1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Searchnu removal

Discussion in 'Virus & Other Malware Removal' started by sesamus, Dec 25, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    Hello there. :)

    I have a searchnu virus on my computer and I have went looking for ways to remove it. One of the first things said on the two or three pages I looked at said that I needed to stop the process in Task Manager but when I looked in Task Manager I could not find any sign of the process there.

    I am also not very confident about going in and deleting registry entries and I would like some assistance with it please.

    Séamus
     
  2. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Hello sesamus and welcome to TSG.

    My name is Satchfan and I would be glad to help you with your computer problem.

    Please read the following guidelines which will help to make cleaning your machine easier:

    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
    IMPORTANT:

    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested

    ===================================================

    Please download Junkware Removal Tool from here and save it to your desktop

    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    • the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next message.
    ===================================================

    Download and run OTL

    • download OTL to your desktop.
    • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • click Scan all users.
    • under Custom Scan paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
    • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
    • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • you may need two posts to fit them both in.
    Logs to include with next post:

    JRT.txt
    OTL.txt
    Extras.txt


    Thanks

    Satchfan
     
  3. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.5.0 (01.23.2013:2)
    OS: Windows 7 Ultimate x86
    Ran by Feamus on 24/01/2013 at 13:45:15.11
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services

    Successfully stopped: [Service] browser manager
    Successfully deleted: [Service] browser manager



    ~~~ Registry Values

    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\windows\currentversion\run\\optimizer pro
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetpacks communicator
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\browsermngr start page
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\browsermngrdefaultscope
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{33aa308b-b565-4376-ac66-59ee9b6ad13e}
    Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d7e97865-918f-41e4-9cd0-25ab1c574ce8}
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
    Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440}



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
    Successfully deleted: [Registry Key] hkey_current_user\software\browsermngr
    Successfully deleted: [Registry Key] hkey_local_machine\software\browsermngr
    Successfully deleted: [Registry Key] hkey_current_user\software\conduit
    Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
    Successfully deleted: [Registry Key] hkey_current_user\software\cr_installer
    Successfully deleted: [Registry Key] hkey_current_user\software\datamngr
    Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
    Successfully deleted: [Registry Key] hkey_current_user\software\ilivid
    Successfully deleted: [Registry Key] hkey_local_machine\software\mywebsearch
    Successfully deleted: [Registry Key] hkey_current_user\software\optimizer pro
    Successfully deleted: [Registry Key] hkey_current_user\software\softonic
    Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
    Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
    Successfully deleted: [Registry Key] hkey_local_machine\software\tarma installer
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduitsearchscopes
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\freecorder
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\mywebsearch
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\pricegong
    Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\smartbar
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetup.exe
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\conduit.engine
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.searchyaesrvc
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\esrv.searchyaesrvc.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\i
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyaappcore
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyaappcore.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyadskbnd
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyadskbnd.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyahlpr
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\ironsource.searchyahlpr.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.api.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\yontooieclient.layers.1
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\mybabylontb_rasmancs
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasapi32
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\setupdatamngr_searchqu_rasmancs
    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1060933
    Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT3214568
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0329e7d6-6f54-462d-93f6-f5c3118badf2}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{25927741-5e5b-4d27-8d8b-9188fe64373f}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{25927741-5e5b-4d27-8d8b-9188fe64373f}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{33aa308b-b565-4376-ac66-59ee9b6ad13e}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{9bb47c17-9c68-4bb3-b188-dd9af0fd2406}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{c04b7d22-5aec-4561-8f49-27f6269208f6}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{e46c8196-b634-44a1-af6e-957c64278ab1}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f34c9277-6577-4dff-b2d7-7d58092f272f}
    Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\babylon"
    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\ProgramData\browser manager"
    Failed to delete: [Folder] "C:\ProgramData\installmate"
    Successfully deleted: [Folder] "C:\ProgramData\premium"
    Successfully deleted: [Folder] "C:\ProgramData\sweetim"
    Failed to delete: [Folder] "C:\ProgramData\tarma installer"
    Successfully deleted: [Folder] "C:\ProgramData\application data\installmate"
    Successfully deleted: [Folder] "C:\ProgramData\application data\tarma installer"
    Successfully deleted: [Folder] "C:\Users\Feamus\AppData\Roaming\babylon"
    Successfully deleted: [Folder] "C:\Users\Feamus\AppData\Roaming\optimizer pro"
    Successfully deleted: [Folder] "C:\Users\Feamus\AppData\Roaming\pccustubinstaller"
    Successfully deleted: [Folder] "C:\Users\Feamus\appdata\local\conduit"
    Successfully deleted: [Folder] "C:\Users\Feamus\appdata\local\ilivid player"
    Successfully deleted: [Folder] "C:\Users\Feamus\appdata\locallow\conduit"
    Successfully deleted: [Folder] "C:\Users\Feamus\appdata\locallow\funwebproducts"
    Successfully deleted: [Folder] "C:\Users\Feamus\appdata\locallow\mywebsearch"
    Successfully deleted: [Folder] "C:\Users\Feamus\appdata\locallow\toolbar4"
    Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
    Successfully deleted: [Folder] "C:\Program Files\searchya!"
    Successfully deleted: [Folder] "C:\Program Files\shopping sidekick plugin"
    Successfully deleted: [Folder] "C:\Program Files\sweetim"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro"
    Successfully deleted: [Folder] "C:\Users\Feamus\AppData\Roaming\microsoft\windows\start menu\programs\browser manager"
    Successfully deleted: [Folder] "C:\ProgramData\ask"



    ~~~ FireFox

    Successfully deleted: [File] C:\user.js
    Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
    Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\search_results.xml"
    Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\user.js
    Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\browsermngr_extensions.sqlite
    Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\browsermngr_prefs.js
    Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\invalidprefs.js
    Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
    Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\searchplugins\askcom.xml
    Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\searchplugins\search.xml
    Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\searchplugins\search_results.xml
    Successfully deleted: [File] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\searchplugins\sweetim.xml
    Successfully deleted: [Folder] C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\conduitcommon
    Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}
    Successfully deleted the following from C:\Users\Feamus\AppData\Roaming\mozilla\firefox\profiles\gilb5ffx.default\prefs.js

    user_pref("browser.newtabpage.blocked", "{\"4/zelpW6J6wv+UdWklU1DQ==\":1,\"NvM7HYLz17FQ84Rj7Z/4rg==\":1,\"YDf2VAUY1xoWlehFBHTLYg==\":1,\"xc7OpwlcLAn7ZEZS0PQKsg==\":1,\"0TV8tk5
    user_pref("browser.search.defaultengine", "Ask.com");
    user_pref("browser.startup.homepage", "http://www.searchnu.com/406");
    user_pref("extensions.BabylonToolbar.admin", false);
    user_pref("extensions.BabylonToolbar.aflt", "babsst");
    user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    user_pref("extensions.BabylonToolbar.dfltLng", "en");
    user_pref("extensions.BabylonToolbar.excTlbr", false);
    user_pref("extensions.BabylonToolbar.id", "466690d100000000000000a0c6000000");
    user_pref("extensions.BabylonToolbar.instlDay", "15620");
    user_pref("extensions.BabylonToolbar.instlRef", "sst");
    user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    user_pref("extensions.BabylonToolbar.tlbrId", "base");
    user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=466690d100000000000000a0c6000000&q=");
    user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
    user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
    user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    user_pref("extensions.BabylonToolbar_i.babExt", "");
    user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=130812_ppcs0_3312_6");
    user_pref("extensions.BabylonToolbar_i.hardId", "466690d100000000000000a0c6000000");
    user_pref("extensions.BabylonToolbar_i.id", "466690d100000000000000a0c6000000");
    user_pref("extensions.BabylonToolbar_i.instlDay", "15424");
    user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    user_pref("extensions.BabylonToolbar_i.newTab", false);
    user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.70:09:33");
    user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    user_pref("keyword.URL", "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=4088943232834551&o=APN10645&q=");
    user_pref("sweetim.toolbar.RevertDialog.enable", "false");
    user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
    user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1358790802834");
    user_pref("sweetim.toolbar.Visibility.enable", "true");
    user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
    user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
    user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
    user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
    user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
    user_pref("sweetim.toolbar.cda.returnValue", "hide");
    user_pref("sweetim.toolbar.dialogs.0.enable", "true");
    user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
    user_pref("sweetim.toolbar.dialogs.0.height", "335");
    user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
    user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
    user_pref("sweetim.toolbar.dialogs.0.url", "http://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
    user_pref("sweetim.toolbar.dialogs.0.width", "761");
    user_pref("sweetim.toolbar.dialogs.1.enable", "true");
    user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
    user_pref("sweetim.toolbar.dialogs.1.height", "300");
    user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
    user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
    user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
    user_pref("sweetim.toolbar.dialogs.1.width", "500");
    user_pref("sweetim.toolbar.dialogs.2.enable", "true");
    user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
    user_pref("sweetim.toolbar.dialogs.2.height", "150");
    user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
    user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
    user_pref("sweetim.toolbar.dialogs.2.url", "http://www.sweetim.com/simffbar/simcdadialog.asp");
    user_pref("sweetim.toolbar.dialogs.2.width", "530");
    user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
    user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
    user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    user_pref("sweetim.toolbar.mode.debug", "false");
    user_pref("sweetim.toolbar.newtab.created", "false");
    user_pref("sweetim.toolbar.newtab.enable", "true");
    user_pref("sweetim.toolbar.previous.keyword.URL", "");
    user_pref("sweetim.toolbar.rc.url", "http://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
    user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
    user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
    user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
    user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "http://(www.|apps.)?facebook\\.com.*");
    user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
    user_pref("sweetim.toolbar.scripts.0.enable", "false");
    user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
    user_pref("sweetim.toolbar.scripts.0.url", "http://sc.sweetim.com/apps/in/fb/infb.js");
    user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
    user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
    user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "https://(www.|apps.)?facebook\\.com.*");
    user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
    user_pref("sweetim.toolbar.scripts.1.enable", "false");
    user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_httpS");
    user_pref("sweetim.toolbar.scripts.1.url", "https://sc.sweetim.com/apps/in/fb/infb.js");
    user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
    user_pref("sweetim.toolbar.scripts.2.callback", "");
    user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
    user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
    user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
    user_pref("sweetim.toolbar.scripts.2.enable", "false");
    user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
    user_pref("sweetim.toolbar.scripts.2.url", "http://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
    user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://sear
    user_pref("sweetim.toolbar.search.history.capacity", "10");
    user_pref("sweetim.toolbar.searchguard.enable", "false");
    user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
    user_pref("sweetim.toolbar.simapp_id", "{04F4AF4A-4BA8-11E2-96B7-00A0C6000000}");
    user_pref("sweetim.toolbar.version", "1.9.0.0");



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24/01/2013 at 14:01:01.55
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  4. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    OTL logfile created on: 24/01/2013 14:13:29 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Feamus\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.46% Memory free
    5.99 Gb Paging File | 4.60 Gb Available in Paging File | 76.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 146.19 Gb Total Space | 28.52 Gb Free Space | 19.51% Space Free | Partition Type: NTFS
    Drive D: | 6.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 44.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 7.52 Gb Total Space | 1.51 Gb Free Space | 20.15% Space Free | Partition Type: FAT32

    Computer Name: FEAMUS-PC | User Name: Feamus | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/24 14:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Feamus\Desktop\OTL.exe
    PRC - [2013/01/18 22:28:01 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012/12/28 23:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\Feamus\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/11/30 02:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2012/10/04 15:00:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/08/01 03:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2011/09/09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/08/18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2011/05/23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2011/03/28 02:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2011/03/16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/08/18 18:33:54 | 000,008,704 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
    PRC - [2010/08/18 18:33:50 | 000,272,384 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
    PRC - [2010/06/29 04:57:58 | 004,247,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe
    PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2007/06/20 23:04:54 | 000,693,600 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WksWP.exe
    PRC - [2007/06/20 23:04:52 | 000,091,488 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wkgdcach.exe
    PRC - [2007/06/20 23:04:51 | 000,095,584 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkDStore.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/01/18 22:27:59 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
    MOD - [2012/11/30 02:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2012/11/30 02:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2012/11/15 16:09:42 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\571e329ec4de8476024e07293d3985c1\System.Core.ni.dll
    MOD - [2012/11/14 23:36:38 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d8e7934f5f7b585a06506b3fa400523e\System.Management.ni.dll
    MOD - [2012/11/14 22:00:38 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b21e4b2fb6b860debf846f1abcb5848\System.ServiceProcess.ni.dll
    MOD - [2012/11/14 22:00:29 | 010,578,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\62a5fac1b0201adbaf415db430b537d4\System.Design.ni.dll
    MOD - [2012/11/14 22:00:15 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\91403f9dc2decc89c9ed4ea2aa00bb29\System.Web.Services.ni.dll
    MOD - [2012/11/14 21:59:35 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll
    MOD - [2012/11/14 21:59:30 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\65784cdbdf49469aa8b75c5e09baa8d0\System.Transactions.ni.dll
    MOD - [2012/11/14 21:59:28 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ff1a3712e3bbd4944ffb5c78fd9c7bca\System.Data.ni.dll
    MOD - [2012/11/14 21:58:54 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d94dbbd0c84e503a6a1d192f768b45c8\PresentationFramework.ni.dll
    MOD - [2012/11/14 21:58:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll
    MOD - [2012/11/14 21:57:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll
    MOD - [2012/11/14 21:57:38 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\16736bed76cd56edf05ccd0e8f6b3b6e\Accessibility.ni.dll
    MOD - [2012/11/14 21:57:36 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\46f9cb63a99278b3dd7d91766bf4969e\PresentationCore.ni.dll
    MOD - [2012/11/14 21:56:52 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll
    MOD - [2012/11/14 21:56:12 | 000,680,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\1658707b14a104ea7aad70ce0512dafa\System.Security.ni.dll
    MOD - [2012/11/14 21:55:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll
    MOD - [2012/11/14 21:54:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll
    MOD - [2012/11/14 21:54:44 | 007,973,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll
    MOD - [2012/11/14 21:53:45 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll
    MOD - [2011/09/09 23:58:24 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
    MOD - [2011/02/10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    MOD - [2010/08/18 18:33:46 | 000,294,400 | ---- | M] () -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\Vodafone.View.Taskbar.dll
    MOD - [2009/07/14 01:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
    MOD - [2009/06/10 21:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2009/06/10 21:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2004/09/08 19:51:54 | 000,121,344 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


    ========== Services (SafeList) ==========

    SRV - [2013/01/18 22:28:00 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/10/24 23:53:57 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/01/31 15:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2011/06/22 02:05:29 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2011/02/08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/08/18 18:33:54 | 000,008,704 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe -- (VmbService)
    SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 01:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2005/03/16 00:11:19 | 000,855,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
    DRV - File not found [File_System | Auto | Stopped] -- system32\DRIVERS\eamonm.sys -- (eamonm)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (bvrp_pci)
    DRV - [2012/11/12 04:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/08/17 08:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2011/08/17 08:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011/05/27 18:05:32 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2011/04/04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2011/03/16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/03/01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/02/22 07:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
    DRV - [2011/02/10 06:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2011/02/10 06:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/08/11 10:44:02 | 000,194,048 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbwwan.sys -- (ZTEusbwwan)
    DRV - [2010/08/11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
    DRV - [2010/08/11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2010/08/11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2010/08/11 10:44:02 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2010/08/11 10:44:02 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
    DRV - [2010/05/20 13:40:28 | 000,061,952 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vodafone_K380x-z_dc_enum.sys -- (vodafone_K380x-z_dc_enum)
    DRV - [2010/03/21 00:42:43 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
    DRV - [2010/03/21 00:42:40 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2009/07/14 01:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 01:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 01:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 23:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 23:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 22:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2006/03/02 04:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC52.sys -- (IntelC52)
    DRV - [2005/05/06 22:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC51.sys -- (IntelC51)
    DRV - [2005/05/06 22:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelC53.sys -- (IntelC53)
    DRV - [2005/05/06 22:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mohfilt.sys -- (mohfilt)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{7702CE0E-5B8B-96CE-20F2-4B426EEC31CC}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933


    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ [binary data]
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E EC 7A 53 49 30 CC 01 [binary data]
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\SearchScopes,DefaultScope = {1B4F1ED0-8409-46E5-8AF1-CC9B1EA7CDA0}
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\SearchScopes\{1B4F1ED0-8409-46E5-8AF1-CC9B1EA7CDA0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.1.0.10441
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Feamus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Feamus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2012/12/12 21:28:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2005/03/16 08:07:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2005/03/16 00:11:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\SearchPredict\PRFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SPEEDbit Video Downloader\SPFireFox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/01/01 17:22:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 22:28:02 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 22:27:51 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 22:28:02 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/18 22:27:51 | 000,000,000 | ---D | M]

    [2012/12/27 12:38:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Feamus\AppData\Roaming\Mozilla\Extensions
    [2013/01/24 14:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Feamus\AppData\Roaming\Mozilla\Firefox\Profiles\gilb5ffx.default\extensions
    [2011/09/18 14:37:24 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Feamus\AppData\Roaming\Mozilla\Firefox\Profiles\gilb5ffx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2012/12/21 19:53:52 | 000,002,449 | ---- | M] () -- C:\Users\Feamus\AppData\Roaming\Mozilla\Firefox\Profiles\gilb5ffx.default\searchplugins\SearchYa!.xml
    [2013/01/18 22:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/01/18 22:27:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/01/18 22:28:02 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2005/03/16 00:11:11 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/09/24 19:53:34 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/10/21 21:55:48 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - homepage: http://www.searchnu.com/406
    CHR - default_search_provider: Search Results (Enabled)
    CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=4088943232834551&q={searchTerms}
    CHR - default_search_provider: suggest_url =
    CHR - homepage: http://www.searchnu.com/406
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Feamus\AppData\Local\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Feamus\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Feamus\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Feamus\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - Extension: SweetIM for Facebook = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: AVG Safe Search = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: FreemakeTB = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp\2.3.17.1_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: AVG Safe Search = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: FreemakeTB = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgficikadnmmefckdecajlmffkbagomp\2.3.17.1_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

    O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe ()
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [MobileBroadband] C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe (Vodafone)
    O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
    O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - Startup: C:\Users\Feamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Feamus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D314FA4D-91DB-48C6-9B31-28066AA64F8C}: NameServer = 88.82.13.44 88.82.13.44
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/06/18 12:32:27 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
    O32 - AutoRun File - [2010/09/13 22:45:26 | 000,000,120 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2008/09/08 21:13:25 | 000,000,058 | R--- | M] () - F:\autorun.inf -- [ UDF ]
    O33 - MountPoints2\{af47168c-9c16-11e0-a626-001111e233b2}\Shell - "" = AutoRun
    O33 - MountPoints2\{af47168c-9c16-11e0-a626-001111e233b2}\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2010/07/08 11:14:50 | 000,274,432 | R--- | M] (Vodafone)
    O33 - MountPoints2\{f3983a47-3477-11df-9dbc-001111e233b2}\Shell - "" = AutoRun
    O33 - MountPoints2\{f3983a47-3477-11df-9dbc-001111e233b2}\Shell\AutoRun\command - "" = F:\FalloutLauncher.exe -- [2008/10/28 16:35:19 | 018,552,088 | R--- | M] (Bethesda Softworks)
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmb_lite.exe -- [2010/07/08 11:14:50 | 000,274,432 | R--- | M] (Vodafone)
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/24 14:11:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Feamus\Desktop\OTL.exe
    [2013/01/24 13:45:11 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/01/24 13:45:00 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/01/24 13:44:32 | 000,499,147 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Feamus\Desktop\JRT.exe
    [2013/01/24 13:03:53 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\10 poems
    [2013/01/24 12:59:26 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\CITY Final Jan 2013
    [2013/01/24 01:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2013/01/23 22:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2013/01/18 22:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/01/13 18:29:29 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\CRG Audio
    [2013/01/03 15:49:53 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\January Poems
    [2013/01/01 20:42:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
    [2013/01/01 20:42:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
    [2013/01/01 20:42:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
    [2013/01/01 20:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
    [2013/01/01 20:42:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0307060.005
    [2013/01/01 20:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2013/01/01 20:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2013/01/01 17:21:36 | 000,000,000 | ---D | C] -- C:\Users\Feamus\AppData\Roaming\DivX
    [2013/01/01 17:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
    [2013/01/01 17:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
    [2012/12/29 07:40:48 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\Consolodated from de
    [2012/12/28 04:18:50 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\Sociological research
    [2012/12/28 04:08:16 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\Direct x and other Apps
    [2012/12/27 15:06:10 | 000,000,000 | ---D | C] -- C:\AMD
    [2012/12/27 12:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
    [2012/12/26 00:33:27 | 000,000,000 | ---D | C] -- C:\Users\Feamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft Beta Cracked
    [2012/12/26 00:08:42 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\The Welcome Centre
    [2012/12/25 23:15:27 | 000,000,000 | ---D | C] -- C:\Users\Feamus\AppData\Roaming\.minecraft
    [2012/12/25 23:12:00 | 000,000,000 | ---D | C] -- C:\Users\Feamus\Desktop\Minecraft
    [2012/12/25 21:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
    [2012/12/25 21:32:36 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/12/25 21:32:12 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/12/25 21:32:12 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [2012/12/25 21:32:12 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012/12/25 21:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
    [2011/06/20 01:44:58 | 000,035,840 | ---- | C] (NirSoft) -- C:\Users\Feamus\myuninst.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/01/24 14:17:16 | 000,027,824 | ---- | M] () -- C:\Users\Feamus\AppData\Roaming\wklnhst.dat
    [2013/01/24 14:17:16 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\e-mails previously.wps
    [2013/01/24 14:11:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Feamus\Desktop\OTL.exe
    [2013/01/24 13:53:28 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4059276865-3607389378-3789939313-1001UA.job
    [2013/01/24 13:45:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/24 13:44:33 | 000,499,147 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Feamus\Desktop\JRT.exe
    [2013/01/24 12:56:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/24 12:47:41 | 107,371,077 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2013/01/24 01:14:07 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Aside.wps
    [2013/01/24 00:46:21 | 000,009,728 | ---- | M] () -- C:\Users\Feamus\Desktop\Nothing, mistaken….wps
    [2013/01/24 00:23:27 | 000,036,961 | ---- | M] () -- C:\Users\Feamus\Desktop\72843_485112618201173_178568296_n.jpg
    [2013/01/23 23:19:48 | 000,058,384 | ---- | M] () -- C:\Users\Feamus\Desktop\19295_10200221229150571_1540472408_n.jpg
    [2013/01/23 22:51:17 | 000,011,776 | ---- | M] () -- C:\Users\Feamus\Desktop\CRG 005.5.wps
    [2013/01/23 22:25:11 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\accept it.wps
    [2013/01/23 22:24:54 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Sad.wps
    [2013/01/23 22:02:13 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\Conjured.wps
    [2013/01/23 14:52:40 | 000,000,182 | ---- | M] () -- C:\Users\Feamus\Desktop\TNR Template.rtf
    [2013/01/21 20:00:49 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Location One… In front of the Gate Lock.wps
    [2013/01/20 23:52:38 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Misdirected.wps
    [2013/01/20 20:27:44 | 000,351,179 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2013/01/20 12:14:19 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Buying emotion.wps
    [2013/01/20 10:46:45 | 000,017,408 | ---- | M] () -- C:\Users\Feamus\Desktop\There has been a lot happening.wps
    [2013/01/20 00:53:57 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Special Brew.wps
    [2013/01/20 00:53:38 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\This device is.wps
    [2013/01/20 00:53:18 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Witness.wps
    [2013/01/18 22:14:04 | 000,057,856 | ---- | M] () -- C:\Users\Feamus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/18 21:11:01 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Growth.wps
    [2013/01/16 23:56:44 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\some other ****er.wps
    [2013/01/15 21:44:47 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\CRG NEXT LEVEL.wps
    [2013/01/13 22:09:17 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/13 22:09:17 | 000,016,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/13 21:41:40 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\free of violence and intimidation.wps
    [2013/01/11 21:35:47 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\My Nationality is better.wps
    [2013/01/11 20:42:51 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Do you ever look at.wps
    [2013/01/11 19:05:11 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\The Kids.wps
    [2013/01/10 21:07:29 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Prompts..wps
    [2013/01/09 21:15:17 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\Inwardly.wps
    [2013/01/09 12:16:55 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\conflict here is.wps
    [2013/01/07 19:41:37 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\its just water.wps
    [2013/01/07 03:53:02 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4059276865-3607389378-3789939313-1001Core.job
    [2013/01/07 01:38:15 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\keep passing.wps
    [2013/01/06 05:27:19 | 000,000,354 | ---- | M] () -- C:\Users\Feamus\Desktop\words.rtf
    [2013/01/06 05:12:42 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Disharmony.wps
    [2013/01/06 04:42:23 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Words.wps
    [2013/01/04 15:12:52 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Confusing..wps
    [2013/01/04 09:31:49 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Rain walk.wps
    [2013/01/04 08:42:45 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\CRG.CODE.1.wps
    [2013/01/04 08:09:14 | 000,011,264 | ---- | M] () -- C:\Users\Feamus\Desktop\The Bosnian War.wps
    [2013/01/03 22:31:16 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\second poem.wps
    [2013/01/03 22:30:58 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Undaunted.wps
    [2013/01/03 22:30:47 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\Writing quotes.wps
    [2013/01/03 20:59:45 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Incandescent.wps
    [2013/01/02 16:54:16 | 000,033,792 | ---- | M] () -- C:\Users\Feamus\Desktop\making excuses.wps
    [2013/01/01 18:09:47 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\difference between knowing about something.wps
    [2013/01/01 18:09:22 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Learning is seen as.wps
    [2013/01/01 05:04:36 | 000,008,704 | ---- | M] () -- C:\Users\Feamus\Desktop\Black and White.wps
    [2012/12/31 16:13:58 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Make it.wps
    [2012/12/31 13:35:48 | 000,001,051 | ---- | M] () -- C:\Users\Feamus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/12/31 01:58:06 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\a High five.wps
    [2012/12/31 00:24:24 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\drape.wps
    [2012/12/30 22:56:11 | 000,009,216 | ---- | M] () -- C:\Users\Feamus\Desktop\Where it’s at.wps
    [2012/12/29 22:46:40 | 000,010,240 | ---- | M] () -- C:\Users\Feamus\Desktop\Guilty.wps
    [2012/12/28 16:56:40 | 000,006,144 | ---- | M] () -- C:\Users\Feamus\Desktop\We’re never going to.wps
    [2012/12/27 15:39:10 | 000,628,024 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/12/27 15:39:10 | 000,110,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/12/26 00:33:27 | 000,001,021 | ---- | M] () -- C:\Users\Feamus\Desktop\Start Minecraft Beta Cracked.lnk
    [2012/12/25 21:56:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
    [2012/12/25 21:56:20 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
    [2012/12/25 21:31:37 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
    [2012/12/25 21:31:33 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
    [2012/12/25 21:31:33 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
    [2012/12/25 21:31:32 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
    [2012/12/25 21:31:32 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/01/24 14:17:15 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\e-mails previously.wps
    [2013/01/24 01:40:45 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/24 01:40:43 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/24 01:14:07 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Aside.wps
    [2013/01/24 00:46:21 | 000,009,728 | ---- | C] () -- C:\Users\Feamus\Desktop\Nothing, mistaken….wps
    [2013/01/24 00:23:26 | 000,036,961 | ---- | C] () -- C:\Users\Feamus\Desktop\72843_485112618201173_178568296_n.jpg
    [2013/01/23 23:19:42 | 000,058,384 | ---- | C] () -- C:\Users\Feamus\Desktop\19295_10200221229150571_1540472408_n.jpg
    [2013/01/23 22:25:11 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\accept it.wps
    [2013/01/23 22:24:53 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Sad.wps
    [2013/01/23 22:02:13 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\Conjured.wps
    [2013/01/23 14:52:40 | 000,000,182 | ---- | C] () -- C:\Users\Feamus\Desktop\TNR Template.rtf
    [2013/01/21 20:01:08 | 000,011,776 | ---- | C] () -- C:\Users\Feamus\Desktop\CRG 005.5.wps
    [2013/01/21 20:00:49 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Location One… In front of the Gate Lock.wps
    [2013/01/20 23:52:38 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Misdirected.wps
    [2013/01/20 12:14:19 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Buying emotion.wps
    [2013/01/20 10:46:45 | 000,017,408 | ---- | C] () -- C:\Users\Feamus\Desktop\There has been a lot happening.wps
    [2013/01/20 00:53:57 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Special Brew.wps
    [2013/01/20 00:53:38 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\This device is.wps
    [2013/01/20 00:53:18 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Witness.wps
    [2013/01/18 21:11:01 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Growth.wps
    [2013/01/15 21:44:47 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\CRG NEXT LEVEL.wps
    [2013/01/14 19:55:02 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\some other ****er.wps
    [2013/01/13 21:41:40 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\free of violence and intimidation.wps
    [2013/01/11 21:35:47 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\My Nationality is better.wps
    [2013/01/11 20:42:51 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Do you ever look at.wps
    [2013/01/11 19:05:11 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\The Kids.wps
    [2013/01/10 21:07:29 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Prompts..wps
    [2013/01/09 21:15:16 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\Inwardly.wps
    [2013/01/09 12:16:55 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\conflict here is.wps
    [2013/01/07 19:41:36 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\its just water.wps
    [2013/01/07 01:38:14 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\keep passing.wps
    [2013/01/06 05:27:18 | 000,000,354 | ---- | C] () -- C:\Users\Feamus\Desktop\words.rtf
    [2013/01/06 05:12:41 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Disharmony.wps
    [2013/01/06 04:01:54 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Words.wps
    [2013/01/04 15:12:51 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Confusing..wps
    [2013/01/04 08:09:13 | 000,011,264 | ---- | C] () -- C:\Users\Feamus\Desktop\The Bosnian War.wps
    [2013/01/04 07:58:16 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Rain walk.wps
    [2013/01/03 22:31:16 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\second poem.wps
    [2013/01/03 22:30:47 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\Writing quotes.wps
    [2013/01/03 22:03:47 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Undaunted.wps
    [2013/01/03 20:59:45 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Incandescent.wps
    [2013/01/02 22:15:27 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\CRG.CODE.1.wps
    [2013/01/02 12:39:49 | 000,033,792 | ---- | C] () -- C:\Users\Feamus\Desktop\making excuses.wps
    [2013/01/01 20:42:35 | 000,000,438 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Feamus.job
    [2013/01/01 20:42:19 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0307060.005\isolate.ini
    [2013/01/01 18:09:46 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\difference between knowing about something.wps
    [2013/01/01 18:09:21 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Learning is seen as.wps
    [2013/01/01 05:04:36 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Desktop\Black and White.wps
    [2012/12/31 16:13:57 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Make it.wps
    [2012/12/31 01:58:06 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\a High five.wps
    [2012/12/31 00:24:24 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\drape.wps
    [2012/12/30 22:56:11 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\Desktop\Where it’s at.wps
    [2012/12/29 22:46:40 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Desktop\Guilty.wps
    [2012/12/28 16:56:40 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\Desktop\We’re never going to.wps
    [2012/12/26 00:33:27 | 000,001,021 | ---- | C] () -- C:\Users\Feamus\Desktop\Start Minecraft Beta Cracked.lnk
    [2012/09/15 20:58:38 | 083,023,306 | ---- | C] () -- C:\ProgramData\0tbpw.pad
    [2012/06/19 08:58:39 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
    [2012/06/13 18:24:17 | 000,001,193 | ---- | C] () -- C:\Users\Feamus\AppData\Roaming\NMM-MetaData.db
    [2012/06/13 13:06:30 | 000,102,912 | ---- | C] () -- C:\Windows\System32\EasyHook64.dll
    [2012/06/13 13:06:28 | 000,084,480 | ---- | C] () -- C:\Windows\System32\EasyHook32.dll
    [2012/01/04 09:00:57 | 000,000,634 | ---- | C] () -- C:\Users\Feamus\myuninst.cfg
    [2011/10/13 20:05:07 | 000,113,796 | ---- | C] () -- C:\Users\Feamus\too much ****ing bass!.rns
    [2011/08/15 03:16:41 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011/06/20 01:51:56 | 000,016,804 | ---- | C] () -- C:\Users\Feamus\myuninst.chm
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2010/08/11 10:43:50 | 000,159,464 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
    [2010/03/21 19:25:17 | 000,057,856 | ---- | C] () -- C:\Users\Feamus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/03/20 19:28:40 | 000,027,824 | ---- | C] () -- C:\Users\Feamus\AppData\Roaming\wklnhst.dat
    [2010/03/20 18:38:32 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Url.wps
    [2010/03/20 18:38:32 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\Untitled Document55.wps
    [2010/03/20 18:38:32 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Untitled Document.wps
    [2010/03/20 18:38:31 | 000,100,520 | ---- | C] () -- C:\Users\Feamus\SoundofBCM.rfl
    [2010/03/20 18:38:31 | 000,010,240 | ---- | C] () -- C:\Users\Feamus\The big man.wps
    [2010/03/20 18:38:31 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\Unfinished.wps
    [2010/03/20 18:38:31 | 000,003,518 | ---- | C] () -- C:\Users\Feamus\smell your ma.rtf
    [2010/03/20 18:38:30 | 000,009,216 | ---- | C] () -- C:\Users\Feamus\porn.wps
    [2010/03/20 18:38:29 | 000,009,728 | ---- | C] () -- C:\Users\Feamus\non-believer.wps
    [2010/03/20 18:38:28 | 002,432,575 | ---- | C] () -- C:\Users\Feamus\Hip_Hop_Hard_Phat.rfl
    [2010/03/20 18:38:28 | 000,020,992 | ---- | C] () -- C:\Users\Feamus\forgot about dre.wps
    [2010/03/20 18:38:28 | 000,008,704 | ---- | C] () -- C:\Users\Feamus\literal dicision.wps
    [2010/03/20 18:38:25 | 000,334,209 | ---- | C] () -- C:\Users\Feamus\factoryRex_redrum_patches.rfl
    [2010/03/20 18:38:24 | 000,006,144 | ---- | C] () -- C:\Users\Feamus\E-Mails.wps
    [2010/03/20 18:38:19 | 005,874,196 | ---- | C] () -- C:\Users\Feamus\Analogue Redrum ReFill.rfl

    ========== ZeroAccess Check ==========

    [2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
    [2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
    [2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
    [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
    [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
    [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
    [2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
    [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
    [2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
    [2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
    [2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
    [2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/10/28 06:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
    [2009/10/28 06:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
    [2009/10/28 05:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
    [2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
    [2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < %systemroot%\*. /rp /s >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: ST3160023AS ATA Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
    Interface type: USB
    Media Type: Removable Media
    Model: USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 146.00GB
    Starting Offset: 65802240
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: 16-bit FAT
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 8.00GB
    Starting Offset: 0
    Hidden sectors: 0


    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Cookies] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
    [C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
    [C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
    [C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
    [C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
    [C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
    [C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

    < End of report >
     
  5. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Hello sesamus

    I sent my reply to you nearly 4 weeks ago and it has taken that time to respond.

    The helpers here all do this on a voluntary basis and most of us also have day jobs and families, plus other people that need help in multiple forums.

    I will help you with this but please respond within three days as mentioned in my introduction. If you are unable to for some reason, be courteous enough to inform me and I’ll keep it open.

    If you have not replied within that time scale, I shall cease to help and you will have to start a new thread.


    It appears that the tool you ran got rid of a lot of your problems but I will wait for the other logs and reply as soon as have had time to look at them.

    Satchfan
     
  6. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    I did what you instructed mate but I only got one file for the last one (OLT) I pasted everything I got here...
     
  7. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Our posts obviously crossed. :)

    As said, I'll reply when I have had time to look at the logs.
     
  8. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    I am really sorry about that man I have been very busy...
     
  9. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    Thank you. :)
     
  10. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Please remember to post the other log, Extras.txt which will be in the same place as OTL
     
  11. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    OTL Extras logfile created on: 24/01/2013 14:13:29 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Feamus\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 60.46% Memory free
    5.99 Gb Paging File | 4.60 Gb Available in Paging File | 76.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 146.19 Gb Total Space | 28.52 Gb Free Space | 19.51% Space Free | Partition Type: NTFS
    Drive D: | 6.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive E: | 44.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 5.52 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
    Drive G: | 7.52 Gb Total Space | 1.51 Gb Free Space | 20.15% Space Free | Partition Type: FAT32

    Computer Name: FEAMUS-PC | User Name: Feamus | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] -- "C:\Program Files\Opera\Opera.exe" "%1"

    [HKEY_USERS\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
    http [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
    https [open] -- "C:\Program Files\Opera\Opera.exe" "%1"
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [SPEEDbitVideoConverter] -- "C:\Program Files\SPEEDbit Video Downloader\Converter.exe" -convert=%1
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{060914F2-089A-4F4E-839E-9BCD28350D0F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{0A0628E1-A450-4C02-893E-16A854CE8057}" = lport=138 | protocol=17 | dir=in | app=system |
    "{0E6F3F64-0B45-463A-91B7-625F72336CA0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1A6188A4-8B37-48C5-AF54-76531A04A9DC}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{212E8657-9405-4A21-9357-F167FCF8F871}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{21D37C0F-0B0C-4B9F-BA14-A26BB49417F5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{25BFDC74-0BEB-44C9-90AB-4263BEF49007}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{28598F3E-E673-4FD6-B6F4-ED65864AC512}" = lport=139 | protocol=6 | dir=in | app=system |
    "{39445CB9-FFE8-4F94-983A-457391AB9907}" = rport=445 | protocol=6 | dir=out | app=system |
    "{74BCAB61-97EA-4F67-992A-2DFD55B62818}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7F12658D-569C-437B-88BA-B1F31E58A6E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{873D9CD6-DD8A-47E0-ADEF-1AE9E5706AAA}" = lport=445 | protocol=6 | dir=in | app=system |
    "{95EDE24B-35E6-40B0-8A4C-A5A85CC66970}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{A5F69A1C-DADA-4641-98D4-E5E7CAAAA168}" = lport=137 | protocol=17 | dir=in | app=system |
    "{AEF760E1-C3B3-45AC-BC6D-253455E4FDE7}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{B77797C7-18E9-470F-8CD7-A144044A6AD9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{BC57D8B1-8262-4967-BBFE-7D10050D7169}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C20B2D2B-961B-4FF5-83DD-302811180BE3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DE391FAD-1BB5-431E-9862-E6E4E5525793}" = rport=137 | protocol=17 | dir=out | app=system |
    "{E22A89B9-5A58-4CDC-A61C-7BEFA4DB05D9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{F68BF2DD-A134-4291-BEBB-994C127E60D4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{09432F45-E9FD-4B0A-AE8A-CD380D9BF722}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{0D308310-32D2-4F9C-AC27-87BED0F45D90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0E9B959C-04B5-4DB9-B543-8CC41C2F51B3}" = protocol=6 | dir=in | app=c:\users\feamus\appdata\roaming\dropbox\bin\dropbox.exe |
    "{258250AF-4C96-45B6-A882-8CFC2CAE78A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2A038B14-0EC6-4872-9F29-13D5236DF293}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{2CC27FEC-8DA5-45E5-BC77-5480E749B917}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{2E2B0FB1-B36F-4EFC-BFC4-4106F24A4833}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{3639B97E-D36F-4DB4-9371-81FC5C8C9745}" = protocol=58 | dir=in | [email protected],-28545 |
    "{3804F0E2-13A2-4E7A-8F42-CF935AEB3D33}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
    "{41F8B0B6-9D6D-4D1F-B214-43AE747C7A94}" = protocol=6 | dir=out | app=system |
    "{435CC4F7-1641-423B-9170-4080851768F1}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
    "{4618BC36-E862-4F3B-B5D9-A8B69A34B1C9}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
    "{49ADB64F-A2B2-4D59-9096-0D79EA9189B3}" = protocol=17 | dir=in | app=c:\users\feamus\appdata\roaming\dropbox\bin\dropbox.exe |
    "{524B0E78-90D7-41C1-9B2F-ED68FF6265AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{55F2A01A-AB22-4ECA-9109-C45D5B00087D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{565FF3F7-CC2A-41B1-8EA9-58458071944D}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
    "{57315D05-D5CE-492F-A403-6401DC846625}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
    "{58732307-3174-41AE-9734-C59A8D5330FD}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{5DA4AB12-A2B0-45E4-BFF4-20D21700ED10}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{5DAFE798-76EB-4C34-A602-DDE5B1DB73C3}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "{616DCE9C-C8AC-490A-BAC9-89744F13AA22}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{696CF757-579F-4558-999D-274841E81CB7}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
    "{6CEECEB6-B80C-4E4F-B0FB-D2DA9FCE03E6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{6DD3CDD3-7336-4042-85F1-4C63A6A67937}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{7A94AFB8-E6A8-4B05-8737-7A33AF19E8D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7F213254-B0EA-404A-A52E-E029A1D0A9B8}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
    "{809E34BB-FD45-40BB-8657-0D29711B8F99}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{80A9B05B-95D5-41BB-AFBC-9A46A350CC5D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{844008D1-109D-40EE-984F-EEBB66098E96}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
    "{950CA668-E846-453A-A9AE-A381A7BFED2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{95BFE411-F9F6-4F07-86B5-AC90E13254EF}" = protocol=1 | dir=in | [email protected],-28543 |
    "{97A23B0F-B7A1-4DC5-AEC9-AC85B868D3E1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
    "{9CECA47A-0751-407C-A266-AD8099996BB5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{A52BA87A-D32B-483D-B5FF-A8AA74487670}" = protocol=58 | dir=out | [email protected],-28546 |
    "{A5A29352-261D-4CA0-A1B3-4F97950C5DC5}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{B175AD1B-CD28-4898-AE8E-4360228B2243}" = dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe |
    "{BAEB9D5D-780E-44EF-B0C9-87C326636885}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "{C53FB897-124D-430E-A7D4-EF3FF920F0EF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{CC57173E-222C-4772-AA23-2D8ADD73A5B6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{D0CE807D-B187-4F98-B44B-8F5FC2DF5FD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{D76F8964-FA8D-45F5-AD58-49128C0ECCD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E196ACD8-DB27-441E-91CC-773C19FD0B26}" = protocol=1 | dir=out | [email protected],-28544 |
    "{E5EDEC75-B121-48E5-B5CF-BEF8F727DFBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E7D6E950-1A06-485C-B81A-3E6EAF20638E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{E8C296DE-E1E3-4715-8B5A-71AEEE2344F7}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{FA8A3F8B-013C-4486-ACBC-ED3529F49222}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "TCP Query User{47EB2FD5-87AF-4272-89A2-9770770DBE00}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
    "TCP Query User{DF3C64BC-0008-40DD-AAF2-DB0CC93B2B7A}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
    "TCP Query User{F14D811B-0FF6-4C54-939B-538307D9D824}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
    "TCP Query User{FDA0345F-7ED7-4CFD-A99F-47B181DCBE12}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
    "UDP Query User{39B84363-0FE0-43A4-910D-6B197CB4FA2D}C:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
    "UDP Query User{BFE392E3-89BF-4EB3-B3A4-09B373B4903F}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
    "UDP Query User{CD9BD3BA-6535-4232-AA55-EA3AEE89DF35}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
    "UDP Query User{D64DE6B8-55EB-46B1-8AD1-82DA2893F68A}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
    "{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}" = SweetPacks bundle uninstaller
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{34B9B494-EF4A-4592-87A8-BE40D0442E86}" = Dawn of War - Soulstorm
    "{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
    "{3F32329A-CE69-45CB-9BC2-1E554A5A5868}" = AVG 2011
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
    "{55115B99-1B96-479E-AFD6-CE17FC9F94B5}" = AVG 2011
    "{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}" = Vodafone Mobile Broadband Lite
    "{6EECB283-E65F-40EF-86D3-D51BF02A8D43}" = Microsoft Office Converter Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7233AA23-2DE7-429F-A704-3F7FEFDBD5D9}_is1" = Cossacks Anthology
    "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{7C1EAF33-82AD-4A63-B56D-4739172714DF}" = Lords of the Realm III
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{ahd_xvideo_downloader-66712EEE-ECBC-A8888}_is1" = AHD Xvideo Downloader 5.6.0.0
    "{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DD8408E9-9421-484F-979D-DB6361E3E828}" = Dawn Of War - Winter Assault
    "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1
    "{EB3D2F14-C178-11D6-B49B-0020183A6529}" = eGames GOG Red
    "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
    "{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
    "0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "All ATI Software" = ATI - Software Uninstall Utility
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
    "AVG" = AVG 2011
    "Blitzkrieg" = Blitzkrieg
    "CCleaner" = CCleaner
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup" = DivX Setup
    "GameSpy Arcade" = GameSpy Arcade
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Minecraft Beta Cracked" = Minecraft Beta Cracked
    "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nokia PC Suite" = Nokia PC Suite
    "NSS" = Norton Security Scan
    "Optimizer Pro_is1" = Optimizer Pro v3.0
    "Railroad Tycoon II" = Railroad Tycoon II
    "RealPlayer 12.0" = RealPlayer
    "Reason4_is1" = Reason 4.0
    "Steam App 56400" = Warhammer® 40,000&#8482;: Dawn of War® II &#8211; Retribution&#8482;
    "Ultimate Doom for Windows 95" = Ultimate Doom for Windows 95
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 1.0.5
    "WinRAR archiver" = WinRAR archiver
    "Xfire" = Xfire (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4059276865-3607389378-3789939313-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome

    < End of report >
     
  12. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    It didn't open on Desktop so I couldn't see it at first but it was in the tray!
     
  13. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    653
    Well, it’s not looking too bad now but there are a few obstinate entries there so let’s try and get rid of them.

    Uninstall the following programs, if present:
    searchnu.com/406
    SweetPacks bundle uninstaller
    Browser Manager
    Update Manager for SweetPacks 1.1

    • Click Start, Control Panel, Programs, and then Programs and Features.
    • A new dialog box appears, Adjust your computer's settings. Choose Programs. Click on it.
    • Click on SweetPacks bundle uninstaller, and then Uninstall. Repeat this for the other programs.
    If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

    ===================================================

    Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

    Run OTL


    • double click on the icon to run it.
    • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
    Code:
    :Services
      
    :OTL
    IE - HKLM\..\SearchScopes\{7702CE0E-5B8B-96CE-20F2-4B426EEC31CC}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\URLSearchHook: {adca5064-9e30-43fe-9856-58b07a3149fe} - No CLSID value found
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\SearchScopes,DefaultScope = {1B4F1ED0-8409-46E5-8AF1-CC9B1EA7CDA0}
    IE - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\SearchScopes\{1B4F1ED0-8409-46E5-8AF1-CC9B1EA7CDA0}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer: source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=
    CHR - homepage: [URL]http://www.searchnu.com/406[/URL]
    CHR - Extension: SweetIM for Facebook = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\Feamus\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-4059276865-3607389378-3789939313-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
    • click the Run Fix button at the top
    • let the program run unhindered, reboot when it is done
    ===================================================

    Reset Chrome’s home page:

    OTL doesn’t fix the Chrome home page so you need to use Chrome's Settings page to change the HomePage.

    • open Google Chrome
    • click on the Customize icon [​IMG], at the top right
    • click on Settings
    • under “On start-up”, check Open a specific page or set of pages and then on Set pages
    • delete any pages that you don’t want
    • set your start page to the page you want, eg www.google.com.
    Once you have typed in the address in the 'Open this page' box, this change is saved. If you close this tab and click on the home icon you should now get your home page.

    Please run OTL again when you have completed this and let me know if there is any change.

    Logs to include in the next post:

    OTL fix log
    New OTL log
     
  14. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    Ok searchnu was not there but I successfully removed the other three. The browser manager had apparently already been removed but remained on the list so I accepted the option to take it off the list...
     
  15. sesamus

    sesamus Thread Starter

    Joined:
    Dec 25, 2012
    Messages:
    22
    Only one file came up after reboot:
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1082375

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice