[2014/01/07 18:29:43 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java

[2014/01/07 18:29:32 | 000,000,000 | ---D | C] -- C:\\Program Files\\Java

[2014/01/07 11:49:59 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\DigitalSites

[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\VideoConverter

[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Video Converter

[2013/12/30 11:00:37 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10331230

[2013/12/29 18:54:45 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10231222

[2013/12/29 18:53:52 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10131218

[2013/12/24 09:19:11 | 000,079,672 | ---- | C] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswstm.sys

[2013/12/17 19:31:59 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Local\\Macromedia

[2013/12/16 21:03:44 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wmploc.DLL

[2013/12/16 21:03:43 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wmploc.DLL

[2013/12/16 21:03:43 | 011,410,432 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wmp.dll

[2013/12/16 21:03:41 | 014,631,424 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wmp.dll

[2013/12/16 21:02:01 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ieui.dll

[2013/12/16 21:02:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\ieui.dll

[2013/12/16 21:02:00 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iesysprep.dll

[2013/12/16 21:02:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\RegisterIEPKEYs.exe

[2013/12/16 21:02:00 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iesetup.dll

[2013/12/16 21:02:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iesetup.dll

[2013/12/16 21:02:00 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\ie4uinit.exe

[2013/12/16 21:02:00 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iernonce.dll

[2013/12/16 21:02:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\iernonce.dll

[2013/12/16 21:01:59 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\iesysprep.dll

[2013/12/16 21:01:59 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\RegisterIEPKEYs.exe

[2013/12/16 21:01:57 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript.dll

[2013/12/16 21:01:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\jscript.dll

[2013/12/16 21:01:57 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msfeeds.dll

[2013/12/16 21:01:56 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\jscript9.dll

[2013/12/16 20:56:48 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\portcls.sys

[2013/12/16 20:56:48 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\drmk.sys

[2013/12/16 20:56:47 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\WMPhoto.dll

[2013/12/16 20:56:47 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\WMPhoto.dll

[2013/12/16 20:56:45 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\msieftp.dll

[2013/12/16 20:56:45 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\msieftp.dll

[2013/12/16 20:56:45 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\imagehlp.dll

[2013/12/16 20:55:48 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\wshom.ocx

[2013/12/16 20:55:47 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\scrrun.dll

[2013/12/16 20:55:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\scrrun.dll

[2013/12/16 20:55:47 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\cscript.exe

[2013/12/16 20:55:47 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\cscript.exe

[2013/12/16 20:55:47 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysWow64\\wshom.ocx

========== Files - Modified Within 30 Days ==========

[2014/01/15 15:02:37 | 000,000,894 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job

[2014/01/15 15:02:00 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/01/15 15:02:00 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/01/15 15:00:00 | 000,434,032 | ---- | M] () -- C:\\Windows\\SysNative\\FNTCACHE.DAT

[2014/01/15 14:59:43 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/01/15 14:58:43 | 3220,676,608 | -HS- | M] () -- C:\\hiberfil.sys

[2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe

[2014/01/15 09:14:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/01/15 09:12:31 | 000,000,898 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job

[2014/01/14 08:09:23 | 000,001,130 | ---- | M] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk

[2014/01/12 08:15:50 | 001,980,887 | ---- | M] () -- C:\\Users\\allans\\Desktop\\walk.jpg

[2014/01/10 13:44:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe

[2014/01/08 17:54:38 | 000,000,833 | ---- | M] () -- C:\\Users\\Public\\Desktop\\CCleaner.lnk

[2014/01/07 20:41:56 | 000,782,510 | ---- | M] () -- C:\\Windows\\SysNative\\PerfStringBackup.INI

[2014/01/07 20:41:56 | 000,666,652 | ---- | M] () -- C:\\Windows\\SysNative\\perfh009.dat

[2014/01/07 20:41:56 | 000,126,328 | ---- | M] () -- C:\\Windows\\SysNative\\perfc009.dat

[2014/01/07 18:35:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2014/01/07 18:35:54 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2014/01/07 18:35:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2014/01/07 18:35:53 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2014/01/07 18:29:37 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysNative\\WindowsAccessBridge-64.dll

[2014/01/07 18:29:35 | 000,312,744 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysNative\\javaws.exe

[2014/01/07 18:29:35 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysNative\\javaw.exe

[2014/01/07 18:29:35 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\\Windows\\SysNative\\java.exe

[2014/01/07 12:05:05 | 000,004,608 | ---- | M] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/01/07 11:49:55 | 000,001,116 | ---- | M] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk

[2014/01/07 11:49:55 | 000,001,092 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk

[2014/01/07 09:16:29 | 000,223,798 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Thomas_Savery[1].gif

[2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswstm.sys

[2013/12/24 09:19:11 | 000,001,988 | ---- | M] () -- C:\\Users\\Public\\Desktop\\avast! Free Antivirus.lnk

[2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys

[2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswsp.sys

[2013/12/24 09:18:23 | 000,334,136 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\aswBoot.exe

[2013/12/24 09:18:23 | 000,207,904 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys

[2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys

[2013/12/24 09:18:22 | 000,043,152 | ---- | M] (AVAST Software) -- C:\\Windows\\avastSS.scr

[2013/12/17 19:31:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerApp.exe

[2013/12/17 19:31:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerCPLApp.cpl

[2013/12/17 14:18:40 | 004,284,346 | ---- | M] () -- C:\\Users\\allans\\Desktop\\PICT0004.JPG

========== Files Created - No Company Name ==========

[2014/01/14 08:09:23 | 000,001,130 | ---- | C] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk

[2014/01/12 08:15:44 | 001,980,887 | ---- | C] () -- C:\\Users\\allans\\Desktop\\walk.jpg

[2014/01/12 08:07:31 | 051,158,834 | ---- | C] () -- C:\\Users\\allans\\Desktop\\OS_1993_25000.tif

[2014/01/07 12:04:33 | 000,004,608 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/01/07 11:49:55 | 000,001,116 | ---- | C] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk

[2014/01/07 11:49:55 | 000,001,092 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk

[2014/01/07 09:18:56 | 000,223,798 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Thomas_Savery[1].gif

[2013/12/17 22:34:39 | 004,284,346 | ---- | C] () -- C:\\Users\\allans\\Desktop\\PICT0004.JPG

[2013/12/06 11:18:08 | 000,008,123 | ---- | C] () -- C:\\Users\\allans\\saga_gui.ini

[2013/09/24 07:29:08 | 000,004,362 | ---- | C] () -- C:\\Windows\\cdplayer.ini

[2013/09/24 07:14:36 | 000,001,534 | ---- | C] () -- C:\\ProgramData\\ss.ini

[2013/05/23 18:43:39 | 000,007,671 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\Resmon.ResmonCfg

[2013/03/21 10:04:30 | 000,000,600 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\PUTTY.RND

[2013/03/05 09:50:43 | 000,012,942 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).CAL

[2013/03/05 09:49:35 | 000,038,410 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).ADR

[2013/03/03 18:25:14 | 000,766,376 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

< End of report >

OTL Extras logfile created on: 15/01/2014 15:03:29 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\allans\\Desktop

64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.05% Memory free

8.00 Gb Paging File | 6.18 Gb Available in Paging File | 77.26% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 78.13 Gb Total Space | 27.17 Gb Free Space | 34.77% Space Free | Partition Type: NTFS

Drive D: | 97.65 Gb Total Space | 69.99 Gb Free Space | 71.67% Space Free | Partition Type: NTFS

Drive E: | 105.47 Gb Total Space | 29.13 Gb Free Space | 27.62% Space Free | Partition Type: NTFS

Drive F: | 106.38 Gb Total Space | 38.23 Gb Free Space | 35.93% Space Free | Partition Type: NTFS

Drive G: | 982.72 Mb Total Space | 38.11 Mb Free Space | 3.88% Space Free | Partition Type: FAT

Drive T: | 78.13 Gb Total Space | 52.63 Gb Free Space | 67.36% Space Free | Partition Type: NTFS

Computer Name: LEMURIA | User Name: allans | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.html[@ = ChromeHTML] -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\\Windows\\SysNative\\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- C:\\Windows\\SysWow64\\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe (Google Inc.)

[HKEY_USERS\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Classes\\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

htmlfile [opennew] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

htmlfile [print] -- \"%systemroot%\\system32\\rundll32.exe\" \"%systemroot%\\system32\\mshtml.dll\",PrintHTML \"%1\"

http [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

https [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

InternetShortcut [open] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\ieframe.dll\",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\mshtml.dll\",PrintHTML \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\" (Nullsoft, Inc.)

Directory [Winamp.Play] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Applications\\iexplore.exe [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

htmlfile [opennew] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

htmlfile [print] -- \"%systemroot%\\system32\\rundll32.exe\" \"%systemroot%\\system32\\mshtml.dll\",PrintHTML \"%1\"

http [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

https [open] -- \"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" -- \"%1\" (Google Inc.)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /BOOKMARK \"%1\" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" /ADD \"%1\" (Nullsoft, Inc.)

Directory [Winamp.Play] -- \"C:\\Program Files (x86)\\Winamp\\winamp.exe\" \"%1\" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Applications\\iexplore.exe [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"cval\" = 1

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

\"VistaSp1\" = 28 4D B2 76 41 04 CA 01 [binary data]

\"AntiVirusOverride\" = 0

\"AntiSpywareOverride\" = 0

\"FirewallOverride\" = 0

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc\\Vol]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

\"DisableNotifications\" = 0

\"EnableFirewall\" = 1

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"DisableNotifications\" = 0

\"EnableFirewall\" = 0

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]

\"DisableNotifications\" = 0

\"EnableFirewall\" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{08E22235-782E-40B9-8090-44C8DFD0E833}\" = lport=139 | protocol=6 | dir=in | app=system |

\"{0D87EB9D-5D54-49BA-BC80-1554BD088E74}\" = lport=137 | protocol=17 | dir=in | app=system |

\"{17413364-8FB3-4D1D-91A7-1C037C249397}\" = rport=445 | protocol=6 | dir=out | app=system |

\"{204D667C-6541-4124-8C05-F489557BAB76}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{224A1C1F-8B79-42A9-8198-BEDADCA37583}\" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\\system32\\svchost.exe |

\"{2A2941FC-670B-4047-9988-57A19033BCAC}\" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

\"{40E7CB30-BFC8-431C-A7E3-907AEE26A302}\" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\\system32\\svchost.exe |

\"{433A075C-9284-42B9-9E1B-35D87C5E2860}\" = rport=139 | protocol=6 | dir=out | app=system |

\"{4854D8F6-4913-4F0D-8DB1-C58FFD2FDC63}\" = lport=445 | protocol=6 | dir=in | app=system |

\"{55FAFB34-2564-478E-806A-E7E2742A89D5}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{62D6C5CD-CBC7-46C4-9FB6-AF68338B04AD}\" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\\system32\\spoolsv.exe |

\"{7A2A48CC-7234-49D6-BC9E-97F6A705D7D6}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{7C41DB9B-09F9-46FF-957F-4BD4C0683221}\" = rport=137 | protocol=17 | dir=out | app=system |

\"{8A5E532F-778F-421B-A81B-1DBF634A45F9}\" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\\system32\\svchost.exe |

\"{8CCE0ADA-5E54-4BD4-BC9D-065AB78D2B0C}\" = lport=138 | protocol=17 | dir=in | app=system |

\"{9791D649-7F5B-4610-8332-3E35ED923A4B}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |

\"{A1FF125F-EB02-4FD0-903A-B32D07A3E9F1}\" = rport=138 | protocol=17 | dir=out | app=system |

\"{A22FE756-177F-4418-95C4-50C5CF41BE26}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{DBE88F26-19C0-4604-A057-68205B62D40D}\" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\\system32\\svchost.exe |

\"{E361BBB0-A35E-4212-ADE5-9AB3753140C7}\" = lport=6004 | protocol=17 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\outlook.exe |

\"{F822615B-6713-48E6-ABA2-F9C8F9C4A360}\" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |

\"{FD8CB3E0-C95B-48F2-A156-2CB4B2EF02FF}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{FE1814E7-FBF9-4BA2-9D80-CAFFD53C44A8}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{0D4FA402-4A5C-4540-A3B6-5E4EEB1D5460}\" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\\system32\\svchost.exe |

\"{0E2712F4-6BA0-43F4-B082-A6A61915E305}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\onenote.exe |

\"{11155DB5-687F-4A3E-A87C-668A8745027E}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\groove.exe |

\"{245C604F-E8B2-4CE1-B42A-56A9F77CC5C3}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{2486F7C7-AAB7-4107-8CA0-1BA3A997DC12}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\groove.exe |

\"{2857A9AA-6A24-4777-9F5E-D9C4C66B8F25}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{5B3A7DDE-39AD-4CBB-82FD-EB9F2E438C50}\" = dir=in | app=c:\\program files (x86)\\common files\\apple\\apple application support\\webkit2webprocess.exe |

\"{5D44005E-4A69-41C5-8EEF-16285E3399B2}\" = protocol=58 | dir=in | [email protected],-28545 |

\"{5EA4DBAB-3EFA-4DF4-ADF2-8FE44FF6E6C1}\" = protocol=6 | dir=out | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |

\"{69C8E10D-1E32-4F24-A2A6-EED32FC428EC}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\nero\\km\\kwikmedia.exe |

\"{6B67F757-6642-47C3-8A6A-2CEA168281C9}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\nero\\km\\kwikmedia.exe |

\"{72A03BD0-70F2-4980-A717-26E962B107ED}\" = protocol=17 | dir=in | app=c:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe |

\"{752E9910-7D6A-4861-9459-885A4B74980B}\" = protocol=58 | dir=out | [email protected],-28546 |

\"{8248F4FD-F2AA-410D-96D9-FCD1A850AFE6}\" = protocol=1 | dir=in | [email protected],-28543 |

\"{8C961A63-AEE7-4660-8AB5-28B02846494F}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{9808F8B4-4B62-4D08-B05E-6289088126ED}\" = protocol=1 | dir=out | [email protected],-28544 |

\"{991632B3-9E39-403C-B3C1-8CD3836C2A1A}\" = protocol=17 | dir=in | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |

\"{AA78B872-B29F-4EF0-AE38-5D898C2DCF07}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\microsoft office\\office12\\onenote.exe |

\"{C1C1F581-7439-43C6-81CD-0D6B676D742D}\" = protocol=17 | dir=out | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |

\"{F756F898-CAFE-40E4-B792-8D823359CDE4}\" = protocol=6 | dir=in | app=c:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe |

\"TCP Query User{7ADF76F6-B2A3-4160-9EB6-D1D34B77E157}C:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe\" = protocol=6 | dir=in | app=c:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe |

\"UDP Query User{9A633EB3-3117-4CC8-BBDF-940B53BF1688}C:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe\" = protocol=17 | dir=in | app=c:\\users\\allans\\appdata\\roaming\\utorrent\\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}\" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

\"{26A24AE4-039D-4CA4-87B4-2F86417045FF}\" = Java 7 Update 45 (64-bit)

\"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}\" = PVSonyDll

\"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}\" = Microsoft IntelliPoint 8.2

\"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}\" = Microsoft .NET Framework 4.5.1

\"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}\" = Microsoft IntelliType Pro 8.2

\"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\" = Microsoft Silverlight

\"{90120000-002A-0000-1000-0000000FF1CE}\" = Microsoft Office Office 64-bit Components 2007

\"{90120000-002A-0409-1000-0000000FF1CE}\" = Microsoft Office Shared 64-bit MUI (English) 2007

\"{90120000-0116-0409-1000-0000000FF1CE}\" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

\"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033\" = Microsoft .NET Framework 4.5.1

\"{95120000-00B9-0409-1000-0000000FF1CE}\" = Microsoft Application Error Reporting

\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision\" = NVIDIA 3D Vision Driver 314.07

\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel\" = NVIDIA Control Panel 314.07

\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver\" = NVIDIA Graphics Driver 314.07

\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB\" = NVIDIA 3D Vision Controller Driver 314.07

\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX\" = NVIDIA PhysX System Software 9.12.1031

\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update\" = NVIDIA Update 1.12.12

\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer\" = NVIDIA Install Application

\"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update\" = NVIDIA Update Components

\"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}\" = PlayReady PC Runtime amd64

\"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}\" = WinZip 17.0

\"{E3B264CE-D9CF-448B-960F-4F832FB1F990}\" = Corel Graphics - Windows Shell Extension 64 Bit

\"CCleaner\" = CCleaner

\"Microsoft IntelliPoint 8.2\" = Microsoft IntelliPoint 8.2

\"Microsoft IntelliType Pro 8.2\" = Microsoft IntelliType Pro 8.2

\"QGIS Dufour\" = QGIS Dufour 2.0.1 Dufour

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}\" = Corel Graphics - Windows Shell Extension

\"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}\" = Corel DESIGNER Technical Suite X5

\"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}\" = PDFCreator

\"{0071820F-09B0-4998-8320-F89629DCBC99}\" = Nero BackItUp

\"{052A1E34-A54B-458C-A4E3-24C3E054754A}\" = Nero Kwik Media

\"{0708FF30-78C0-47B0-81F0-C84604DC769C}\" = Nero Express Help (CHM)

\"{07EA0F8

guestolo · « **Reply #3 on:** January 16, 2014, 02:49:01 PM »

Do the following:
-AdwCleaner-

Please download http://www.majorgeeks.com/files/details/adwcleaner.html\'>AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
You can also find the log file at C:\\AdwCleaner

-Junkware-Removal-Tool-

Please download http://www.majorgeeks.com/files/details/junkware_removal_tool.html\'>Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select \"Run as Administrator\".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system\'s specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Allans · « **Reply #4 on:** January 17, 2014, 05:45:37 AM »

Thanks - as requested - first ADWCleaner then JRT logs

Allan

# AdwCleaner v3.017 - Report created 17/01/2014 at 10:21:01

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

# Username : allans - LEMURIA

# Running from : C:\\Users\\allans\\Desktop\\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\\ProgramData\\Ask

Folder Deleted : C:\\ProgramData\\FreeRIP

Folder Deleted : C:\\Program Files (x86)\\Conduit

Folder Deleted : C:\\Program Files (x86)\\FreeRIP

Folder Deleted : C:\\Program Files (x86)\\uTorrentControl_v6

Folder Deleted : C:\\Program Files (x86)\\Common Files\\Spigot

Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Conduit

Folder Deleted : C:\\Users\\allans\\AppData\\Local\\PackageAware

Folder Deleted : C:\\Users\\allans\\AppData\\LocalLow\\Conduit

Folder Deleted : C:\\Users\\allans\\AppData\\LocalLow\\PriceGong

Folder Deleted : C:\\Users\\allans\\AppData\\LocalLow\\uTorrentControl_v6

Folder Deleted : C:\\Users\\allans\\AppData\\Roaming\\pdfforge

Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\hbcennhacfaagdopikcegfcobcadeocj

Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\icdlfehblmklkikfigmjhbmmpmkmpooj

Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\mhkaekfpcppmmioggniknbnbdbcigpkk

Folder Deleted : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pfndaklgolladniicklehhancnlgocpp

File Deleted : C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\Askcom.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\hbcennhacfaagdopikcegfcobcadeocj

Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\icdlfehblmklkikfigmjhbmmpmkmpooj

Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\mhkaekfpcppmmioggniknbnbdbcigpkk

Key Deleted : HKLM\\SOFTWARE\\Google\\Chrome\\Extensions\\pfndaklgolladniicklehhancnlgocpp

Key Deleted : HKLM\\SOFTWARE\\Classes\\protector_dll.protectorbho

Key Deleted : HKLM\\SOFTWARE\\Classes\\protector_dll.protectorbho.1

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\apnstub_RASAPI32

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\apnstub_RASMANCS

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\FreeRIP3_RASAPI32

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\FreeRIP3_RASMANCS

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\UpdateTask_RASAPI32

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Tracing\\UpdateTask_RASMANCS

Key Deleted : HKLM\\SOFTWARE\\Classes\\Toolbar.CT3289075

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{96F454EA-9D38-474F-B504-56193E00C1A5}

Key Deleted : HKLM\\SOFTWARE\\Classes\\CLSID\\{CD90659F-D5B2-4104-9504-7CA36E6532DF}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects\\{96F454EA-9D38-474F-B504-56193E00C1A5}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\{96F454EA-9D38-474F-B504-56193E00C1A5}

Key Deleted : HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\{96F454EA-9D38-474F-B504-56193E00C1A5}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\PreApproved\\{CD90659F-D5B2-4104-9504-7CA36E6532DF}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{F9116CAE-76D2-4894-B018-CB7882C6116F}

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Low Rights\\ElevationPolicy\\{9A3E9456-8793-4537-A72E-83A165E8F1D8}

Value Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]

Value Deleted : HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]

Value Deleted : HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]

Key Deleted : HKCU\\Software\\Alexa Internet

Key Deleted : HKCU\\Software\\APN PIP

Key Deleted : HKCU\\Software\\Conduit

Key Deleted : HKCU\\Software\\distromatic

Key Deleted : HKCU\\Software\\dsiteproducts

Key Deleted : HKCU\\Software\\AppDataLow\\Toolbar

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Conduit

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\ConduitSearchScopes

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\PriceGong

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\Search Settings

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\SmartBar

Key Deleted : HKCU\\Software\\AppDataLow\\Software\\uTorrentControl_v6

Key Deleted : HKLM\\Software\\Conduit

Key Deleted : HKLM\\Software\\PIP

Key Deleted : HKLM\\Software\\uTorrentControl_v6

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{501451DE-5808-4599-B544-8BD0915B6B24}_is1

Key Deleted : HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\uTorrentControl_v6 Toolbar

***** [ Browsers ] *****

-\\\\ Internet Explorer v10.0.9200.16750

-\\\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\prefs.js ]

-\\\\ Google Chrome v32.0.1700.76

[ File : C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\preferences ]

*************************

AdwCleaner[R0].txt - [5364 octets] - [17/01/2014 10:12:38]

AdwCleaner[S0].txt - [5203 octets] - [17/01/2014 10:21:01]

########## EOF - C:\\AdwCleaner\\AdwCleaner[S0].txt - [5263 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Enterprise x64

Ran by allans on 17/01/2014 at 10:27:35.51

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ FireFox

Emptied folder: C:\\Users\\allans\\AppData\\Roaming\\mozilla\\firefox\\profiles\\m14n51wd.default\\minidumps [2 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 17/01/2014 at 10:35:29.50

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

guestolo · « **Reply #5 on:** January 17, 2014, 01:55:02 PM »

That cleared some junk, how\'s things on your end now?

Can you right click on OTL.exe and choose to \"Run as Administrator\"

Run another Scan, when done post the contents of the new log that opens

Allans · « **Reply #6 on:** January 21, 2014, 06:12:06 AM »

Thanks for the help. I have had chance to use the system a bit over the weekend and it seems improved, no pop-ups. Still has occasional unexpected slow down and occasionally IE reports \'a problem has occurred which has caused IE to stop working, or words to that effect.

Ran OTL as requested - no sign of \'extras\' - log is below.

Allan

OTL logfile created on: 21/01/2014 10:59:50 - Run 3

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\allans\\Desktop

64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.90 Gb Available Physical Memory | 72.55% Memory free

8.00 Gb Paging File | 6.83 Gb Available in Paging File | 85.37% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 78.13 Gb Total Space | 24.21 Gb Free Space | 30.99% Space Free | Partition Type: NTFS

Drive D: | 97.65 Gb Total Space | 69.99 Gb Free Space | 71.67% Space Free | Partition Type: NTFS

Drive E: | 105.47 Gb Total Space | 28.81 Gb Free Space | 27.32% Space Free | Partition Type: NTFS

Drive F: | 106.38 Gb Total Space | 38.23 Gb Free Space | 35.93% Space Free | Partition Type: NTFS

Drive G: | 1.87 Gb Total Space | 0.52 Gb Free Space | 27.84% Space Free | Partition Type: FAT

Drive T: | 78.13 Gb Total Space | 50.53 Gb Free Space | 64.68% Space Free | Partition Type: NTFS

Computer Name: LEMURIA | User Name: allans | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe

PRC - [2013/12/24 09:18:20 | 003,764,024 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe

PRC - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe

PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2013/12/05 10:07:04 | 000,223,112 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\GoogleCrashHandler.exe

PRC - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe

PRC - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe

PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe

PRC - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe

PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe

PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/23 13:33:16 | 019,336,120 | ---- | M] () -- C:\\Program Files\\Alwil Software\\Avast5\\libcef.dll

MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtGui4.dll

MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\plugins\\imageformats\\qjpeg4.dll

MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtCore4.dll

MOD - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\appmgmts.dll -- (AppMgmt)

SRV - [2014/01/08 17:52:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2013/12/17 19:31:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe -- (afcdpsrv)

SRV - [2013/02/10 03:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe -- (nvUpdatusService)

SRV - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe -- (Polar Daemon)

SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe -- (NAUpdate)

SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedul2.exe -- (AcrSch2Svc)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\aswstm.sys -- (aswStm)

DRV:64bit: - [2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswsp.sys -- (aswSP)

DRV:64bit: - [2013/12/24 09:18:23 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/10/23 13:33:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/10/23 13:33:17 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/03/04 09:43:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\afcdp.sys -- (afcdp)

DRV:64bit: - [2013/03/04 09:43:31 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\tdrpm251.sys -- (tdrpman251)

DRV:64bit: - [2013/03/04 09:43:29 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\timntr.sys -- (timounter)

DRV:64bit: - [2013/03/04 09:43:22 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\snapman.sys -- (snapman)

DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\netr7364.sys -- (netr7364)

DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\point64.sys -- (Point64)

DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 20:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\HCW85BDA.sys -- (HCW85BDA)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\e1e6232e.sys -- (e1express)

DRV:64bit: - [2008/04/30 09:32:27 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\SSPORT.SYS -- (SSPORT)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope =

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\\.DEFAULT\\..\\SearchScopes,DefaultScope =

IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-18\\..\\SearchScopes,DefaultScope =

IE - HKU\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-19\\..\\SearchScopes,DefaultScope =

IE - HKU\\S-1-5-20\\..\\SearchScopes,DefaultScope =

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = Preserve

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://telfordsteamrailway.easysearch.org.uk/\'>http://telfordsteamrailway.easysearch.org.uk/

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp\'>http://uk.msn.com/?ocid=iehp

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes,DefaultScope = {9A86E642-C27A-47E6-B502-BEF8FD7DECAE}

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes\\{9A86E642-C27A-47E6-B502-BEF8FD7DECAE}: \"URL\" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: \"Google\"

FF - prefs.js..browser.search.defaultenginename: \"Yahoo!\"

FF - prefs.js..browser.search.selectedEngine: \"Yahoo!\"

FF - prefs.js..browser.search.useDBForOrder: false

FF - prefs.js..browser.startup.homepage: \"http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\"

FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

FF - prefs.js..keyword.URL: \"http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p\'>http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=\"

FF - user.js - File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_9_900_170.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@Nero.com/KM: C:\\PROGRA~2\\COMMON~1\\Nero\\BROWSE~1\\NPBROW~1.DLL (Nero AG)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVision: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVisionStreaming: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Alwil Software\\Avast5\\WebRep\\FF [2013/12/24 09:18:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]

[2013/03/03 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Extensions

[2013/12/05 13:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions

[2013/12/05 13:25:48 | 000,010,433 | ---- | M] () (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions\\[email protected]

[2013/09/24 07:16:07 | 000,000,911 | ---- | M] () -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\yahoo_ff.xml

[2014/01/08 17:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions

[2014/01/08 17:52:20 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2012/06/28 15:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)

CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command=%7BsearchTerms\'>http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},

CHR - homepage: http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch

CHR - plugin: Winamp Application Detector (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll

CHR - Extension: Google Docs = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\

CHR - Extension: Google Drive = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\

CHR - Extension: YouTube = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: Google Wallet = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.5.0_0\\

CHR - Extension: Gmail = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\\..\\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\\Run: [Acronis Scheduler2 Service] C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\\Run: [IntelliPoint] C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\\Run: [itype] C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe (Microsoft Corporation)

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [avast5] C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [AvastUI.exe] C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [Samsung PanelMgr] C:\\Windows\\Samsung\\PanelMgr\\ssmmgr.exe ()

O4 - HKLM..\\Run: [TrueImageMonitor.exe] C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe (Acronis)

O4 - HKU\\S-1-5-19..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)

O4 - HKU\\S-1-5-20..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)

O4 - HKLM..\\RunOnce: [20131224] C:\\Program Files\\Alwil Software\\Avast5\\setup\\emupdate\\f3e5c1c0-0ace-4497-ab08-b7736fae6854.exe (AVAST Software)

O4 - HKU\\S-1-5-19..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found

O4 - HKU\\S-1-5-20..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: EnableLinkedConnections = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{AC1A5663-2FE9-4823-9A85-C38F921565D1}: NameServer = 10.0.0.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{F4C083AD-AE62-4150-B954-D5D7D0D6D7BC}: DhcpNameServer = 192.168.169.1

O18:64bit: - Protocol\\Handler\\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/18 14:34:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2014/01/18 14:34:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2014/01/18 14:34:51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2014/01/18 14:34:51 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2014/01/17 10:27:33 | 000,000,000 | ---D | C] -- C:\\Windows\\ERUNT

[2014/01/17 10:12:34 | 000,000,000 | ---D | C] -- C:\\AdwCleaner

[2014/01/17 10:11:02 | 001,037,068 | ---- | C] (Thisisu) -- C:\\Users\\allans\\Desktop\\JRT.exe

[2014/01/15 14:57:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe

[2014/01/15 14:53:12 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbport.sys

[2014/01/15 14:53:11 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbd.sys

[2014/01/15 14:53:00 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\netio.sys

[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\VC

[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Documents\\TEncoder

[2014/01/14 08:09:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\TEncoder Video Converter

[2014/01/14 08:09:18 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\TEncoder Video Converter

[2014/01/10 13:44:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe

[2014/01/08 17:52:12 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox

[2014/01/07 18:36:17 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Sun

[2014/01/07 18:36:16 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Common Files\\Java

[2014/01/07 18:29:43 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java

[2014/01/07 18:29:32 | 000,000,000 | ---D | C] -- C:\\Program Files\\Java

[2014/01/07 11:49:59 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\DigitalSites

[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\VideoConverter

[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Video Converter

[2013/12/30 11:00:37 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10331230

[2013/12/29 18:54:45 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10231222

[2013/12/29 18:53:52 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10131218

[2013/12/24 09:19:11 | 000,079,672 | ---- | C] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswstm.sys

========== Files - Modified Within 30 Days ==========

[2014/01/21 10:58:10 | 000,000,894 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job

[2014/01/21 10:57:47 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/01/21 10:57:30 | 3220,676,608 | -HS- | M] () -- C:\\hiberfil.sys

[2014/01/21 07:39:06 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/01/21 07:39:06 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/01/20 20:14:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/01/20 20:12:53 | 000,000,898 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job

[2014/01/20 19:19:39 | 000,025,910 | ---- | M] () -- C:\\Users\\allans\\Desktop\\missing.pdf

[2014/01/20 19:11:37 | 000,006,935 | ---- | M] () -- C:\\Users\\allans\\Desktop\\extrabits.bsx

[2014/01/17 19:57:59 | 000,786,598 | ---- | M] () -- C:\\Windows\\SysNative\\PerfStringBackup.INI

[2014/01/17 19:57:59 | 000,669,594 | ---- | M] () -- C:\\Windows\\SysNative\\perfh009.dat

[2014/01/17 19:57:59 | 000,127,210 | ---- | M] () -- C:\\Windows\\SysNative\\perfc009.dat

[2014/01/17 10:46:54 | 000,791,348 | ---- | M] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI

[2014/01/17 10:11:02 | 001,037,068 | ---- | M] (Thisisu) -- C:\\Users\\allans\\Desktop\\JRT.exe

[2014/01/17 10:10:07 | 001,236,282 | ---- | M] () -- C:\\Users\\allans\\Desktop\\AdwCleaner.exe

[2014/01/17 02:14:55 | 000,002,194 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Google Chrome.lnk

[2014/01/15 15:00:00 | 000,434,032 | ---- | M] () -- C:\\Windows\\SysNative\\FNTCACHE.DAT

[2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe

[2014/01/14 08:09:23 | 000,001,130 | ---- | M] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk

[2014/01/10 13:44:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe

[2014/01/08 17:54:38 | 000,000,833 | ---- | M] () -- C:\\Users\\Public\\Desktop\\CCleaner.lnk

[2014/01/07 12:05:05 | 000,004,608 | ---- | M] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/01/07 11:49:55 | 000,001,116 | ---- | M] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk

[2014/01/07 11:49:55 | 000,001,092 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk

[2014/01/07 09:16:29 | 000,223,798 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Thomas_Savery[1].gif

[2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswstm.sys

[2013/12/24 09:19:11 | 000,001,988 | ---- | M] () -- C:\\Users\\Public\\Desktop\\avast! Free Antivirus.lnk

[2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys

[2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswsp.sys

[2013/12/24 09:18:23 | 000,334,136 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\aswBoot.exe

[2013/12/24 09:18:23 | 000,207,904 | ---- | M] () -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys

[2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys

[2013/12/24 09:18:22 | 000,043,152 | ---- | M] (AVAST Software) -- C:\\Windows\\avastSS.scr

========== Files Created - No Company Name ==========

[2014/01/20 19:18:27 | 000,025,910 | ---- | C] () -- C:\\Users\\allans\\Desktop\\missing.pdf

[2014/01/20 19:11:37 | 000,006,935 | ---- | C] () -- C:\\Users\\allans\\Desktop\\extrabits.bsx

[2014/01/17 10:10:07 | 001,236,282 | ---- | C] () -- C:\\Users\\allans\\Desktop\\AdwCleaner.exe

[2014/01/14 08:09:23 | 000,001,130 | ---- | C] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk

[2014/01/07 12:04:33 | 000,004,608 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/01/07 11:49:55 | 000,001,116 | ---- | C] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk

[2014/01/07 11:49:55 | 000,001,092 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk

[2014/01/07 09:18:56 | 000,223,798 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Thomas_Savery[1].gif

[2013/12/06 11:18:08 | 000,008,123 | ---- | C] () -- C:\\Users\\allans\\saga_gui.ini

[2013/09/24 07:29:08 | 000,004,362 | ---- | C] () -- C:\\Windows\\cdplayer.ini

[2013/09/24 07:14:36 | 000,001,534 | ---- | C] () -- C:\\ProgramData\\ss.ini

[2013/05/23 18:43:39 | 000,007,671 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\Resmon.ResmonCfg

[2013/03/21 10:04:30 | 000,000,600 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\PUTTY.RND

[2013/03/05 09:50:43 | 000,012,942 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).CAL

[2013/03/05 09:49:35 | 000,038,410 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).ADR

[2013/03/03 18:25:14 | 000,791,348 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

< End of report >

guestolo · « **Reply #7 on:** January 24, 2014, 12:17:23 PM »

how often to you get the error with IE?

Are the slowdowns the computer in General or just online with a browser?

Do you have any problems with Mozilla Firefox or Google Chrome?

Allans · « **Reply #8 on:** January 25, 2014, 03:00:00 AM »

Whole computer slows down, random times. I use the computer heavily - maybe 5 or 6 hours per day Mon-Fri and notice it maybe once or twice per day. Similar with IE error messages, which don\'t appear to relate to a specific website. I have had this problem before and thought it due to an \'add-on\', but pretty much all add-ons are now disabled or where practicable removed.

When I have noticed a slowdown whilst using IE I have immediately switched to http://www.speedtest.net/\'>http://www.speedtest.net/ and it has still tested at full line speed as per my contract - so I don\'t think it is broadband service related.

Chrome/Moz use is rare - only if I have to use specific sites which have issues with IE, or for testing web page designs.

I had only one error during use on Friday and no slowdows.

Allan

guestolo · « **Reply #9 on:** January 25, 2014, 01:18:56 PM »

Can you do the following please:
Temporarily disable your Antivirus software... Right click the avast icon by clock and disable protections

Right click on OTL.exe and choose to \"Run as Administrator\"

Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don\'t include the word Quote please

:OTL
FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

:Files
ipconfig /flushdns /c

:Commands
[EmptyFlash]
[EmptyJava]
[EmptyTemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\\_OTL\\Moved Files folder

Let me know how things are still running please

Allans · « **Reply #10 on:** January 26, 2014, 04:56:46 AM »

Thanks - scan log below.

NVIDIA driver has auto-updated in the interim.

I will get back with an update on performance in a comple of days when I see if this has had any effect

Allan

OTL logfile created on: 26/01/2014 09:50:10 - Run 4

OTL by OldTimer - Version 3.2.69.0 Folder = C:\\Users\\allans\\Desktop

64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16750)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 56.26% Memory free

8.00 Gb Paging File | 6.32 Gb Available in Paging File | 79.07% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 78.13 Gb Total Space | 23.76 Gb Free Space | 30.42% Space Free | Partition Type: NTFS

Drive D: | 97.65 Gb Total Space | 69.99 Gb Free Space | 71.67% Space Free | Partition Type: NTFS

Drive E: | 105.47 Gb Total Space | 28.81 Gb Free Space | 27.32% Space Free | Partition Type: NTFS

Drive F: | 106.38 Gb Total Space | 38.23 Gb Free Space | 35.93% Space Free | Partition Type: NTFS

Drive T: | 78.13 Gb Total Space | 48.28 Gb Free Space | 61.79% Space Free | Partition Type: NTFS

Computer Name: LEMURIA | User Name: allans | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe

PRC - [2013/12/24 09:18:20 | 003,764,024 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe

PRC - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe

PRC - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2013/12/19 12:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe

PRC - [2013/12/10 02:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe

PRC - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe

PRC - [2013/12/05 10:07:04 | 000,223,112 | ---- | M] (Google Inc.) -- C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\GoogleCrashHandler.exe

PRC - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe

PRC - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe

PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe

PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe

PRC - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe

PRC - [2009/09/12 16:31:36 | 000,357,384 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe

PRC - [2009/09/12 16:30:48 | 005,048,488 | ---- | M] (Acronis) -- C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/10/23 13:33:16 | 019,336,120 | ---- | M] () -- C:\\Program Files\\Alwil Software\\Avast5\\libcef.dll

MOD - [2011/03/04 12:02:54 | 007,745,536 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtGui4.dll

MOD - [2011/03/04 12:02:52 | 000,135,168 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\plugins\\imageformats\\qjpeg4.dll

MOD - [2011/03/04 12:02:50 | 002,121,728 | ---- | M] () -- C:\\Program Files (x86)\\Common Files\\LightScribe\\QtCore4.dll

MOD - [2009/09/17 10:52:35 | 000,614,400 | ---- | M] () -- C:\\Windows\\Samsung\\PanelMgr\\SSMMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/12/24 09:18:19 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\\Program Files\\Alwil Software\\Avast5\\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2013/12/10 02:20:28 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\\Program Files\\NVIDIA Corporation\\NvStreamSrv\\nvstreamsvc.exe -- (NvStreamSvc)

SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\appmgmts.dll -- (AppMgmt)

SRV - [2014/01/22 16:26:28 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/01/08 17:52:19 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/12/21 06:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2013/12/19 12:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2013/12/10 02:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\\Program Files (x86)\\NVIDIA Corporation\\NetService\\NvNetworkService.exe -- (NvNetworkService)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/03/04 09:43:32 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\CDP\\afcdpsrv.exe -- (afcdpsrv)

SRV - [2012/12/12 15:20:18 | 000,419,536 | ---- | M] () [Auto | Running] -- C:\\Program Files (x86)\\Polar\\Daemon\\polard.exe -- (Polar Daemon)

SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\\Program Files (x86)\\Nero\\Update\\NASvc.exe -- (NAUpdate)

SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\\Program Files (x86)\\Common Files\\Protexis\\License Service\\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2009/09/12 16:32:46 | 000,891,432 | ---- | M] (Acronis) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedul2.exe -- (AcrSch2Svc)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/24 09:19:11 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\aswstm.sys -- (aswStm)

DRV:64bit: - [2013/12/24 09:18:23 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/12/24 09:18:23 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswsp.sys -- (aswSP)

DRV:64bit: - [2013/12/24 09:18:23 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/12/24 09:18:23 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/12/05 08:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nvvad64v.sys -- (nvvad_WaveExtensible)

DRV:64bit: - [2013/10/23 13:33:17 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\\Windows\\SysNative\\drivers\\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/10/23 13:33:17 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/03/04 09:43:34 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\afcdp.sys -- (afcdp)

DRV:64bit: - [2013/03/04 09:43:31 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\tdrpm251.sys -- (tdrpman251)

DRV:64bit: - [2013/03/04 09:43:29 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\timntr.sys -- (timounter)

DRV:64bit: - [2013/03/04 09:43:22 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\snapman.sys -- (snapman)

DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/05 09:55:02 | 000,729,152 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\netr7364.sys -- (netr7364)

DRV:64bit: - [2011/08/01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\point64.sys -- (Point64)

DRV:64bit: - [2011/05/18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\dc3d.sys -- (dc3d)

DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 20:46:48 | 001,708,800 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\HCW85BDA.sys -- (HCW85BDA)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/05 19:12:30 | 000,286,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\e1e6232e.sys -- (e1express)

DRV:64bit: - [2008/04/30 09:32:27 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\SSPORT.SYS -- (SSPORT)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope =

IE - HKLM\\..\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC\'>http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\\.DEFAULT\\..\\SearchScopes,DefaultScope =

IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-18\\..\\SearchScopes,DefaultScope =

IE - HKU\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

IE - HKU\\S-1-5-19\\..\\SearchScopes,DefaultScope =

IE - HKU\\S-1-5-20\\..\\SearchScopes,DefaultScope =

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = Preserve

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://telfordsteamrailway.easysearch.org.uk/\'>http://telfordsteamrailway.easysearch.org.uk/

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp\'>http://uk.msn.com/?ocid=iehp

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes,DefaultScope = {9A86E642-C27A-47E6-B502-BEF8FD7DECAE}

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..\\SearchScopes\\{9A86E642-C27A-47E6-B502-BEF8FD7DECAE}: \"URL\" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}

IE - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: \"Google\"

FF - prefs.js..browser.search.defaultenginename: \"Yahoo!\"

FF - prefs.js..browser.search.selectedEngine: \"Yahoo!\"

FF - prefs.js..browser.search.useDBForOrder: false

FF - prefs.js..browser.startup.homepage: \"http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ff\"

FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

FF - prefs.js..keyword.URL: \"http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p\'>http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=\"

FF - user.js - File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_12_0_0_43.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_12_0_0_43.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@Google.com/GoogleEarthPlugin: C:\\Program Files (x86)\\Google\\Google Earth\\plugin\\npgeplugin.dll (Google)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.51.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@Microsoft.com/NpCtrl,version=1.0: C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\npctrl.dll ( Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@Nero.com/KM: C:\\PROGRA~2\\COMMON~1\\Nero\\BROWSE~1\\NPBROW~1.DLL (Nero AG)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVision: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@nvidia.com/3DVisionStreaming: C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=3: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@tools.google.com/Google Update;version=9: C:\\Program Files (x86)\\Google\\Update\\1.3.22.3\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\[email protected]: C:\\Program Files\\Alwil Software\\Avast5\\WebRep\\FF [2013/12/24 09:18:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2014/01/08 17:52:12 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/15 08:44:37 | 000,000,000 | ---D | M]

[2013/03/03 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Extensions

[2013/12/05 13:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions

[2013/12/05 13:25:48 | 000,010,433 | ---- | M] () (No name found) -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\extensions\\[email protected]

[2013/09/24 07:16:07 | 000,000,911 | ---- | M] () -- C:\\Users\\allans\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\m14n51wd.default\\searchplugins\\yahoo_ff.xml

[2014/01/08 17:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions

[2014/01/08 17:52:20 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2012/06/28 15:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)

CHR - default_search_provider: search_url = http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p=%7BsearchTerms\'>http://uk.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=386496&p={searchTerms}

CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command=%7BsearchTerms\'>http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},

CHR - homepage: http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch\'>http://uk.search.yahoo.com?type=386496&fr=spigot-yhp-ch

CHR - plugin: Winamp Application Detector (Enabled) = C:\\Program Files (x86)\\NVIDIA Corporation\\3D Vision\\npnv3dvstreaming.dll

CHR - Extension: Google Docs = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\

CHR - Extension: Google Drive = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\

CHR - Extension: YouTube = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: Google Wallet = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.5.0_0\\

CHR - Extension: Gmail = C:\\Users\\allans\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\\..\\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\\Program Files (x86)\\Google\\Google Toolbar\\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O3:64bit: - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\\..\\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\\Program Files\\Alwil Software\\Avast5\\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\\Run: [Acronis Scheduler2 Service] C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe (Acronis)

O4:64bit: - HKLM..\\Run: [IntelliPoint] C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\\Run: [itype] C:\\Program Files\\Microsoft IntelliType Pro\\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\\Run: [NvBackend] C:\\Program Files (x86)\\NVIDIA Corporation\\Update Core\\NvBackend.exe (NVIDIA Corporation)

O4:64bit: - HKLM..\\Run: [ShadowPlay] C:\\Windows\\SysNative\\nvspcap64.dll (NVIDIA Corporation)

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [avast5] C:\\Program Files\\Alwil Software\\Avast5\\avastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [AvastUI.exe] C:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe (AVAST Software)

O4 - HKLM..\\Run: [Samsung PanelMgr] C:\\Windows\\Samsung\\PanelMgr\\ssmmgr.exe ()

O4 - HKLM..\\Run: [TrueImageMonitor.exe] C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe (Acronis)

O4 - HKU\\S-1-5-19..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)

O4 - HKU\\S-1-5-20..\\Run: [Sidebar] C:\\Program Files (x86)\\Windows Sidebar\\Sidebar.exe (Microsoft Corporation)

O4 - HKU\\S-1-5-19..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found

O4 - HKU\\S-1-5-20..\\RunOnce: [mctadmin] C:\\Windows\\System32\\mctadmin.exe File not found

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktop = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: EnableLinkedConnections = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\\S-1-5-21-3040427361-2297418917-711895782-1001\\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{AC1A5663-2FE9-4823-9A85-C38F921565D1}: NameServer = 10.0.0.1

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{F4C083AD-AE62-4150-B954-D5D7D0D6D7BC}: DhcpNameServer = 192.168.169.1

O18:64bit: - Protocol\\Handler\\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\\Windows\\SysWow64\\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = comfile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/25 08:25:44 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Local\\NVIDIA Corporation

[2014/01/25 08:25:23 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3dx11_43.dll

[2014/01/25 08:25:22 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\d3dx10_43.dll

[2014/01/25 08:25:21 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\D3DX9_43.dll

[2014/01/25 08:24:55 | 001,100,248 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvspcap64.dll

[2014/01/25 08:24:55 | 000,982,232 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvspcap.dll

[2014/01/25 08:24:29 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Local\\NVIDIA

[2014/01/25 08:24:20 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\AGEIA Technologies

[2014/01/25 08:21:39 | 030,372,640 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvoglv64.dll

[2014/01/25 08:21:39 | 025,257,248 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvcompiler.dll

[2014/01/25 08:21:39 | 022,960,416 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvoglv32.dll

[2014/01/25 08:21:39 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvcompiler.dll

[2014/01/25 08:21:39 | 015,877,216 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvwgf2um.dll

[2014/01/25 08:21:39 | 015,230,352 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvd3dum.dll

[2014/01/25 08:21:39 | 011,605,752 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvcuda.dll

[2014/01/25 08:21:39 | 011,554,264 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvopencl.dll

[2014/01/25 08:21:39 | 009,700,224 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvcuda.dll

[2014/01/25 08:21:39 | 009,657,464 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvopencl.dll

[2014/01/25 08:21:39 | 003,132,704 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvcuvid.dll

[2014/01/25 08:21:39 | 003,125,024 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvcuvenc.dll

[2014/01/25 08:21:39 | 002,947,872 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvcuvid.dll

[2014/01/25 08:21:39 | 002,747,680 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvcuvenc.dll

[2014/01/25 08:21:39 | 002,698,272 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvapi.dll

[2014/01/25 08:21:39 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvdispco6433221.dll

[2014/01/25 08:21:39 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvdispgenco6433221.dll

[2014/01/25 08:21:39 | 000,882,464 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\NvIFR64.dll

[2014/01/25 08:21:39 | 000,879,392 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\NvFBC64.dll

[2014/01/25 08:21:39 | 000,852,768 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\NvIFR.dll

[2014/01/25 08:21:39 | 000,847,648 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\NvFBC.dll

[2014/01/25 08:21:39 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\drivers\\nvvad64v.sys

[2014/01/25 08:21:39 | 000,035,104 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysNative\\nvaudcap64v.dll

[2014/01/25 08:21:39 | 000,032,544 | ---- | C] (NVIDIA Corporation) -- C:\\Windows\\SysWow64\\nvaudcap32v.dll

[2014/01/25 08:20:46 | 000,000,000 | ---D | C] -- C:\\NVIDIA

[2014/01/18 14:34:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaws.exe

[2014/01/18 14:34:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\javaw.exe

[2014/01/18 14:34:51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\java.exe

[2014/01/18 14:34:51 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\\Windows\\SysWow64\\WindowsAccessBridge-32.dll

[2014/01/17 10:27:33 | 000,000,000 | ---D | C] -- C:\\Windows\\ERUNT

[2014/01/17 10:12:34 | 000,000,000 | ---D | C] -- C:\\AdwCleaner

[2014/01/17 10:11:02 | 001,037,068 | ---- | C] (Thisisu) -- C:\\Users\\allans\\Desktop\\JRT.exe

[2014/01/15 14:57:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe

[2014/01/15 14:53:12 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbport.sys

[2014/01/15 14:53:11 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\usbd.sys

[2014/01/15 14:53:00 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\\Windows\\SysNative\\drivers\\netio.sys

[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\VC

[2014/01/14 08:09:25 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Documents\\TEncoder

[2014/01/14 08:09:23 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\TEncoder Video Converter

[2014/01/14 08:09:18 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\TEncoder Video Converter

[2014/01/10 13:44:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe

[2014/01/08 17:52:12 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox

[2014/01/07 18:36:17 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Sun

[2014/01/07 18:36:16 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Common Files\\Java

[2014/01/07 18:29:43 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Java

[2014/01/07 18:29:32 | 000,000,000 | ---D | C] -- C:\\Program Files\\Java

[2014/01/07 11:49:59 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\DigitalSites

[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\VideoConverter

[2014/01/07 11:49:55 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Video Converter

[2013/12/29 18:53:52 | 000,000,000 | ---D | C] -- C:\\Users\\allans\\Desktop\\10131218

========== Files - Modified Within 30 Days ==========

[2014/01/26 09:53:16 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/01/26 09:53:16 | 000,017,120 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/01/26 09:45:57 | 000,000,894 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineCore.job

[2014/01/26 09:45:47 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/01/26 09:45:30 | 3220,676,608 | -HS- | M] () -- C:\\hiberfil.sys

[2014/01/25 20:14:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/01/25 20:12:09 | 000,000,898 | ---- | M] () -- C:\\Windows\\tasks\\GoogleUpdateTaskMachineUA.job

[2014/01/22 16:26:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerApp.exe

[2014/01/22 16:26:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\\Windows\\SysWow64\\FlashPlayerCPLApp.cpl

[2014/01/20 19:11:37 | 000,006,935 | ---- | M] () -- C:\\Users\\allans\\Desktop\\extrabits.bsx

[2014/01/17 19:57:59 | 000,786,598 | ---- | M] () -- C:\\Windows\\SysNative\\PerfStringBackup.INI

[2014/01/17 19:57:59 | 000,669,594 | ---- | M] () -- C:\\Windows\\SysNative\\perfh009.dat

[2014/01/17 19:57:59 | 000,127,210 | ---- | M] () -- C:\\Windows\\SysNative\\perfc009.dat

[2014/01/17 10:46:54 | 000,791,348 | ---- | M] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI

[2014/01/17 10:11:02 | 001,037,068 | ---- | M] (Thisisu) -- C:\\Users\\allans\\Desktop\\JRT.exe

[2014/01/17 10:10:07 | 001,236,282 | ---- | M] () -- C:\\Users\\allans\\Desktop\\AdwCleaner.exe

[2014/01/17 02:14:55 | 000,002,194 | ---- | M] () -- C:\\Users\\Public\\Desktop\\Google Chrome.lnk

[2014/01/15 15:00:00 | 000,434,032 | ---- | M] () -- C:\\Windows\\SysNative\\FNTCACHE.DAT

[2014/01/15 14:57:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\allans\\Desktop\\OTL.exe

[2014/01/14 08:09:23 | 000,001,130 | ---- | M] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk

[2014/01/10 13:44:37 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\\Users\\allans\\Desktop\\HijackThis.exe

[2014/01/08 17:54:38 | 000,000,833 | ---- | M] () -- C:\\Users\\Public\\Desktop\\CCleaner.lnk

[2014/01/07 12:05:05 | 000,004,608 | ---- | M] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/01/07 11:49:55 | 000,001,116 | ---- | M] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk

[2014/01/07 11:49:55 | 000,001,092 | ---- | M] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk

========== Files Created - No Company Name ==========

[2014/01/20 19:11:37 | 000,006,935 | ---- | C] () -- C:\\Users\\allans\\Desktop\\extrabits.bsx

[2014/01/17 10:10:07 | 001,236,282 | ---- | C] () -- C:\\Users\\allans\\Desktop\\AdwCleaner.exe

[2014/01/14 08:09:23 | 000,001,130 | ---- | C] () -- C:\\Users\\Public\\Desktop\\TEncoder Video Converter.lnk

[2014/01/07 12:04:33 | 000,004,608 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/01/07 11:49:55 | 000,001,116 | ---- | C] () -- C:\\Users\\allans\\Application Data\\Microsoft\\Internet Explorer\\Quick Launch\\Video Converter.lnk

[2014/01/07 11:49:55 | 000,001,092 | ---- | C] () -- C:\\Users\\allans\\Desktop\\Video Converter.lnk

[2013/12/06 11:18:08 | 000,008,123 | ---- | C] () -- C:\\Users\\allans\\saga_gui.ini

[2013/09/24 07:29:08 | 000,004,362 | ---- | C] () -- C:\\Windows\\cdplayer.ini

[2013/09/24 07:14:36 | 000,001,534 | ---- | C] () -- C:\\ProgramData\\ss.ini

[2013/05/23 18:43:39 | 000,007,671 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\Resmon.ResmonCfg

[2013/03/21 10:04:30 | 000,000,600 | ---- | C] () -- C:\\Users\\allans\\AppData\\Local\\PUTTY.RND

[2013/03/05 09:50:43 | 000,012,942 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).CAL

[2013/03/05 09:49:35 | 000,038,410 | ---- | C] () -- C:\\Users\\allans\\AppData\\Roaming\\Comma Separated Values (Windows).ADR

[2013/03/03 18:25:14 | 000,791,348 | ---- | C] () -- C:\\Windows\\SysWow64\\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

========== Custom Scans ==========

< :OTL >

< FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8 >

< FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0:Files >

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

< :Commands >

< [EmptyFlash] >

< [EmptyJava] >

< [EmptyTemp] >

< [Reboot] >

< End of report >

Allans · « **Reply #11 on:** January 26, 2014, 05:11:48 AM »

Is this significant?

\"

Activation context generation failed for \"C:\\Program Files\\WinZip\\adxloader.dll.Manifest\".Error in manifest or policy file \"C:\\Program Files\\WinZip\\adxloader.dll.Manifest\" on line 2. The manifest file root element must be assembly.

\"

in the application event log

Allan

guestolo · « **Reply #12 on:** January 26, 2014, 01:52:40 PM »

Can you redo the last step please.. You did a custom scan and not a Fix

Temporarily disable your Antivirus software... Right click the avast icon by clock and disable protections

Right click on OTL.exe and choose to \"Run as Administrator\"

Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don\'t include the word Quote please

:OTL

FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

:Files

ipconfig /flushdns /c

:Commands

[EmptyFlash]

[EmptyJava]

[EmptyTemp]

[Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted

A log should open, can you post it please

A copy of this log can also be found in

C:\\_OTL\\Moved Files folder

Allans · « **Reply #13 on:** January 26, 2014, 05:24:45 PM »

_{Sorry - Run Fix log as requested}

_Allan

_{User: Public

Total Java Files Cleaned = 5.00 mb

[EMPTYTEMP]

User: All Users

User: allans

->Temp folder emptied: 35143816 bytes

->Temporary Internet Files folder emptied: 355155174 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 23773971 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\\System32 .tmp files removed: 0 bytes

%systemroot%\\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\\System32\\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 321833 bytes

%systemroot%\\sysnative\\config\\systemprofile\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files folder emptied: 78307 bytes

RecycleBin emptied: 185344157 bytes

Total Files Cleaned = 572.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01262014_222147}

_{Files\\Folders moved on Reboot...

C:\\Users\\allans\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt moved successfully.

File\\Folder C:\\Users\\allans\\AppData\\Local\\Temp\\IntResource.dll not found!

C:\\Users\\allans\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\counters.dat moved successfully.}

_{PendingFileRenameOperations files...}

_{Registry entries deleted on Reboot...}

guestolo · « **Reply #14 on:** January 26, 2014, 07:48:05 PM »

That doesn\'t look like the contents of the whole fix log....

Let me know how things are running in a couple days

Allans · « **Reply #15 on:** January 30, 2014, 03:17:42 AM »

well - seems OK

No unexpected slowdows or popups

Thanks for the help

Allan

guestolo · « **Reply #16 on:** January 30, 2014, 12:06:53 PM »

Right click on AdwCleaner.exe and choose to \"Run as Administrator\"

When it opens choose the UNINSTALL button

Follow the prompts... This will uninstall the tool properly

You can manually delete JRT.exe (Junkware Removal Tool)

Right click on OTL.exe and choose to \"Run as Administrator\"

When it opens choose the CLEANUP button

Let this run and reboot the computer when prompted

This will properly remove OTL.exe

Let me know one last time if things are still ok and I\'ll lock this topic

Allans · « **Reply #17 on:** February 02, 2014, 05:50:50 AM »

Well its been a couple of days and nothing untoward - feel free to close this.

Tanks again for the help

Allan

guestolo · « **Reply #18 on:** February 09, 2014, 10:02:46 AM »

closing this topic as your problems appear resolved

Take care Allans

News:

Author Topic: MBAM detected a problem (Read 1998 times)