• Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

Jibberish

Gallorg

Active Member
iHF Regular
Hi

For some reason on some sites (bbc / Wikipedia) all I can see is jiberish

eg
xiØ‘õª÷DÄÎ k¸”¦6’?dÝÁÇzÝ¯å@$Ï÷–GmäÔ|Ea×4›“{¦h_À y›ƒp}É÷\@Eè¬?eÿPÜgH,´úîR:é&æ“\ÿ3ÝwÐ}ZŸí‡“dî„þ7ïMÄþA@Ã\‰zœ«ªo©pì-¡µFËZÉÌBY[ ™°JCÁÒ¯rÀÛQr¶!¾‹Ú5ŽÛ†Ö¯ñ™fù戕wë-P¬ú •tŽ¬{ÝޝޝݷWß}ØݧlΩji>ì‘Ý‹Qt‹SàS®ïl?5*cŵ´Ã—#Þ÷8ˆÏI8JîjjÉɵŽYF± }t“‰Àq/KR†N·˜h uW}½Þž™Zj·k¶åÜ¡NµÝIŒÎ>s’)¼[°Z—²a¥²L?ªDç§]ÙPeÖ&EñÍMráW Žë’¹ /)Y=Â&ÝN»¿=¸ßåÎõÍ'˜èÐèR:®æË8îÎytGãÄ Ï.rU“47Qœ`“ÈJ]ÖózÙ©e¢.c&×…6Nðû,šÚ´¥…¤¹œà´ï(¡P«½cõ(©Mô¬È×^páP«µÎnºÌNz.Ú{‚ã ƒ…Ct‹òᎥ!>u÷IÝÓzz}÷wÞŸ}Õ÷WiÕ÷wÞŸ}÷ß6"{Æó1Y|È·ÒŸ$ëÓ1¬2àj'àÔ>´2$ïÈ£o ›r¤»²0fgR|ARÿÙ'nõ§ï OQÒù±êÇ÷"éµ·ñЀ*n`ñxþEû3LûÞó)ÊB4~EVãP„YxNaqâ·{&Rƒ3¤çm÷ß}÷ÖÜôû«ï»¾ûïo¾îûîîï¾äßyƒ’ô>¸Pð ŽÓ¯xRí3)-c²7XÓáʉÁgœ[鶌:Ìö84*ëC™AOô v³XÄÃi2§ëdD4èÌd"è·XÛ0W8áÄhó[Û¹Q^%éÒS<Þî /«Þ¶2gˆ¸ÄõJ2fôÃðîaÞoû﻾ûï¾ûÛï¾í»¾û¶öû﻾ûﺘD3Í€§rI4–.Äœ‡üŸ&¯ÒÍ4‚æ¼àSÛg{ÆàµHš¶˜ïs’%׍89°§ÉoÆÍNн8ꄝ AW똙]B舄àSüˆÔ4%_¯kDa˜Ìà)õó§ÈWœÆ;û\ÇžCÜ;8D'œ zøb'QŒ,†7^Ëe–ÁR $#ªHæB@§øuµ8á³ÑmfšË÷¹»Z1Ç'Ìa‡5«ÊÌ{@³‘D4¨À3¤[HÙ6}÷w›îÛÛï¾ûï¾öû«ïº¾ûï»o½¾ûï¾í

Any help would be grateful
 

DCiAdmin

Always room to learn a bit more
Administrator
iHF Legend
WCG Team Member
Gallorg,

Would you mind posting a couple of example URLS so I might see if I experience the same issue? What browser are you using? Have you cleared the browser cache and tested?
 

Gallorg

Active Member
iHF Regular
ok the ones I found so far are, BBC & Wikipedia home pages, i'll keep checking
I have cleared the cache aleady

cheers
 

DCiAdmin

Always room to learn a bit more
Administrator
iHF Legend
WCG Team Member
Gallorg,

As I'm in the States, your home page URL for both is likely different than mine. Would you mind posting the URL? Also, what browser are you using as your default? Does the issue cross all browsers?
 

Twitch6000

Person Of All Kinds
iHF Veteran
Advisor
WCG Team Member
Which web browser is this occurring in?
 

Malnutrition

Still Hungry
iHF Master Craftsman
Lets get some info from your machine please. :)

  • Please go here and download Speccy.
  • Install and run the program.
  • Upon Completion:
  • Hit File
  • Publish Snap Shot
  • A link will pop-up on your desktop, please post it here in your next reply.
____________________________________________________________________________

Please download MINITOOLBOX and run it.



Checkmark following boxes:


Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)



Click Go and post the result.
____________________________________________________________________________

Download RSIT 64 bit or RSIT 32 bit Save it to your desktop.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

Double-click RSIT.exe to start the tool. Windows Vista, 7 and 8 users Right Click & Run as Administrator .
  • Then click " Continue "
  • When the tool is finished, a notepad file called " Log "and "info" open
  • Attach both of these to your reply.
 

DCiAdmin

Always room to learn a bit more
Administrator
iHF Legend
WCG Team Member
I tried your link and cannot get it to fail, so I need the answers to my other questions.

Gallorg,

As I'm in the States, your home page URL for both is likely different than mine. Would you mind posting the URL? Also, what browser are you using as your default? Does the issue cross all browsers?
 

Gallorg

Active Member
iHF Regular
Here's the logs

Random System Information Log.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Paul Gallagher at 2014-09-09 13:21:02
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 35 GB (8%) free of 470 GB
Total RAM: 4095 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:21:13, on 09/09/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\TuneUpMedia\TuneUpApp.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Paul Gallagher\AppData\Roaming\Spotify\spotify.exe
C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Paul Gallagher.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-unins...VWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNzcwMjUxODUzLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEMrMS1MSUMrNzctRkwxMCsxLVNQMSsxLVNVRCsxLVMxSSsxLVNVMysxLUREVCs0MDQzOS1MU0QrMi1ERDEwRisxLVNUMTBGQVBQKzEtRjEwTTEyRE4rMS1UQk4rMS1VMTArMS1TVDEyRk9JKzEtRjEwVUQrMi1FVUxBKzEtU1QxMkZBUFArMS1TVEYxME0xMkRNKzE"&"prod=90"&"ver=2012.0.1831"&"mid=e421f143035b2e4ef742d86986ce4b2e-e6b4f37ea68f114295a65eb20b2d40abc64adb88
O4 - HKCU\..\Run: [Torntv Downloader] C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-21-1280295809-455121606-167572049-1005\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1280295809-455121606-167572049-1005\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://user.ssl.eon.com/ CSCOL /csvrloader32.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://lochalsh-isleofskye.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://85.93.227.36/program/SonySncRz25View.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.marksandspencerpersonalised.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://85.221.20.19/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} (CSD ActiveX Installer) - https://user.ssl.eon.com/CACHE/sdesktop/install/binaries/instweb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Unknown owner - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HsdService - Virgin Media - C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 17235 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe"
"C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe"
"C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe"
"C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe"
"C:\Program Files\Western Digital\WD SmartWare\WDFME.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000448
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe"
C:\Windows\system32\svchost.exe -k HPService
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\Version8\TeamViewer8_Logfile.log
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5da16dd2-b3f6-4704-a1fe-ea3b9322fcbc -SystemEventPortName:HostProcess-5f323913-4423-4985-a35f-9ce6a84215f0 -IoCancelEventPortName:HostProcess-fb23a107-eee5-4164-8513-7f64faddfa0e -NonStateChangingEventPortName:HostProcess-1d1873c0-10f7-4c72-aefc-5748e217092d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:3c6e7068-e658-4bb0-90ab-9bda42fba90d -DeviceGroupId:WpdFsGroup
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files\iPod\bin\iPodService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"

"C:\Program Files (x86)\iTunes\iTunes.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe" --pipe \\.\pipe\30395264-2044233727240425668 --parentPipe
\??\C:\Windows\system32\conhost.exe "1872341047-1352384103-1289765254132836459896385155913083485651375679344620440651
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe"
\??\C:\Windows\system32\conhost.exe "20762224613597650146615945202810414951526953481-5406418851094223388587291499
"C:\Program Files (x86)\TuneUpMedia\TuneUpApp.exe" --launched-by itunes
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe" -mail
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5124 CREDAT:4068748 /prefetch:2
C:\Windows\system32\Macromed\Flash\FlashUtil64_14_0_0_176_ActiveX.exe -Embedding
"C:\Users\Paul Gallagher\AppData\Roaming\Spotify\spotify.exe"
"C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="6172.0.388335093\600670711" /prefetch:673131151
"C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="6172.1.796606674\860746319" /prefetch:673131151
"C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="6172.2.477540321\523015359" /prefetch:673131151
"C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=renderer --js-flags=--harmony-proxies --no-sandbox --lang=en-US --lang=en-US --log-severity=disable --channel="6172.3.484394746\310634872" /prefetch:673131151
"C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyHelper.exe" --type=gpu-process --channel="6172.4.436562198\1871136962" --no-sandbox --lang=en-US --log-severity=disable --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,19,22 --gpu-vendor-id=0x10de --gpu-device-id=0x0ca2 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3165 --lang=en-US --log-severity=disable /prefetch:822062411
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5124 CREDAT:1905941 /prefetch:2
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe248_ Global\UsGthrCtrlFltPipeMssGthrPipe248 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Paul Gallagher\Downloads\RSITx64.exe"
taskeng.exe {3FC52446-0B0B-4D76-9615-42992281A836}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Paul Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\o9wgdi62.default-1401877949283

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.67.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@radialpoint.com/SPA,version=1]
"Description"=Radialpoint SPA
"Path"=C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@radialpoint.com/SPA,version=1]
"Description"=Radialpoint SPA
"Path"=C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll


C:\Program Files (x86)\Mozilla Firefox\components\
npCouponPrinter.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npCouponPrinter.dll
npMozCouponPrinter.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
QuickTimePlugin.class

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-10 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-10 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 1271072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Torntv Downloader"=C:\Program Files (x86)\TornTV.com\Torntv Downloader.exe /c=startup []
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2013-12-16 39408]
"Spotify"=C:\Users\Paul [2011-03-30 1588]
"Spotify Web Helper"=C:\Users\Paul [2011-03-30 1588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aimersoft Helper Compact.exe]
C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-11-02 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-03 43816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
C:\Program Files (x86)\Xvidmovies\CheckUpdate.exe [2011-01-17 8192]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-03 43816]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2014-01-17 421888]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-07-08 152392]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]
"Avira Systray"=C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [2014-08-04 161584]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2014-07-23 751184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-unins...4b2e-e6b4f37ea68f114295a65eb20b2d40abc64adb88 []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
CodecPackUpdateChecker.lnk - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HsdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ServicepointService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-09-09 13:21:03 ----D---- C:\Program Files\trend micro
2014-09-09 13:21:02 ----D---- C:\rsit
2014-09-09 13:03:49 ----D---- C:\Program Files\Speccy
2014-09-08 17:37:02 ----D---- C:\Users\Paul Gallagher\AppData\Roaming\Spotify
2014-08-28 04:52:26 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-28 04:52:26 ----A---- C:\Windows\system32\win32k.sys
2014-08-28 04:52:26 ----A---- C:\Windows\system32\gdi32.dll
2014-08-14 17:05:14 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-08-14 17:04:40 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-14 17:04:40 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-08-14 17:04:40 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-08-14 16:47:45 ----D---- C:\Users\Paul Gallagher\AppData\Roaming\Avira
2014-08-14 16:44:07 ----A---- C:\Windows\system32\drivers\avnetflt.sys
2014-08-14 16:41:23 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2014-08-14 16:41:23 ----A---- C:\Windows\system32\drivers\avipbb.sys
2014-08-14 16:41:22 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2014-08-14 16:37:51 ----D---- C:\Program Files (x86)\Avira
2014-08-14 16:37:50 ----D---- C:\ProgramData\Avira
2014-08-14 16:37:20 ----D---- C:\ProgramData\Package Cache
2014-08-14 15:46:47 ----D---- C:\Users\Paul Gallagher\AppData\Roaming\FirefoxToolbar
2014-08-14 15:45:29 ----D---- C:\Windows\SYSWOW64\C2MP
2014-08-14 03:02:12 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-14 03:02:11 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-08-14 03:02:11 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-14 03:02:11 ----A---- C:\Windows\system32\icardagt.exe
2014-08-14 03:02:10 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-08-14 03:02:10 ----A---- C:\Windows\system32\icardres.dll
2014-08-14 03:01:48 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-14 03:01:48 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-13 18:36:02 ----D---- C:\Program Files (x86)\SpeedFan
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-13 11:55:54 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-13 11:55:54 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-13 11:55:54 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-08-13 11:55:45 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-08-13 11:55:45 ----A---- C:\Windows\system32\tzres.dll
2014-08-13 11:55:35 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-13 11:55:35 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-13 11:55:35 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-13 11:55:35 ----A---- C:\Windows\system32\msihnd.dll
2014-08-13 11:55:35 ----A---- C:\Windows\system32\msi.dll
2014-08-13 11:55:35 ----A---- C:\Windows\system32\consent.exe
2014-08-13 11:55:35 ----A---- C:\Windows\system32\authui.dll
2014-08-13 11:55:24 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-13 11:55:18 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-13 11:55:18 ----A---- C:\Windows\system32\shell32.dll
2014-08-13 11:55:15 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-08-13 11:55:15 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-08-13 11:55:14 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-08-13 11:55:14 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-08-13 11:55:14 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-08-13 11:55:14 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-08-13 11:55:14 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-08-13 11:55:14 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 11:55:14 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-08-13 11:55:13 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-08-13 11:55:13 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-08-13 11:55:12 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-08-13 11:55:12 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-08-13 11:55:12 ----A---- C:\Windows\system32\urlmon.dll
2014-08-13 11:55:12 ----A---- C:\Windows\system32\iernonce.dll
2014-08-13 11:55:12 ----A---- C:\Windows\system32\ie4uinit.exe
2014-08-13 11:55:11 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-08-13 11:55:11 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-08-13 11:55:11 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-08-13 11:55:11 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-08-13 11:55:11 ----A---- C:\Windows\system32\msfeeds.dll
2014-08-13 11:55:11 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 11:55:11 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-08-13 11:55:11 ----A---- C:\Windows\system32\dxtmsft.dll
2014-08-13 11:55:10 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-08-13 11:55:10 ----A---- C:\Windows\system32\iesetup.dll
2014-08-13 11:55:10 ----A---- C:\Windows\system32\iedkcs32.dll
2014-08-13 11:55:08 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-08-13 11:55:08 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-08-13 11:55:08 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-08-13 11:55:08 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-08-13 11:55:08 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-08-13 11:55:08 ----A---- C:\Windows\system32\iertutil.dll
2014-08-13 11:55:07 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-08-13 11:55:07 ----A---- C:\Windows\system32\jsproxy.dll
2014-08-13 11:55:06 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-08-13 11:55:06 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-08-13 11:55:05 ----A---- C:\Windows\system32\mshtmled.dll
2014-08-13 11:55:05 ----A---- C:\Windows\system32\ieui.dll
2014-08-13 11:55:05 ----A---- C:\Windows\system32\ieframe.dll
2014-08-13 11:55:05 ----A---- C:\Windows\system32\dxtrans.dll
2014-08-13 11:55:04 ----A---- C:\Windows\system32\vbscript.dll
2014-08-13 11:55:04 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-08-13 11:55:04 ----A---- C:\Windows\system32\jscript9diag.dll
2014-08-13 11:55:04 ----A---- C:\Windows\system32\jscript9.dll
2014-08-13 11:55:04 ----A---- C:\Windows\system32\ieUnatt.exe
2014-08-13 11:55:03 ----A---- C:\Windows\system32\wininet.dll
2014-08-13 11:55:03 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-08-13 11:55:03 ----A---- C:\Windows\system32\ieapfltr.dll
2014-08-13 11:55:02 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 11:55:02 ----A---- C:\Windows\system32\msrating.dll
2014-08-13 11:55:02 ----A---- C:\Windows\system32\mshtml.dll
2014-08-13 11:54:14 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-13 11:54:14 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-13 11:54:07 ----A---- C:\Windows\system32\aepdu.dll
2014-08-13 11:54:06 ----A---- C:\Windows\system32\aeinv.dll
2014-08-10 22:02:47 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-08-10 16:24:24 ----A---- C:\Windows\SYSWOW64\javaws.exe
2014-08-10 16:24:16 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2014-08-10 16:24:16 ----A---- C:\Windows\SYSWOW64\javaw.exe
2014-08-10 16:24:16 ----A---- C:\Windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 month======

2014-09-09 13:21:08 ----D---- C:\Windows\Temp
2014-09-09 13:21:03 ----RD---- C:\Program Files
2014-09-09 12:41:48 ----D---- C:\Windows\system32\config
2014-09-09 12:30:04 ----SHD---- C:\System Volume Information
2014-09-08 17:23:39 ----D---- C:\Users\Paul Gallagher\AppData\Roaming\TuneUpMedia
2014-09-08 12:12:29 ----D---- C:\ProgramData\NVIDIA
2014-09-07 00:51:40 ----D---- C:\Windows\System32
2014-09-07 00:51:40 ----D---- C:\Windows\inf
2014-09-07 00:51:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-06 17:34:40 ----D---- C:\Program Files (x86)\Steam
2014-09-05 18:29:36 ----D---- C:\TV
2014-09-02 13:36:54 ----D---- C:\Windows\system32\NDF
2014-08-29 17:10:49 ----D---- C:\ProgramData\TuneUpMedia
2014-08-29 03:26:30 ----RD---- C:\Users
2014-08-29 03:24:36 ----D---- C:\Windows\winsxs
2014-08-29 03:17:32 ----D---- C:\Windows\SysWOW64
2014-08-28 04:49:54 ----D---- C:\Windows\system32\catroot2
2014-08-28 04:49:54 ----D---- C:\Windows\system32\catroot
2014-08-17 05:04:43 ----D---- C:\Windows\Web
2014-08-17 05:04:43 ----D---- C:\Windows\system32\drivers
2014-08-15 16:14:32 ----RD---- C:\Program Files (x86)
2014-08-15 03:02:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-08-15 02:57:49 ----SHD---- C:\Windows\Installer
2014-08-15 02:57:49 ----D---- C:\Config.Msi
2014-08-14 17:42:17 ----D---- C:\Windows\rescache
2014-08-14 17:04:40 ----D---- C:\ProgramData\Malwarebytes
2014-08-14 16:37:50 ----D---- C:\ProgramData
2014-08-14 15:28:21 ----D---- C:\Windows\system32\Tasks
2014-08-14 09:31:50 ----D---- C:\Windows\Microsoft.NET
2014-08-14 09:30:18 ----RSD---- C:\Windows\assembly
2014-08-14 03:40:57 ----D---- C:\Windows\ehome
2014-08-14 03:40:56 ----RSD---- C:\Windows\Fonts
2014-08-14 03:40:54 ----D---- C:\Windows\SYSWOW64\en-US
2014-08-14 03:40:54 ----D---- C:\Windows\system32\en-US
2014-08-14 03:40:53 ----D---- C:\Program Files\Internet Explorer
2014-08-14 03:40:52 ----D---- C:\Windows\PolicyDefinitions
2014-08-14 03:40:51 ----D---- C:\Program Files (x86)\Internet Explorer
2014-08-14 03:25:29 ----D---- C:\ProgramData\Microsoft Help
2014-08-14 03:14:50 ----D---- C:\Windows\system32\MRT
2014-08-14 03:08:58 ----A---- C:\Windows\system32\MRT.exe
2014-08-14 03:00:58 ----SD---- C:\Windows\system32\CompatTel
2014-08-10 16:51:24 ----D---- C:\ProgramData\Oracle
2014-08-10 16:24:41 ----D---- C:\Program Files (x86)\Common Files
2014-08-10 16:24:06 ----D---- C:\Program Files (x86)\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 268512]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2014-07-23 130584]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2014-07-23 28600]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2014-07-23 117712]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 133928]
R2 PfFilter;PfFilter; \??\C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [2011-03-16 36792]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-11-02 2022304]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-02-25 2426672]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-18 189288]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-08-31 82816]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2013-02-05 57840]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-08 20336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-07-23 430160]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-07-23 430160]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-06-12 43336]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HsdService;HsdService; C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
R2 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 23808]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-10-23 922912]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-10-28 1364256]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ServicepointService;ServicepointService; C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2014-08-04 5099360]
R2 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
R2 WDFMEService;WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
R2 WDRulesService;WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-07-08 641352]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 347872]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-15 262320]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-30 651720]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-02-05 1512448]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-12-16 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-07-25 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-08-28 833728]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S4 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S4 Greg_Service;GRegService; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-30 119408]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-08-29 935208]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 OberonGameConsoleService;Oberon Media Game Console service; C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S4 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]

-----------------EOF-----------------

Minitoolbox log.

MiniToolBox by Farbar Version: 21-07-2014
Ran by Paul Gallagher (administrator) on 09-09-2014 at 13:13:30
Running from "C:\Users\Paul Gallagher\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




127.0.0.1 localhost

========================= IP Configuration: ================================

802.11n Wireless PCI Express Card LAN Adapter = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Den
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 70-F1-A1-32-F5-76
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11n Wireless PCI Express Card LAN Adapter
Physical Address. . . . . . . . . : 70-F1-A1-32-F5-77
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.0.8(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 08 September 2014 12:13:29
Lease Expires . . . . . . . . . . : 10 September 2014 12:13:36
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 194.168.4.100
194.168.8.100
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 44-87-FC-6C-CE-84
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: google.com
Addresses: 2a00:1450:400b:c02::64
64.15.115.84
64.15.115.118
64.15.115.93
64.15.115.98
64.15.115.119
64.15.115.109
64.15.115.104
64.15.115.94
64.15.115.99
64.15.115.89
64.15.115.113
64.15.115.123
64.15.115.103
64.15.115.108
64.15.115.88
64.15.115.114


Pinging google.com [64.15.115.93] with 32 bytes of data:
Reply from 64.15.115.93: bytes=32 time=12ms TTL=57
Reply from 64.15.115.93: bytes=32 time=10ms TTL=57

Ping statistics for 64.15.115.93:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 10ms, Maximum = 12ms, Average = 11ms
Server: cache1.service.virginmedia.net
Address: 194.168.4.100

Name: yahoo.com
Addresses: 98.139.183.24
206.190.36.45
98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=169ms TTL=47
Reply from 206.190.36.45: bytes=32 time=167ms TTL=47

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 167ms, Maximum = 169ms, Average = 168ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
13...70 f1 a1 32 f5 76 ......Microsoft Virtual WiFi Miniport Adapter
11...70 f1 a1 32 f5 77 ......802.11n Wireless PCI Express Card LAN Adapter
10...44 87 fc 6c ce 84 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.8 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.8 281
192.168.0.8 255.255.255.255 On-link 192.168.0.8 281
192.168.0.255 255.255.255.255 On-link 192.168.0.8 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.8 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.8 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================


=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Avira (HKLM-x32\...\{e67154a7-9cc5-4167-b782-f3982bc6c70d}) (Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.19.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.3.8.2513 - CDBurnerXP)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Football Manager 2014 (HKLM-x32\...\Steam App 231670) (Version: - Sports Interactive)
Football Manager 2014 Editor (HKLM-x32\...\Steam App 242460) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 en-GB)) (Version: 24.6.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Radialpoint Dashboard Patch version 13.12.23.29994 (x32 Version: 13.12.23.29994 - ) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
TeamViewer 8 Host (HKLM-x32\...\TeamViewer 8 Host) (Version: 8.0.30992 - TeamViewer)
WD SmartWare (HKLM\...\{23B47A34-0517-48DA-8B76-015DA8546893}) (Version: 1.5.1 - Western Digital)
Windows 7 Codec Pack 4.0.9 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.9 - Windows 7 Codec Pack)
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

========================= Devices: ================================

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Photosmart 3300 series
Description: Photosmart 3300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 72%
Total physical RAM: 4095.24 MB
Available physical RAM: 1106.21 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 4362.9 MB
Total Virtual: 4095.88 MB
Available Virtual: 3976.84 MB

========================= Partitions: =====================================

1 Drive c: (Packard Bell) (Fixed) (Total:459.45 GB) (Free:34.64 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:459.96 GB) (Free:30.79 GB) NTFS
4 Drive f: (WD SmartWare) (CDROM) (Total:0.63 GB) (Free:0 GB) UDF
8 Drive k: (Expansion Drive ) (Fixed) (Total:931.51 GB) (Free:613.03 GB) NTFS
9 Drive l: (My Passport) (Fixed) (Total:931.48 GB) (Free:48.76 GB) NTFS
11 Drive n: (My Passport "Black") (Fixed) (Total:297.44 GB) (Free:42.4 GB) NTFS
12 Drive o: (essential) (Fixed) (Total:931.51 GB) (Free:37.41 GB) NTFS
13 Drive p: (INTENSO) (Fixed) (Total:931.28 GB) (Free:39.28 GB) FAT32
14 Drive q: (SAMSUNG) (Fixed) (Total:1863.01 GB) (Free:970.28 GB) NTFS
15 Drive r: (Seagate Expansion Drive) (Fixed) (Total:1863.02 GB) (Free:197.36 GB) NTFS

========================= Users: ========================================

User accounts for \\DEN

Administrator FM13 Georgina
Guest Paul Gallagher Paul's Ipod
UpdatusUser


**** End of log ****
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
You have two antivirus applications installed. :eek:


I would like you to use Revo to remove these programs please. :)


Hit the start button at the bottom left hand corner of your Screen.
Type or copy and paste appwiz.cpl into the Run Box.
Hit enter.
Scroll down to the following item(s): Note: If you encounter a program that will not remove or is not listed then skip it please.

As an alternative you may use Revo Uninstaller Freeware Here is a good tutorial on the use of Revo Uninstaller.



Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)




Right Click one at a time and select remove.
Now close the programs and features window.
Once finished reboot the machine.

____________________________________________________________________________

I would suggest removing them both, Microsoft Security Essentials is as use less as windows defender. Also remove Avira as you can get the same protection Avira offers with 360 Total Security and more. This Av uses Avira and Bitdefender Definitions as well as others.


http://360safe.com/totalsecurity.html

Once you have installed it please run a full scan and remove any infected files. (If any)


I suggest that you download CCLEANER then run it, hit the option's button then settings,put a tick next to Run Ccleaner when the computer starts.
Also when in options go to advanced tab and put a tick next to close program after cleaning.
This will automate the temporary file removal on your machine and keep it speedy.
Disable all of the start ups on the machine except your antivirus.
To disable hit the tools button then the start up button,then disable.

____________________________________________________________________________
  • Download TFC by OldTimer to your desktop.
  • Close any open windows
  • Double click the TFC icon to run the program. (Vista/7/8 Users, Right Click and select Run as Admin)
  • TFC will close all open programs itself in order to run
  • Click the Start button to begin the process
  • Allow TFC to run uninterrupted
  • Once its finished it should automatically reboot your machine, if it doesn't, manually reboot to ensure a complete clean.


Now please let me know how the machine is running. :)
 

Malnutrition

Still Hungry
iHF Master Craftsman
Also Further inversitagation of your logs shows me that you had Avg installed. Have you run the removal tool? If not then please do so.
http://www.avg.com/us-en/utilities

  • Download the Adware Removal Tool.
  • Save it to your Desktop.
  • Right Click and Run as Admin.
  • Hit the Scan button.
  • Allow Completion.
  • Then Clean infections.
  • Allow the request to reboot.
  • Post the log in next reply.



Can you post a new New RSIT log after you have completed these steps as there are some items that need attention, aside from the Antivirus issue.....
 
Last edited:

DCiAdmin

Always room to learn a bit more
Administrator
iHF Legend
WCG Team Member
As too many cooks can spoil the broth, I will let Mal work through his tools with you. When you have an opportunity, Gallorg, you might want to try a browser other than IE and see if the problem sites still give you fits.
 

Gallorg

Active Member
iHF Regular
Ok here's the adware log

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v3.9
Time: 2014_09_10_15_57_43
OS: Windows 7 - 64 Bit
Account Name: Paul Gallagher
U0L0S36

\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

Deleted - File - C:\Users\Paul Gallagher\Appdata\Local\Amazon Cloud Player\Data\Artwork Cache\tmp\BABYLON ZOO-NOW THAT S WHAT I CALL DECADES 83 03.jpeg
Deleted - File - C:\Users\Paul Gallagher\Appdata\Local\Amazon Cloud Player\Data\Artwork Cache\tmp\BABYLON ZOO-NOW THAT S WHAT I CALL MUSIC 33.jpeg
Deleted - Folder - C:\program files (x86)\SopCast
Deleted - Folder - C:\Users\Paul Gallagher\Appdata\Local\iLivid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:tcp query user{e453a15a-3164-4784-af30-e51b88597d79}c:\program files (x86)\torntv.com\torntv downloader.exe
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:udp query user{7226028d-4754-4df0-8fe9-93cf344cb3af}c:\program files (x86)\torntv.com\torntv downloader.exe
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\microsoft\windows\Currentversion\run:torntv downloader
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname
Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10620B9-4BAB-46BF-ADE1-B8EEE1BA242F}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{17441535-87E2-4DE8-964B-A6BE45E6986F}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C98CCF1-910F-4A62-8228-2A65A475CCF}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1C98CCF1-910F-4A62-8228-2A65A475CCF}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{207328B9-F189-401B-BB1E-9B8F7EF550B}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FEAD2B7-5A0-4EC0-8528-2D2EB28BAC2}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A60BF55A-8D96-4C12-9FE9-6B359EA8635}:appname
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A60BF55A-8D96-4C12-9FE9-6B359EA8635}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F8235572-ED9C-4851-A276-88E257241829}:apppath
Deleted - RegistryValueData - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FE7AA36-A4B3-4251-9691-956F3EDC3147}:apppath
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:tcp query user{e453a15a-3164-4784-af30-e51b88597d79}c:\program files (x86)\torntv.com\torntv downloader.exe
Deleted - RegistryValue - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules:udp query user{7226028d-4754-4df0-8fe9-93cf344cb3af}c:\program files (x86)\torntv.com\torntv downloader.exe
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\microsoft\windows\Currentversion\run:torntv downloader
Deleted - RegistryValue - HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION:smartbar.exe
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC}

\\ Finished
 

Attachments

Last edited by a moderator:

Gallorg

Active Member
iHF Regular
ok tried running RSIT again but 360 total security is blocking it

PS - stupid question is my new anti-virus 360 total security?
 

Malnutrition

Still Hungry
iHF Master Craftsman
ok tried running RSIT again but 360 total security is blocking it

PS - stupid question is my new anti-virus 360 total security?

Yes you will need to disable it to run the tool. :)
Also run a full scan with 360 Total.

Please run this tool prior to the new RSIT log.


Please download zoek.zip or zoek.rar by smeenk (
) from here or here and save it to your Desktop.



  • Close any open browsers
  • Temporarily disable your AntiVirus program.If you are unsure how to do this please Follow this guide.
  • Right Click on Zoek and select Run as Administrator.
  • Zoek may take some time to start, this is normal!!
Copy the text in red below, paste into Zoek window.


createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
resethosts;
ipconfig /flushdns;b
iedefaults;
autoclean;


Click on
button. (As illustrated below.)




Zoek may take some time to complete, this is normal. Once finished the program will reboot your machine, if not then please do so manually.
Post the log created by Zoek you may find it on the C: drive.
 

Gallorg

Active Member
iHF Regular
Ok here's the 2 logs

Zoek Log.


Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Paul Gallagher on 11/09/2014 at 5:13:24.95.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Paul Gallagher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGLNJFC4\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/09/2014 05:15:49 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\BBC iPlayer Desktop deleted successfully
C:\PROGRA~2\Mediatwins software deleted successfully
C:\PROGRA~2\Panda Security deleted successfully
C:\PROGRA~2\VS Revo Group deleted successfully
C:\PROGRA~2\Western Digital deleted successfully
C:\Program Files\003 deleted successfully
C:\Program Files\VirginMedia deleted successfully
C:\PROGRA~3\Karen's Power Tools deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\PROGRA~3\Symantec deleted successfully
C:\PROGRA~3\xml_param deleted successfully
C:\PROGRA~3\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} deleted successfully
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted successfully
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} deleted successfully
C:\PROGRA~3\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} deleted successfully
C:\Users\Georgina\AppData\Roaming\DAEMON Tools Pro deleted successfully
C:\Users\Guest\AppData\Roaming\DAEMON Tools Pro deleted successfully
C:\Users\Paul Gallagher\AppData\Roaming\AccurateRip deleted successfully
C:\Users\Paul Gallagher\AppData\Roaming\FirefoxToolbar deleted successfully
C:\Users\Paul Gallagher\AppData\Roaming\Media Player Classic deleted successfully
C:\Users\Paul Gallagher\AppData\Roaming\TeamViewer deleted successfully
C:\Users\Paul Gallagher\AppData\Roaming\vlc deleted successfully
C:\Users\Paul Gallagher\AppData\Roaming\Vso deleted successfully
C:\Users\Paul Gallagher\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} deleted successfully
C:\Users\Paul's Ipod\AppData\Roaming\DAEMON Tools Pro deleted successfully
C:\Users\FM13\AppData\Local\VirtualStore deleted successfully
C:\Users\Paul Gallagher\AppData\Local\CrashDumps deleted successfully
C:\Users\Paul Gallagher\AppData\Local\Linkey deleted successfully
C:\Users\Paul Gallagher\AppData\Local\LogMeIn Rescue Applet deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1280295809-455121606-167572049-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} deleted successfully
HKEY_USERS\S-1-5-21-1280295809-455121606-167572049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1280295809-455121606-167572049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_USERS\S-1-5-21-1280295809-455121606-167572049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-1280295809-455121606-167572049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_USERS\S-1-5-21-1280295809-455121606-167572049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32004B8A-44A9-43E7-84E9-808838809519} deleted successfully
HKEY_USERS\S-1-5-21-1280295809-455121606-167572049-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YahooAUService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YahooAUService deleted successfully

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} not found
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} not found
C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001} not found
C:\PROGRA~3\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} not found
C:\PROGRA~2\Coupon Printer deleted
C:\PROGRA~2\FoxTabPDFConverter deleted
C:\PROGRA~2\Yahoo! deleted
C:\Users\Georgina\AppData\Roaming\Yahoo! deleted
C:\Users\Guest\AppData\Roaming\Yahoo! deleted
C:\Users\Paul Gallagher\AppData\Roaming\Yahoo! deleted
C:\Users\Paul Gallagher\AppData\Roaming\Open Download Manager deleted
C:\Users\Paul Gallagher\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\Yahoo! deleted
C:\PROGRA~3\Yahoo! Companion deleted
C:\PROGRA~3\FreeApp deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupon Printer deleted
C:\Users\Paul Gallagher\AppData\LocalLow\IminentToolbar deleted
C:\Users\Paul Gallagher\AppData\LocalLow\Yahoo! deleted
C:\Users\Paul Gallagher\AppData\LocalLow\IAC deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\wininit.ini deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\PAULGA~1\AppData\Roaming\Mozilla\Firefox\Profiles\zjm2bkb8.default\extensions\abs@avira.com deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"WebProtection@360safe.com"="C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox" [10/09/2014 13:14]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [14/05/2012 12:52]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PAULGA~1\AppData\Roaming\Thunderbird\Profiles\apxqcupb.default
- British English Dictionary Updated - %ProfilePath%\extensions\en-gb@flyingtophat.co.uk

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Paul Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\o9wgdi62.default-1401877949283
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
290728793D247DF6DC3D78B96D3654BB - C:\Users\Paul Gallagher\Downloads\npAmazonMP3DownloaderPlugin10174.dll - AmazonMP3DownloaderPlugin

Profilepath: C:\Users\Paul Gallagher\AppData\Roaming\Mozilla\Firefox\Profiles\zjm2bkb8.default
290728793D247DF6DC3D78B96D3654BB - C:\Users\Paul Gallagher\Downloads\npAmazonMP3DownloaderPlugin10174.dll - AmazonMP3DownloaderPlugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14/07/2014 18:22]

Skype Click to Call - Paul Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Google Voice Search Hotword (Beta) - Paul's Ipod\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
MSS+ Extension - Paul's Ipod\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Skype Click to Call - Paul's Ipod\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Chromium Startpages ======================

C:\Users\Paul's Ipod\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com",
"startup_urls": [ "http://www.google.com" ],


==== Chromium Fix ======================

C:\Users\Paul Gallagher\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.bbc.co.uk/news/"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Start Default_Page_URL"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.searchcompletion.com/?si=10197&bs=1&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://www.google.com"
"Default"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.bbc.co.uk/news/"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Unknown Url="Not_Found"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1280295809-455121606-167572049-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aimersoft Helper Compact.exe deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paul Gallagher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Paul Gallagher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STYCRCRW will be deleted at reboot
C:\Users\Paul Gallagher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGLNJFC4 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Paul Gallagher\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Paul's Ipod\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=821 folders=77 28126879 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\FM13\AppData\Local\temp emptied successfully
C:\Users\Georgina\AppData\Local\temp emptied successfully
C:\Users\Guest\AppData\Local\temp emptied successfully
C:\Users\Paul Gallagher\AppData\Local\Temp will be emptied at reboot
C:\Users\Paul's Ipod\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PAULGA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Paul Gallagher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STYCRCRW" not found
"C:\Users\Paul Gallagher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WGLNJFC4" not found

==== EOF on 11/09/2014 at 10:03:53.43 ======================

RSIT log.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Paul Gallagher at 2014-09-11 10:24:00
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 40 GB (8%) free of 470 GB
Total RAM: 4095 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:05, on 11/09/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17280)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Paul Gallagher.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
O4 - HKLM\..\Run: [QHSafeTray] "C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
O4 - HKCU\..\Run: [Spotify] "C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /AUTO
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} (Cisco SSL VPN Relay Loader) - https://user.ssl.eon.com/+CSCOL+/csvrloader32.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/Codebase/AxisCamControl.ocx
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} (MJPEGRender Control) - http://lochalsh-isleofskye.remotemanager.co.uk/common/activex/MJPEGRender.ocx
O16 - DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} (Sony SNC-RZ25 Control) - http://85.93.227.36/program/SonySncRz25View.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.marksandspencerpersonalised.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://85.221.20.19/activex/AMC.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} (CSD ActiveX Installer) - https://user.ssl.eon.com/CACHE/sdesktop/install/binaries/instweb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avira Service Host (Avira.OE.ServiceHost) - Unknown owner - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HsdService - Virgin Media - C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: 360 Total Security (QHActiveDefense) - Unknown owner - C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
O23 - Service: WDFMEService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
O23 - Service: WDRulesService - Western Digital - C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 14036 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
"C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe"
"C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe"
"C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Western Digital\WD SmartWare\WDFME.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-482583a5-f776-4573-ba7c-0d96e4ef9cb2 -SystemEventPortName:HostProcess-6b15a165-709f-4787-b600-7b2e090bb9bb -IoCancelEventPortName:HostProcess-e2fdfdc6-552b-433d-81cc-77a13a550968 -NonStateChangingEventPortName:HostProcess-b910d9c4-658f-48b6-a78a-97773ac0bf0b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:14715b88-524e-4969-b47b-1fa40a571a30 -DeviceGroupId:WpdFsGroup
notepad zoek-results.txt
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe"
"C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe" /start
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Users\Paul Gallagher\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4384 CREDAT:267521 /prefetch:2
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4384 CREDAT:4068757 /prefetch:2
"C:\Users\Paul Gallagher\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-08-10 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-08-10 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-27 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-27 194504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify"=C:\Users\Paul [2011-03-30 1588]
"CCleaner"=C:\Program Files (x86)\CCleaner\CCleaner64.exe [2014-08-21 6462744]
"Spotify Web Helper"=C:\Users\Paul [2011-03-30 1588]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2011-11-02 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-03 43816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
C:\Program Files (x86)\Xvidmovies\CheckUpdate.exe [2011-01-17 8192]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2014-07-03 43816]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2014-07-08 152392]
"Avira Systray"=C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [2014-08-04 161584]
"QHSafeTray"=C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [2014-08-29 1791600]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HsdService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ServicepointService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.ffds"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-09-11 10:10:17 ----SHD---- C:\$RECYCLE.BIN
2014-09-11 05:37:33 ----A---- C:\Windows\zoek-delete.exe
2014-09-11 05:37:32 ----D---- C:\Windows\Temp
2014-09-11 05:13:20 ----D---- C:\zoek_backup
2014-09-11 03:47:53 ----SHD---- C:\ProgramData\360Quarant
2014-09-11 03:47:53 ----SHD---- C:\$360Section
2014-09-10 16:11:53 ----A---- C:\Windows\system32\FNTCACHE.DAT
2014-09-10 15:57:44 ----A---- C:\Windows\SYSWOW64\subinacl.exe
2014-09-10 15:57:43 ----D---- C:\Program Files\Common Files\Microsoft
2014-09-10 15:57:43 ----D---- C:\Program Files\Adware-Removal-Tool
2014-09-10 13:22:04 ----SHD---- C:\Users\Paul Gallagher\AppData\Roaming\360Quarant
2014-09-10 13:16:37 ----D---- C:\Users\Paul Gallagher\AppData\Roaming\360safe
2014-09-10 13:15:28 ----A---- C:\Windows\system32\drivers\efimon.sys
2014-09-10 13:15:26 ----A---- C:\Windows\system32\drivers\360AvFlt.sys
2014-09-10 13:15:21 ----D---- C:\ProgramData\360safe
2014-09-10 13:15:13 ----A---- C:\Windows\system32\drivers\360fsflt.sys
2014-09-10 13:14:52 ----A---- C:\Windows\system32\drivers\360Camera64.sys
2014-09-10 13:14:48 ----A---- C:\Windows\system32\drivers\BAPIDRV64.SYS
2014-09-10 13:14:48 ----A---- C:\Windows\system32\drivers\360AntiHacker64.sys
2014-09-10 13:14:45 ----RSHD---- C:\360SANDBOX
2014-09-10 13:14:42 ----A---- C:\Windows\system32\drivers\360Box64.sys
2014-09-10 13:14:39 ----D---- C:\Program Files (x86)\360
2014-09-10 03:23:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-09-10 03:23:39 ----A---- C:\Windows\system32\ieui.dll
2014-09-10 03:23:37 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-09-10 03:23:37 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-09-10 03:23:37 ----A---- C:\Windows\system32\jscript9diag.dll
2014-09-10 03:23:37 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 03:23:37 ----A---- C:\Windows\system32\iernonce.dll
2014-09-10 03:23:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-09-10 03:23:36 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-09-10 03:23:36 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-09-10 03:23:36 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-09-10 03:23:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-09-10 03:23:36 ----A---- C:\Windows\system32\vbscript.dll
2014-09-10 03:23:36 ----A---- C:\Windows\system32\ieUnatt.exe
2014-09-10 03:23:36 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 03:23:36 ----A---- C:\Windows\system32\dxtrans.dll
2014-09-10 03:23:36 ----A---- C:\Windows\system32\dxtmsft.dll
2014-09-10 03:23:35 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-09-10 03:23:35 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-09-10 03:23:35 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-09-10 03:23:35 ----A---- C:\Windows\system32\msrating.dll
2014-09-10 03:23:35 ----A---- C:\Windows\system32\mshtmled.dll
2014-09-10 03:23:35 ----A---- C:\Windows\system32\msfeeds.dll
2014-09-10 03:23:35 ----A---- C:\Windows\system32\jsproxy.dll
2014-09-10 03:23:34 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-09-10 03:23:34 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-09-10 03:23:34 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-09-10 03:23:34 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-09-10 03:23:34 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-09-10 03:23:34 ----A---- C:\Windows\system32\iesetup.dll
2014-09-10 03:23:34 ----A---- C:\Windows\system32\iedkcs32.dll
2014-09-10 03:23:34 ----A---- C:\Windows\system32\ie4uinit.exe
2014-09-10 03:23:33 ----A---- C:\Windows\system32\mshtml.dll
2014-09-10 03:23:32 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-09-10 03:23:32 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-09-10 03:23:32 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-09-10 03:23:32 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-09-10 03:23:32 ----A---- C:\Windows\system32\ieapfltr.dll
2014-09-10 03:23:31 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-09-10 03:23:31 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 03:23:31 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-09-10 03:23:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-09-10 03:23:29 ----A---- C:\Windows\system32\wininet.dll
2014-09-10 03:23:29 ----A---- C:\Windows\system32\iertutil.dll
2014-09-10 03:23:28 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-09-10 03:23:28 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-09-10 03:23:28 ----A---- C:\Windows\system32\jscript9.dll
2014-09-10 03:23:27 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-09-10 03:23:27 ----A---- C:\Windows\system32\urlmon.dll
2014-09-10 03:23:25 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-09-10 03:23:24 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-09-10 03:23:24 ----A---- C:\Windows\system32\ieframe.dll
2014-09-10 03:03:27 ----A---- C:\Windows\SYSWOW64\msmpeg2vdec.dll
2014-09-10 03:03:27 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 01:21:07 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2014-09-10 00:35:56 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-09-10 00:35:56 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-09-10 00:35:17 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2014-09-10 00:35:17 ----A---- C:\Windows\system32\d3d10warp.dll
2014-09-10 00:34:54 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-09-10 00:34:54 ----A---- C:\Windows\system32\kerberos.dll
2014-09-10 00:34:53 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-09-10 00:34:53 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-09-10 00:34:53 ----A---- C:\Windows\system32\lsasrv.dll
2014-09-10 00:34:45 ----A---- C:\Windows\system32\aepdu.dll
2014-09-10 00:34:44 ----A---- C:\Windows\system32\aeinv.dll
2014-09-09 13:21:03 ----D---- C:\Program Files\trend micro
2014-09-09 13:21:02 ----D---- C:\rsit
2014-09-09 13:03:49 ----D---- C:\Program Files\Speccy
2014-09-08 17:37:02 ----D---- C:\Users\Paul Gallagher\AppData\Roaming\Spotify
2014-08-28 04:52:26 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2014-08-28 04:52:26 ----A---- C:\Windows\system32\win32k.sys
2014-08-28 04:52:26 ----A---- C:\Windows\system32\gdi32.dll
2014-08-14 17:05:14 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-08-14 17:04:40 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-14 17:04:40 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-08-14 17:04:40 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-08-14 16:37:51 ----D---- C:\Program Files (x86)\Avira
2014-08-14 16:37:50 ----D---- C:\ProgramData\Avira
2014-08-14 15:45:29 ----D---- C:\Windows\SYSWOW64\C2MP
2014-08-14 03:02:12 ----A---- C:\Windows\SYSWOW64\infocardapi.dll
2014-08-14 03:02:11 ----A---- C:\Windows\SYSWOW64\icardagt.exe
2014-08-14 03:02:11 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-14 03:02:11 ----A---- C:\Windows\system32\icardagt.exe
2014-08-14 03:02:10 ----A---- C:\Windows\SYSWOW64\icardres.dll
2014-08-14 03:02:10 ----A---- C:\Windows\system32\icardres.dll
2014-08-14 03:01:48 ----A---- C:\Windows\SYSWOW64\TsWpfWrp.exe
2014-08-14 03:01:48 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-13 18:36:02 ----D---- C:\Program Files (x86)\SpeedFan
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDYAK.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDTAT.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDRU1.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDRU.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\SYSWOW64\KBDBASH.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-13 11:55:55 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-13 11:55:54 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-13 11:55:54 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-13 11:55:54 ----A---- C:\Windows\system32\KBDBASH.DLL
2014-08-13 11:55:45 ----A---- C:\Windows\SYSWOW64\tzres.dll
2014-08-13 11:55:45 ----A---- C:\Windows\system32\tzres.dll
2014-08-13 11:55:35 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-08-13 11:55:35 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-08-13 11:55:35 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-08-13 11:55:35 ----A---- C:\Windows\system32\msihnd.dll
2014-08-13 11:55:35 ----A---- C:\Windows\system32\msi.dll
2014-08-13 11:55:35 ----A---- C:\Windows\system32\consent.exe
2014-08-13 11:55:35 ----A---- C:\Windows\system32\authui.dll
2014-08-13 11:55:24 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-13 11:55:18 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-08-13 11:55:18 ----A---- C:\Windows\system32\shell32.dll
2014-08-13 11:54:14 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2014-08-13 11:54:14 ----A---- C:\Windows\system32\rpcrt4.dll

======List of files/folders modified in the last 1 month======

2014-09-11 10:20:54 ----D---- C:\Windows\system32\config
2014-09-11 10:10:23 ----D---- C:\Windows\SoftwareDistribution
2014-09-11 10:10:22 ----D---- C:\Windows\system32\LogFiles
2014-09-11 10:10:17 ----AD---- C:\Windows
2014-09-11 10:02:06 ----D---- C:\ProgramData\NVIDIA
2014-09-11 09:07:10 ----D---- C:\Windows\Prefetch
2014-09-11 07:12:07 ----SHD---- C:\System Volume Information
2014-09-11 06:22:02 ----D---- C:\Windows\rescache
2014-09-11 05:31:53 ----D---- C:\ProgramData
2014-09-11 05:31:52 ----RD---- C:\Program Files (x86)
2014-09-11 05:18:08 ----RD---- C:\Program Files
2014-09-11 05:15:58 ----D---- C:\Windows\system32\drivers\etc
2014-09-11 05:13:21 ----D---- C:\Windows\SysWOW64
2014-09-11 03:47:53 ----D---- C:\Windows\system32\OEM
2014-09-10 17:59:17 ----D---- C:\Users\Paul Gallagher\AppData\Roaming\TuneUpMedia
2014-09-10 17:32:14 ----D---- C:\Windows\inf
2014-09-10 16:11:53 ----D---- C:\Windows\System32
2014-09-10 16:09:36 ----D---- C:\Windows\Tasks
2014-09-10 15:57:43 ----D---- C:\Program Files\Common Files
2014-09-10 13:38:45 ----D---- C:\Users\Paul Gallagher\AppData\Roaming\DAEMON Tools Pro
2014-09-10 13:38:45 ----D---- C:\Program Files (x86)\Steam
2014-09-10 13:38:19 ----SHD---- C:\Windows\Installer
2014-09-10 13:38:19 ----D---- C:\Config.Msi
2014-09-10 13:38:16 ----D---- C:\Windows\winsxs
2014-09-10 13:38:10 ----D---- C:\Program Files (x86)\MSXML 4.0
2014-09-10 13:36:40 ----D---- C:\Windows\SYSWOW64\LogFiles
2014-09-10 13:32:58 ----D---- C:\Windows\system32\NDF
2014-09-10 13:29:42 ----D---- C:\Windows\system32\Tasks
2014-09-10 13:29:38 ----D---- C:\Program Files (x86)\CCleaner
2014-09-10 13:25:15 ----D---- C:\Windows\Downloaded Program Files
2014-09-10 13:25:04 ----D---- C:\Windows\Panther
2014-09-10 13:25:03 ----D---- C:\Windows\system32\catroot2
2014-09-10 13:25:03 ----D---- C:\Windows\Logs
2014-09-10 13:25:03 ----D---- C:\Windows\debug
2014-09-10 13:24:42 ----D---- C:\Windows\Minidump
2014-09-10 13:15:28 ----D---- C:\Windows\system32\drivers
2014-09-10 04:22:31 ----D---- C:\Windows\Microsoft.NET
2014-09-10 04:21:29 ----RSD---- C:\Windows\assembly
2014-09-10 03:53:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-10 03:44:12 ----D---- C:\Windows\system32\catroot
2014-09-10 03:43:45 ----D---- C:\Program Files\Internet Explorer
2014-09-10 03:43:44 ----D---- C:\Windows\SYSWOW64\en-US
2014-09-10 03:43:43 ----D---- C:\Windows\system32\en-US
2014-09-10 03:43:42 ----D---- C:\Program Files (x86)\Internet Explorer
2014-09-10 03:22:34 ----D---- C:\ProgramData\Microsoft Help
2014-09-10 03:20:19 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-09-10 03:17:50 ----D---- C:\Windows\system32\MRT
2014-09-10 03:04:31 ----A---- C:\Windows\system32\MRT.exe
2014-09-10 03:03:18 ----SD---- C:\Windows\system32\CompatTel
2014-09-10 01:21:25 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-09-09 17:47:08 ----D---- C:\ProgramData\TuneUpMedia
2014-09-05 18:29:36 ----D---- C:\TV
2014-08-29 03:26:30 ----RD---- C:\Users
2014-08-25 06:53:42 ----N---- C:\Windows\system32\MpSigStub.exe
2014-08-17 05:04:43 ----D---- C:\Windows\Web
2014-08-14 17:04:40 ----D---- C:\ProgramData\Malwarebytes
2014-08-14 03:40:57 ----D---- C:\Windows\ehome
2014-08-14 03:40:56 ----RSD---- C:\Windows\Fonts
2014-08-14 03:40:52 ----D---- C:\Windows\PolicyDefinitions

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R1 360Box64;360Box mini-filter driver; C:\Windows\system32\DRIVERS\360Box64.sys [2014-08-29 305736]
R1 360FsFlt;360FsFlt mini-filter driver; C:\Windows\system32\DRIVERS\360FsFlt.sys [2014-08-29 311888]
R1 BAPIDRV;BAPIDRV; C:\Windows\system32\DRIVERS\BAPIDRV64.sys [2014-08-29 180816]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 PfFilter;PfFilter; \??\C:\Program Files (x86)\IObit\Protected Folder\pffilter.sys [2011-03-16 36792]
R3 360AvFlt;360AvFlt mini-filter driver; C:\Windows\system32\DRIVERS\360AvFlt.sys [2014-08-29 77896]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-11-02 2022304]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-02-25 2426672]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-18 189288]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-08-31 82816]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S3 360AntiHacker;360Safe Anti Hacker Service; C:\Windows\System32\Drivers\360AntiHacker64.sys [2014-08-29 100424]
S3 360Camera;360Safe Camera Filter Service; C:\Windows\System32\Drivers\360Camera64.sys [2014-08-29 40520]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2013-02-05 57840]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 ivusb;Initio Driver for USB Default Controller; C:\Windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RegFilter;RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2011-09-20 33184]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 UrlFilter;UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2011-09-20 21872]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S4 FileMonitor;FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-10-08 20336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2014-06-12 43336]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HsdService;HsdService; C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [2011-03-23 1406264]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-10-23 922912]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 QHActiveDefense;360 Total Security; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [2014-08-29 707184]
R2 ServicepointService;ServicepointService; C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2014-08-04 5099360]
R2 WDDMService;WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
R2 WDFMEService;WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
R2 WDRulesService;WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2014-07-08 641352]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7; c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-08 169312]
S2 Avira.OE.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 267440]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
S3 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-08-30 651720]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-02-05 1512448]
S3 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 135664]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-09-01 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-12-16 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-08-18 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-10-28 1364256]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-08-28 833728]
S3 Updater Service;Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-07-04 240160]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-08-30 1255736]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S4 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
S4 Greg_Service;GRegService; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S4 IMFservice;IMF Service; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-10-30 119408]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-08-29 935208]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 OberonGameConsoleService;Oberon Media Game Console service; C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe [2009-08-29 44312]
S4 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]

-----------------EOF-----------------
 

Attachments

Last edited by a moderator:

Malnutrition

Still Hungry
iHF Master Craftsman
It seems Avira is still installed can you please remove it.

O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe

Have you ran a full scan with 360?

Please download Junkware Removal Tool and save it on your desktop.




  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please attach the JRT log.


Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 

Gallorg

Active Member
iHF Regular
O4 - HKLM\..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe - DONE

Have you ran a full scan with 360? - Yes
 

Malnutrition

Still Hungry
iHF Master Craftsman
How is the machine?'
'

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Top