Searchnu removal

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sesamus

Thread Starter
Joined
Dec 25, 2012
Messages
22
Hello there. :)

I have a searchnu virus on my computer and I have went looking for ways to remove it. One of the first things said on the two or three pages I looked at said that I needed to stop the process in Task Manager but when I looked in Task Manager I could not find any sign of the process there.

I am also not very confident about going in and deleting registry entries and I would like some assistance with it please.

Séamus
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
Hello sesamus and welcome to TSG.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Please download Junkware Removal Tool from here and save it to your desktop

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.
===================================================

Download and run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT
  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.
Logs to include with next post:

JRT.txt
OTL.txt
Extras.txt


Thanks

Satchfan
 

sesamus

Thread Starter
Joined
Dec 25, 2012
Messages
22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.0 (01.23.2013:2)
OS: Windows 7 Ultimate x86
Ran by Feamus on 24/01/2013 at 13:45:15.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browser manager
Successfully deleted: [Service] browser manager



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\optimizer pro
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetpacks communicator
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\browsermngr start page
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\browsermngrdefaultscope
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{33aa308b-b565-4376-ac66-59ee9b6ad13e}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\browsermngr
Successfully deleted: [Registry Key] hkey_local_machine\software\browsermngr
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr
Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\ilivid
Successfully deleted: [Registry Key] hkey_local_machine\software\mywebsearch
Successfully deleted: [Registry Key] hkey_current_user\software\optimizer pro
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\freecorder
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\mywebsearch
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.searchyaesrvc
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.searchyaesrvc.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\i
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyaappcore
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyaappcore.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyadskbnd
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyadskbnd.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyahlpr
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyahlpr.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1060933
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3214568
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0329e7d6-6f54-462d-93f6-f5c3118badf2}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{25927741-5e5b-4d27-8d8b-9188fe64373f}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{25927741-5e5b-4d27-8d8b-9188fe64373f}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{33aa308b-b565-4376-ac66-59ee9b6ad13e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{c04b7d22-5aec-4561-8f49-27f6269208f6}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f34c9277-6577-4dff-b2d7-7d58092f272f}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\browser manager"
Failed to delete: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\ProgramData\premium"
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Failed to delete: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\application data\installmate"
Successfully deleted: [Folder] "C:\ProgramData\application data\tarma installer"
Successfully deleted: [Folder] "C:\Users\Feamus\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Feamus\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Feamus\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Folder] "C:\Users\Feamus\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Feamus\appdata\local\ilivid player"
Successfully deleted: [Folder] "C:\Users\Feamus\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Feamus\appdata\locallow\funwebproducts"
Successfully deleted: [Folder] "C:\Users\Feamus\appdata\locallow\mywebsearch"
Successfully deleted: [Folder] "C:\Users\Feamus\appdata\locallow\toolbar4"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files\searchya!"
Successfully deleted: [Folder] "C:\Program Files\shopping sidekick plugin"
Successfully deleted: [Folder] "C:\Program Files\sweetim"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
Successfully deleted: [Folder] "C:\Users\Feamus\AppData\Roaming\microsoft\windows\start menu\programs\browser manager"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\user.js
Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\browsermngr_extensions.sqlite
Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\browsermngr_prefs.js
Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\invalidprefs.js
Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\searchplugins\search.xml
Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\searchplugins\search_results.xml
Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\conduitcommon
Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}
Successfully deleted the following from C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\prefs.js

user_pref("browser.newtabpage.blocked", "{\"4/zelpW6J6wv+UdWklU1DQ==\":1,\"NvM7HYLz17FQ84Rj7Z/4rg==\":1,\"YDf2VAUY1xoWlehFBHTLYg==\":1,\"xc7OpwlcLAn7ZEZS0PQKsg==\":1,\"0TV8tk5
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.startup.homepage", "http://www.searchnu.com/406");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.id", "466690d100000000000000a0c6000000");
user_pref("extensions.BabylonToolbar.instlDay", "15620");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=466690d100000000000000a0c6000000&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=130812_ppcs0_3312_6");
user_pref("extensions.BabylonToolbar_i.hardId", "466690d100000000000000a0c6000000");
user_pref("extensions.BabylonToolbar_i.id", "466690d100000000000000a0c6000000");
user_pref("extensions.BabylonToolbar_i.instlDay", "15424");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.70:09:33");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("keyword.URL", "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=4088943232834551&o=APN10645&q=");
user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1358790802834");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
user_pref("sweetim.toolbar.cda.returnValue", "hide");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "false");
user_pref("sweetim.toolbar.newtab.enable", "true");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS");
user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.2.callback", "");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.2.url", "http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{04F4AF4A-4BA8-11E2-96B7-00A0C6000000}");
user_pref("sweetim.toolbar.version", "1.9.0.0");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/01/2013 at 14:01:01.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

sesamus

Thread Starter
Joined
Dec 25, 2012
Messages
22
OTL logfile created on: 24/01/2013 14:13:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Feamus\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.46% Memory free
5.99 Gb Paging File | 4.60 Gb Available in Paging File | 76.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.19 Gb Total Space | 28.52 Gb Free Space | 19.51% Space Free | Partition Type: NTFS
Drive D: | 6.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 44.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.52 Gb Total Space | 1.51 Gb Free Space | 20.15% Space Free | Partition Type: FAT32

Computer Name: FEAMUS-PC | User Name: Feamus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/24 14:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Feamus\Desktop\OTL.exe
PRC - [2013/01/18 22:28:01 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/12/28 23:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\Feamus\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/11/30 02:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/10/04 15:00:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/01 03:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/08/18 18:33:54 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
PRC - [2010/08/18 18:33:50 | 000,272,384 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
PRC - [2010/06/29 04:57:58 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2007/06/20 23:04:54 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WksWP.exe
PRC - [2007/06/20 23:04:52 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wkgdcach.exe
PRC - [2007/06/20 23:04:51 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkDStore.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 22:27:59 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/30 02:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/30 02:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/11/15 16:09:42 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\571e329ec4de8476024e07293d3985c1\System.Core.ni.dll
MOD - [2012/11/14 23:36:38 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d8e7934f5f7b585a06506b3fa400523e\System.Management.ni.dll
MOD - [2012/11/14 22:00:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b21e4b2fb6b860debf846f1abcb5848\System.ServiceProcess.ni.dll
MOD - [2012/11/14 22:00:29 | 010,578,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\62a5fac1b0201adbaf415db430b537d4\System.Design.ni.dll
MOD - [2012/11/14 22:00:15 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\91403f9dc2decc89c9ed4ea2aa00bb29\System.Web.Services.ni.dll
MOD - [2012/11/14 21:59:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 21:59:30 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\65784cdbdf49469aa8b75c5e09baa8d0\System.Transactions.ni.dll
MOD - [2012/11/14 21:59:28 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ff1a3712e3bbd4944ffb5c78fd9c7bca\System.Data.ni.dll
MOD - [2012/11/14 21:58:54 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d94dbbd0c84e503a6a1d192f768b45c8\PresentationFramework.ni.dll
MOD - [2012/11/14 21:58:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll
MOD - [2012/11/14 21:57:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll
MOD - [2012/11/14 21:57:38 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\16736bed76cd56edf05ccd0e8f6b3b6e\Accessibility.ni.dll
MOD - [2012/11/14 21:57:36 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46f9cb63a99278b3dd7d91766bf4969e\PresentationCore.ni.dll
MOD - [2012/11/14 21:56:52 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll
MOD - [2012/11/14 21:56:12 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\1658707b14a104ea7aad70ce0512dafa\System.Security.ni.dll
MOD - [2012/11/14 21:55:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll
MOD - [2012/11/14 21:54:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll
MOD - [2012/11/14 21:54:44 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll
MOD - [2012/11/14 21:53:45 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll
MOD - [2011/09/09 23:58:24 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/08/18 18:33:46 | 000,294,400 | ---- | M] () -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
MOD - [2009/07/14 01:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/06/10 21:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 21:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2004/09/08 19:51:54 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/01/18 22:28:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/24 23:53:57 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/22 02:05:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/18 18:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/03/16 00:11:19 | 000,855,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\eamonm.sys -- (eamonm)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
DRV - [2012/11/12 04:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/17 08:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 08:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/27 18:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 07:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 06:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 06:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/11 10:44:02 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
DRV - [2010/08/11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010/08/11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/08/11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/08/11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/08/11 10:44:02 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010/05/20 13:40:28 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
DRV - [2010/03/21 00:42:43 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/03/21 00:42:40 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 22:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/03/02 04:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/05/06 22:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 22:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 22:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mohfilt.sys -- (mohfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7702CE0E-5B8B-96CE-20F2-4B426EEC31CC}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E EC 7A 53 49 30 CC 01 [binary data]
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\SearchScopes,DefaultScope = {1B4F1ED0-8409-46E5-8AF1-CC9B1EA7CDA0}
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\SearchScopes\{1B4F1ED0-8409-46E5-8AF1-CC9B1EA7CDA0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.1.0.10441
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Feamus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Feamus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/12 21:28:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2005/03/16 08:07:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2005/03/16 00:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SPEEDbit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/01 17:22:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 22:28:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 22:27:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 22:28:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 22:27:51 | 000,000,000 | ---D | M]

[2012/12/27 12:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Feamus\AppData\Roaming\Mozilla\Extensions
[2013/01/24 14:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Feamus\AppData\Roaming\Mozilla\Firefox\Profiles\gilb5ffx.default\extensions
[2011/09/18 14:37:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Feamus\AppData\Roaming\Mozilla\Firefox\Profiles\gilb5ffx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/12/21 19:53:52 | 000,002,449 | ---- | M] () -- C:\Users\Feamus\AppData\Roaming\Mozilla\Firefox\Profiles\gilb5ffx.default\searchplugins\SearchYa!.xml
[2013/01/18 22:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/18 22:27:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/18 22:28:02 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2005/03/16 00:11:11 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/24 19:53:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/21 21:55:48 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4088943232834551&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchnu.com/406
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Feamus\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Feamus\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Feamus\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Feamus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: SweetIM for Facebook = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: FreemakeTB = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp\2.3.17.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: FreemakeTB = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp\2.3.17.1_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Feamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Feamus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D314FA4D-91DB-48C6-9B31-28066AA64F8C}: NameServer = 88.82.13.44 88.82.13.44
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/06/18 12:32:27 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2010/09/13 22:45:26 | 000,000,120 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/09/08 21:13:25 | 000,000,058 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{af47168c-9c16-11e0-a626-001111e233b2}\Shell - "" = AutoRun
O33 - MountPoints2\{af47168c-9c16-11e0-a626-001111e233b2}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2010/07/08 11:14:50 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\{f3983a47-3477-11df-9dbc-001111e233b2}\Shell - "" = AutoRun
O33 - MountPoints2\{f3983a47-3477-11df-9dbc-001111e233b2}\Shell\AutoRun\command - "" = F:\FalloutLauncher.exe -- [2008/10/28 16:35:19 | 018,552,088 | R--- | M] (Bethesda Softworks)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2010/07/08 11:14:50 | 000,274,432 | R--- | M] (Vodafone)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/24 14:11:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Feamus\Desktop\OTL.exe
[2013/01/24 13:45:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/24 13:45:00 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/24 13:44:32 | 000,499,147 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Feamus\Desktop\JRT.exe
[2013/01/24 13:03:53 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\10 poems
[2013/01/24 12:59:26 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\CITY Final Jan 2013
[2013/01/24 01:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/01/23 22:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/01/18 22:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/13 18:29:29 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\CRG Audio
[2013/01/03 15:49:53 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\January Poems
[2013/01/01 20:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/01/01 20:42:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/01/01 20:42:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2013/01/01 20:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2013/01/01 20:42:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0307060.005
[2013/01/01 20:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/01 20:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2013/01/01 17:21:36 | 000,000,000 | ---D | C] -- C:\Users\Feamus\AppData\Roaming\DivX
[2013/01/01 17:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013/01/01 17:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/12/29 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\Consolodated from de
[2012/12/28 04:18:50 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\Sociological research
[2012/12/28 04:08:16 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\Direct x and other Apps
[2012/12/27 15:06:10 | 000,000,000 | ---D | C] -- C:\AMD
[2012/12/27 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2012/12/26 00:33:27 | 000,000,000 | ---D | C] -- C:\Users\Feamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Beta Cracked
[2012/12/26 00:08:42 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\The Welcome Centre
[2012/12/25 23:15:27 | 000,000,000 | ---D | C] -- C:\Users\Feamus\AppData\Roaming\.minecraft
[2012/12/25 23:12:00 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\Minecraft
[2012/12/25 21:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/25 21:32:36 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/25 21:32:12 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/25 21:32:12 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/12/25 21:32:12 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/25 21:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/06/20 01:44:58 | 000,035,840 | ---- | C] (NirSoft) -- C:\Users\Feamus\myuninst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/24 14:17:16 | 000,027,824 | ---- | M] () -- C:\Users\Feamus\AppData\Roaming\wklnhst.dat
[2013/01/24 14:17:16 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\e-mails previously.wps
[2013/01/24 14:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Feamus\Desktop\OTL.exe
[2013/01/24 13:53:28 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4059276865-3607389378-3789939313-1001UA.job
[2013/01/24 13:45:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/24 13:44:33 | 000,499,147 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Feamus\Desktop\JRT.exe
[2013/01/24 12:56:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/24 12:47:41 | 107,371,077 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/01/24 01:14:07 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Aside.wps
[2013/01/24 00:46:21 | 000,009,728 | ---- | M] () -- C:\Users\Feamus\Desktop\Nothing, mistaken….wps
[2013/01/24 00:23:27 | 000,036,961 | ---- | M] () -- C:\Users\Feamus\Desktop\72843_485112618201173_178568296_n.jpg
[2013/01/23 23:19:48 | 000,058,384 | ---- | M] () -- C:\Users\Feamus\Desktop\19295_10200221229150571_1540472408_n.jpg
[2013/01/23 22:51:17 | 000,011,776 | ---- | M] () -- C:\Users\Feamus\Desktop\CRG 005.5.wps
[2013/01/23 22:25:11 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\accept it.wps
[2013/01/23 22:24:54 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Sad.wps
[2013/01/23 22:02:13 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\Conjured.wps
[2013/01/23 14:52:40 | 000,000,182 | ---- | M] () -- C:\Users\Feamus\Desktop\TNR Template.rtf
[2013/01/21 20:00:49 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Location One… In front of the Gate Lock.wps
[2013/01/20 23:52:38 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Misdirected.wps
[2013/01/20 20:27:44 | 000,351,179 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2013/01/20 12:14:19 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Buying emotion.wps
[2013/01/20 10:46:45 | 000,017,408 | ---- | M] () -- C:\Users\Feamus\Desktop\There has been a lot happening.wps
[2013/01/20 00:53:57 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Special Brew.wps
[2013/01/20 00:53:38 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\This device is.wps
[2013/01/20 00:53:18 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Witness.wps
[2013/01/18 22:14:04 | 000,057,856 | ---- | M] () -- C:\Users\Feamus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/18 21:11:01 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Growth.wps
[2013/01/16 23:56:44 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\some other ****er.wps
[2013/01/15 21:44:47 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\CRG NEXT LEVEL.wps
[2013/01/13 22:09:17 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 22:09:17 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 21:41:40 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\free of violence and intimidation.wps
[2013/01/11 21:35:47 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\My Nationality is better.wps
[2013/01/11 20:42:51 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Do you ever look at.wps
[2013/01/11 19:05:11 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\The Kids.wps
[2013/01/10 21:07:29 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Prompts..wps
[2013/01/09 21:15:17 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\Inwardly.wps
[2013/01/09 12:16:55 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\conflict here is.wps
[2013/01/07 19:41:37 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\its just water.wps
[2013/01/07 03:53:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4059276865-3607389378-3789939313-1001Core.job
[2013/01/07 01:38:15 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\keep passing.wps
[2013/01/06 05:27:19 | 000,000,354 | ---- | M] () -- C:\Users\Feamus\Desktop\words.rtf
[2013/01/06 05:12:42 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Disharmony.wps
[2013/01/06 04:42:23 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Words.wps
[2013/01/04 15:12:52 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Confusing..wps
[2013/01/04 09:31:49 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Rain walk.wps
[2013/01/04 08:42:45 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\CRG.CODE.1.wps
[2013/01/04 08:09:14 | 000,011,264 | ---- | M] () -- C:\Users\Feamus\Desktop\The Bosnian War.wps
[2013/01/03 22:31:16 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\second poem.wps
[2013/01/03 22:30:58 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Undaunted.wps
[2013/01/03 22:30:47 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Writing quotes.wps
[2013/01/03 20:59:45 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Incandescent.wps
[2013/01/02 16:54:16 | 000,033,792 | ---- | M] () -- C:\Users\Feamus\Desktop\making excuses.wps
[2013/01/01 18:09:47 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\difference between knowing about something.wps
[2013/01/01 18:09:22 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Learning is seen as.wps
[2013/01/01 05:04:36 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\Black and White.wps
[2012/12/31 16:13:58 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Make it.wps
[2012/12/31 13:35:48 | 000,001,051 | ---- | M] () -- C:\Users\Feamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/31 01:58:06 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\a High five.wps
[2012/12/31 00:24:24 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\drape.wps
[2012/12/30 22:56:11 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Where it’s at.wps
[2012/12/29 22:46:40 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Guilty.wps
[2012/12/28 16:56:40 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\We’re never going to.wps
[2012/12/27 15:39:10 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/27 15:39:10 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/26 00:33:27 | 000,001,021 | ---- | M] () -- C:\Users\Feamus\Desktop\Start Minecraft Beta Cracked.lnk
[2012/12/25 21:56:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2012/12/25 21:56:20 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2012/12/25 21:31:37 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/12/25 21:31:33 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/12/25 21:31:33 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/12/25 21:31:32 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/12/25 21:31:32 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/24 14:17:15 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\e-mails previously.wps
[2013/01/24 01:40:45 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/24 01:40:43 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/24 01:14:07 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Aside.wps
[2013/01/24 00:46:21 | 000,009,728 | ---- | C] () -- C:\Users\Feamus\Desktop\Nothing, mistaken….wps
[2013/01/24 00:23:26 | 000,036,961 | ---- | C] () -- C:\Users\Feamus\Desktop\72843_485112618201173_178568296_n.jpg
[2013/01/23 23:19:42 | 000,058,384 | ---- | C] () -- C:\Users\Feamus\Desktop\19295_10200221229150571_1540472408_n.jpg
[2013/01/23 22:25:11 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\accept it.wps
[2013/01/23 22:24:53 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Sad.wps
[2013/01/23 22:02:13 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\Conjured.wps
[2013/01/23 14:52:40 | 000,000,182 | ---- | C] () -- C:\Users\Feamus\Desktop\TNR Template.rtf
[2013/01/21 20:01:08 | 000,011,776 | ---- | C] () -- C:\Users\Feamus\Desktop\CRG 005.5.wps
[2013/01/21 20:00:49 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Location One… In front of the Gate Lock.wps
[2013/01/20 23:52:38 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Misdirected.wps
[2013/01/20 12:14:19 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Buying emotion.wps
[2013/01/20 10:46:45 | 000,017,408 | ---- | C] () -- C:\Users\Feamus\Desktop\There has been a lot happening.wps
[2013/01/20 00:53:57 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Special Brew.wps
[2013/01/20 00:53:38 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\This device is.wps
[2013/01/20 00:53:18 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Witness.wps
[2013/01/18 21:11:01 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Growth.wps
[2013/01/15 21:44:47 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\CRG NEXT LEVEL.wps
[2013/01/14 19:55:02 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\some other ****er.wps
[2013/01/13 21:41:40 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\free of violence and intimidation.wps
[2013/01/11 21:35:47 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\My Nationality is better.wps
[2013/01/11 20:42:51 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Do you ever look at.wps
[2013/01/11 19:05:11 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\The Kids.wps
[2013/01/10 21:07:29 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Prompts..wps
[2013/01/09 21:15:16 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\Inwardly.wps
[2013/01/09 12:16:55 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\conflict here is.wps
[2013/01/07 19:41:36 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\its just water.wps
[2013/01/07 01:38:14 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\keep passing.wps
[2013/01/06 05:27:18 | 000,000,354 | ---- | C] () -- C:\Users\Feamus\Desktop\words.rtf
[2013/01/06 05:12:41 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Disharmony.wps
[2013/01/06 04:01:54 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Words.wps
[2013/01/04 15:12:51 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Confusing..wps
[2013/01/04 08:09:13 | 000,011,264 | ---- | C] () -- C:\Users\Feamus\Desktop\The Bosnian War.wps
[2013/01/04 07:58:16 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Rain walk.wps
[2013/01/03 22:31:16 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\second poem.wps
[2013/01/03 22:30:47 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Writing quotes.wps
[2013/01/03 22:03:47 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Undaunted.wps
[2013/01/03 20:59:45 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Incandescent.wps
[2013/01/02 22:15:27 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\CRG.CODE.1.wps
[2013/01/02 12:39:49 | 000,033,792 | ---- | C] () -- C:\Users\Feamus\Desktop\making excuses.wps
[2013/01/01 20:42:35 | 000,000,438 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Feamus.job
[2013/01/01 20:42:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0307060.005\isolate.ini
[2013/01/01 18:09:46 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\difference between knowing about something.wps
[2013/01/01 18:09:21 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Learning is seen as.wps
[2013/01/01 05:04:36 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\Black and White.wps
[2012/12/31 16:13:57 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Make it.wps
[2012/12/31 01:58:06 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\a High five.wps
[2012/12/31 00:24:24 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\drape.wps
[2012/12/30 22:56:11 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Where it’s at.wps
[2012/12/29 22:46:40 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Guilty.wps
[2012/12/28 16:56:40 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\We’re never going to.wps
[2012/12/26 00:33:27 | 000,001,021 | ---- | C] () -- C:\Users\Feamus\Desktop\Start Minecraft Beta Cracked.lnk
[2012/09/15 20:58:38 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012/06/19 08:58:39 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2012/06/13 18:24:17 | 000,001,193 | ---- | C] () -- C:\Users\Feamus\AppData\Roaming\NMM-MetaData.db
[2012/06/13 13:06:30 | 000,102,912 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
[2012/06/13 13:06:28 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
[2012/01/04 09:00:57 | 000,000,634 | ---- | C] () -- C:\Users\Feamus\myuninst.cfg
[2011/10/13 20:05:07 | 000,113,796 | ---- | C] () -- C:\Users\Feamus\too much ****ing bass!.rns
[2011/08/15 03:16:41 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/06/20 01:51:56 | 000,016,804 | ---- | C] () -- C:\Users\Feamus\myuninst.chm
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/11 10:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010/03/21 19:25:17 | 000,057,856 | ---- | C] () -- C:\Users\Feamus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/20 19:28:40 | 000,027,824 | ---- | C] () -- C:\Users\Feamus\AppData\Roaming\wklnhst.dat
[2010/03/20 18:38:32 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Url.wps
[2010/03/20 18:38:32 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Untitled Document55.wps
[2010/03/20 18:38:32 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Untitled Document.wps
[2010/03/20 18:38:31 | 000,100,520 | ---- | C] () -- C:\Users\Feamus\SoundofBCM.rfl
[2010/03/20 18:38:31 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\The big man.wps
[2010/03/20 18:38:31 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Unfinished.wps
[2010/03/20 18:38:31 | 000,003,518 | ---- | C] () -- C:\Users\Feamus\smell your ma.rtf
[2010/03/20 18:38:30 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\porn.wps
[2010/03/20 18:38:29 | 000,009,728 | ---- | C] () -- C:\Users\Feamus\non-believer.wps
[2010/03/20 18:38:28 | 002,432,575 | ---- | C] () -- C:\Users\Feamus\Hip_Hop_Hard_Phat.rfl
[2010/03/20 18:38:28 | 000,020,992 | ---- | C] () -- C:\Users\Feamus\forgot about dre.wps
[2010/03/20 18:38:28 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\literal dicision.wps
[2010/03/20 18:38:25 | 000,334,209 | ---- | C] () -- C:\Users\Feamus\factoryRex_redrum_patches.rfl
[2010/03/20 18:38:24 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\E-Mails.wps
[2010/03/20 18:38:19 | 005,874,196 | ---- | C] () -- C:\Users\Feamus\Analogue Redrum ReFill.rfl

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 06:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 06:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 05:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3160023AS ATA Device
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 146.00GB
Starting Offset: 65802240
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: 16-bit FAT
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 8.00GB
Starting Offset: 0
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

< End of report >
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
Hello sesamus

I sent my reply to you nearly 4 weeks ago and it has taken that time to respond.

The helpers here all do this on a voluntary basis and most of us also have day jobs and families, plus other people that need help in multiple forums.

I will help you with this but please respond within three days as mentioned in my introduction. If you are unable to for some reason, be courteous enough to inform me and I’ll keep it open.

If you have not replied within that time scale, I shall cease to help and you will have to start a new thread.


It appears that the tool you ran got rid of a lot of your problems but I will wait for the other logs and reply as soon as have had time to look at them.

Satchfan
 

sesamus

Thread Starter
Joined
Dec 25, 2012
Messages
22
I did what you instructed mate but I only got one file for the last one (OLT) I pasted everything I got here...
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
Our posts obviously crossed. :)

As said, I'll reply when I have had time to look at the logs.
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
Please remember to post the other log, Extras.txt which will be in the same place as OTL
 

sesamus

Thread Starter
Joined
Dec 25, 2012
Messages
22
OTL Extras logfile created on: 24/01/2013 14:13:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Feamus\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.46% Memory free
5.99 Gb Paging File | 4.60 Gb Available in Paging File | 76.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.19 Gb Total Space | 28.52 Gb Free Space | 19.51% Space Free | Partition Type: NTFS
Drive D: | 6.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 44.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 7.52 Gb Total Space | 1.51 Gb Free Space | 20.15% Space Free | Partition Type: FAT32

Computer Name: FEAMUS-PC | User Name: Feamus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

[HKEY_USERS\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SPEEDbitVideoConverter] -- "C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060914F2-089A-4F4E-839E-9BCD28350D0F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0A0628E1-A450-4C02-893E-16A854CE8057}" = lport=138 | protocol=17 | dir=in | app=system |
"{0E6F3F64-0B45-463A-91B7-625F72336CA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A6188A4-8B37-48C5-AF54-76531A04A9DC}" = rport=10243 | protocol=6 | dir=out | app=system |
"{212E8657-9405-4A21-9357-F167FCF8F871}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{21D37C0F-0B0C-4B9F-BA14-A26BB49417F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25BFDC74-0BEB-44C9-90AB-4263BEF49007}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28598F3E-E673-4FD6-B6F4-ED65864AC512}" = lport=139 | protocol=6 | dir=in | app=system |
"{39445CB9-FFE8-4F94-983A-457391AB9907}" = rport=445 | protocol=6 | dir=out | app=system |
"{74BCAB61-97EA-4F67-992A-2DFD55B62818}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F12658D-569C-437B-88BA-B1F31E58A6E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{873D9CD6-DD8A-47E0-ADEF-1AE9E5706AAA}" = lport=445 | protocol=6 | dir=in | app=system |
"{95EDE24B-35E6-40B0-8A4C-A5A85CC66970}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A5F69A1C-DADA-4641-98D4-E5E7CAAAA168}" = lport=137 | protocol=17 | dir=in | app=system |
"{AEF760E1-C3B3-45AC-BC6D-253455E4FDE7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B77797C7-18E9-470F-8CD7-A144044A6AD9}" = rport=138 | protocol=17 | dir=out | app=system |
"{BC57D8B1-8262-4967-BBFE-7D10050D7169}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C20B2D2B-961B-4FF5-83DD-302811180BE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DE391FAD-1BB5-431E-9862-E6E4E5525793}" = rport=137 | protocol=17 | dir=out | app=system |
"{E22A89B9-5A58-4CDC-A61C-7BEFA4DB05D9}" = rport=139 | protocol=6 | dir=out | app=system |
"{F68BF2DD-A134-4291-BEBB-994C127E60D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09432F45-E9FD-4B0A-AE8A-CD380D9BF722}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0D308310-32D2-4F9C-AC27-87BED0F45D90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E9B959C-04B5-4DB9-B543-8CC41C2F51B3}" = protocol=6 | dir=in | app=c:\users\feamus\appdata\roaming\dropbox\bin\dropbox.exe |
"{258250AF-4C96-45B6-A882-8CFC2CAE78A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A038B14-0EC6-4872-9F29-13D5236DF293}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{2CC27FEC-8DA5-45E5-BC77-5480E749B917}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2E2B0FB1-B36F-4EFC-BFC4-4106F24A4833}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3639B97E-D36F-4DB4-9371-81FC5C8C9745}" = protocol=58 | dir=in | [email protected],-28545 |
"{3804F0E2-13A2-4E7A-8F42-CF935AEB3D33}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{41F8B0B6-9D6D-4D1F-B214-43AE747C7A94}" = protocol=6 | dir=out | app=system |
"{435CC4F7-1641-423B-9170-4080851768F1}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{4618BC36-E862-4F3B-B5D9-A8B69A34B1C9}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{49ADB64F-A2B2-4D59-9096-0D79EA9189B3}" = protocol=17 | dir=in | app=c:\users\feamus\appdata\roaming\dropbox\bin\dropbox.exe |
"{524B0E78-90D7-41C1-9B2F-ED68FF6265AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55F2A01A-AB22-4ECA-9109-C45D5B00087D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{565FF3F7-CC2A-41B1-8EA9-58458071944D}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{57315D05-D5CE-492F-A403-6401DC846625}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{58732307-3174-41AE-9734-C59A8D5330FD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5DA4AB12-A2B0-45E4-BFF4-20D21700ED10}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{5DAFE798-76EB-4C34-A602-DDE5B1DB73C3}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{616DCE9C-C8AC-490A-BAC9-89744F13AA22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{696CF757-579F-4558-999D-274841E81CB7}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{6CEECEB6-B80C-4E4F-B0FB-D2DA9FCE03E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6DD3CDD3-7336-4042-85F1-4C63A6A67937}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{7A94AFB8-E6A8-4B05-8737-7A33AF19E8D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F213254-B0EA-404A-A52E-E029A1D0A9B8}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{809E34BB-FD45-40BB-8657-0D29711B8F99}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{80A9B05B-95D5-41BB-AFBC-9A46A350CC5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{844008D1-109D-40EE-984F-EEBB66098E96}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{950CA668-E846-453A-A9AE-A381A7BFED2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{95BFE411-F9F6-4F07-86B5-AC90E13254EF}" = protocol=1 | dir=in | [email protected],-28543 |
"{97A23B0F-B7A1-4DC5-AEC9-AC85B868D3E1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9CECA47A-0751-407C-A266-AD8099996BB5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A52BA87A-D32B-483D-B5FF-A8AA74487670}" = protocol=58 | dir=out | [email protected],-28546 |
"{A5A29352-261D-4CA0-A1B3-4F97950C5DC5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B175AD1B-CD28-4898-AE8E-4360228B2243}" = dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
"{BAEB9D5D-780E-44EF-B0C9-87C326636885}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{C53FB897-124D-430E-A7D4-EF3FF920F0EF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{CC57173E-222C-4772-AA23-2D8ADD73A5B6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{D0CE807D-B187-4F98-B44B-8F5FC2DF5FD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D76F8964-FA8D-45F5-AD58-49128C0ECCD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E196ACD8-DB27-441E-91CC-773C19FD0B26}" = protocol=1 | dir=out | [email protected],-28544 |
"{E5EDEC75-B121-48E5-B5CF-BEF8F727DFBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7D6E950-1A06-485C-B81A-3E6EAF20638E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{E8C296DE-E1E3-4715-8B5A-71AEEE2344F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FA8A3F8B-013C-4486-ACBC-ED3529F49222}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"TCP Query User{47EB2FD5-87AF-4272-89A2-9770770DBE00}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{DF3C64BC-0008-40DD-AAF2-DB0CC93B2B7A}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"TCP Query User{F14D811B-0FF6-4C54-939B-538307D9D824}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{FDA0345F-7ED7-4CFD-A99F-47B181DCBE12}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{39B84363-0FE0-43A4-910D-6B197CB4FA2D}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"UDP Query User{BFE392E3-89BF-4EB3-B3A4-09B373B4903F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{CD9BD3BA-6535-4232-AA55-EA3AEE89DF35}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{D64DE6B8-55EB-46B1-8AD1-82DA2893F68A}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3F32329A-CE69-45CB-9BC2-1E554A5A5868}" = AVG 2011
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{55115B99-1B96-479E-AFD6-CE17FC9F94B5}" = AVG 2011
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
"{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7233AA23-2DE7-429F-A704-3F7FEFDBD5D9}_is1" = Cossacks Anthology
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C1EAF33-82AD-4A63-B56D-4739172714DF}" = Lords of the Realm III
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ahd_xvideo_downloader-66712EEE-ECBC-A8888}_is1" = AHD Xvideo Downloader 5.6.0.0
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
"{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
"{EB3D2F14-C178-11D6-B49B-0020183A6529}" = eGames GOG Red
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AVG" = AVG 2011
"Blitzkrieg" = Blitzkrieg
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"GameSpy Arcade" = GameSpy Arcade
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Minecraft Beta Cracked" = Minecraft Beta Cracked
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"NSS" = Norton Security Scan
"Optimizer Pro_is1" = Optimizer Pro v3.0
"Railroad Tycoon II" = Railroad Tycoon II
"RealPlayer 12.0" = RealPlayer
"Reason4_is1" = Reason 4.0
"Steam App 56400" = Warhammer® 40,000&#8482;: Dawn of War® II &#8211; Retribution&#8482;
"Ultimate Doom for Windows 95" = Ultimate Doom for Windows 95
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"WinRAR archiver" = WinRAR archiver
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

< End of report >
 

sesamus

Thread Starter
Joined
Dec 25, 2012
Messages
22
It didn't open on Desktop so I couldn't see it at first but it was in the tray!
 

Satchfan

Malware Specialist
Joined
Jan 12, 2009
Messages
653
Well, it’s not looking too bad now but there are a few obstinate entries there so let’s try and get rid of them.

Uninstall the following programs, if present:
searchnu.com/406
SweetPacks bundle uninstaller
Browser Manager
Update Manager for SweetPacks 1.1

  • Click Start, Control Panel, Programs, and then Programs and Features.
  • A new dialog box appears, Adjust your computer's settings. Choose Programs. Click on it.
  • Click on SweetPacks bundle uninstaller, and then Uninstall. Repeat this for the other programs.
If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

===================================================

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

Run OTL


  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code:
:Services
  
:OTL
IE - HKLM\..\SearchScopes\{7702CE0E-5B8B-96CE-20F2-4B426EEC31CC}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\SearchScopes,DefaultScope = {1B4F1ED0-8409-46E5-8AF1-CC9B1EA7CDA0}
IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\SearchScopes\{1B4F1ED0-8409-46E5-8AF1-CC9B1EA7CDA0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
CHR - homepage: [URL]http://www.searchnu.com/406[/URL]
CHR - Extension: SweetIM for Facebook = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
===================================================

Reset Chrome’s home page:

OTL doesn’t fix the Chrome home page so you need to use Chrome's Settings page to change the HomePage.

  • open Google Chrome
  • click on the Customize icon
    , at the top right
  • click on Settings
  • under “On start-up”, check Open a specific page or set of pages and then on Set pages
  • delete any pages that you don’t want
  • set your start page to the page you want, eg www.google.com.
Once you have typed in the address in the 'Open this page' box, this change is saved. If you close this tab and click on the home icon you should now get your home page.

Please run OTL again when you have completed this and let me know if there is any change.

Logs to include in the next post:

OTL fix log
New OTL log
 

sesamus

Thread Starter
Joined
Dec 25, 2012
Messages
22
Ok searchnu was not there but I successfully removed the other three. The browser manager had apparently already been removed but remained on the list so I accepted the option to take it off the list...
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top