Possible email account hacked

Discussion in 'Malware Removal' started by JokersWild75, Aug 28, 2013.

  1. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    Hi

    I have received an email from myself (my own email account) 0r that is how it looks it is an yahoo.co.uk email account the one I have on here.

    something about medstore discounts the email itself is usual spam stuff just that it looks like it is from me is the worry part not sure how to confirm if I actually have been hacked or it just appears I have.

    hope someone can help just let me know what I need to post and I will try and get it.

    Regards
    JokersWild75
  2. Offline
    PseFrank

    PseFrank SUPER MODERATOR Super Moderators

    Joined:
    Nov 10, 2010
    Messages:
    791
    Location:
    Cambridge UK
    Log into your email account and change your details straight away.

    Ask your friends and contacts if they have received any similar emails from you.
  3. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    Hi

    Thanks

    I have changed the password on it anything else i should have done ... nobody i know seems to have had a email from me as far as i can tell yet

    regards
    JokersWild75
  4. Offline
    PseFrank

    PseFrank SUPER MODERATOR Super Moderators

    Joined:
    Nov 10, 2010
    Messages:
    791
    Location:
    Cambridge UK
    You'll probably be ok...but just to be safe I'd advise changing other passwords as well...at least on accounts like online banking, etc.
  5. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    Hi

    Okay got it thanks ..very quick response indeed

    Regards
    JokersWild75
  6. Offline
    Plastic Nev

    Plastic Nev SUPER MODERATOR Super Moderators

    Joined:
    May 2, 2009
    Messages:
    2,176
    Location:
    In front of a monitor in Blackburn Lanc's UK.
    Hi just a bit more to follow Franks good advice regarding passwords.
    It is good sense to have different passwords for at least different types of things you do on line. Too many people use the same password for everything, from a log on to this forum, other forums, or facebook, right through to the main bank account. The bad guys know this, so when they have hacked into your E Mail account by guessing the password correctly for that, they can then get into your bank account and empty it.
    OK, you learn that lesson, then still use a poorly constructed password, maybe different one for each purpose , but still easily guessed by the computer programs used. The hackers use a computer program that fires well known types of password at your E Mail account, if yours is one of that type, sooner or later the computer will hit the right password and get in.
    A good strong password is definitely not anything that can be linked to you personally, such as family names or nicknames, streets, roads, towns, etc.
    Ideally, it should be at least ten or more characters and numbers mixed together in a random order. OK, difficult to remember, but by that token, difficult to hack too.

    Nev.
  7. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    Hi Guys,

    Good advice and something I will try and follow for sure ..however I got another email that looks like it from me again today that is after I changed the password.

    So I have a theory but of course I most likely and probably are far off with this as I am clueless but these emails maybe just look like they are from me like targeted spam could this be possible?

    I use Windows Live Mail is there a way to send the info safely so someone can check if is coming from my own inbox or not? and of course what and how would and how would help also.

    Regards
    JokersWild75
  8. Offline
    Plastic Nev

    Plastic Nev SUPER MODERATOR Super Moderators

    Joined:
    May 2, 2009
    Messages:
    2,176
    Location:
    In front of a monitor in Blackburn Lanc's UK.
    Hi, if only recently changed your password, they may just have got that mail out before you changed it, however, if there is more after the last one, you just might have something unwanted on your computer, in which case please follow the instructions in Malware removal for whichever operating system you are using, and post the logs asked for.

    Nev.
  9. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    Hi Nev,

    I have had another one so I am following the instructions in the Malware Removal, will I post the logs to this topic or make another within the Malware Removal.

    Regards
    JokersWild75
  10. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    I have followed the steps in Malware Removal step 1 through to step 3 successfully just cannot do step 4 I cannot download the aswMBR.exe it will not download well it is at a mega slow rate going to take over an hour to download not my connection it is ok it downloaded OTL ok .

    I was gonna ask before running it but if it make a difference I have avast already.

    Just waiting on how to proceed

  11. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    Got this now and have the log

  12. Offline
    Plastic Nev

    Plastic Nev SUPER MODERATOR Super Moderators

    Joined:
    May 2, 2009
    Messages:
    2,176
    Location:
    In front of a monitor in Blackburn Lanc's UK.
    Hi, I have moved the thread over to here to save confusion, please post your logs next in here, and I will alert the malware guys about it.

    Nev.
  13. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    ok here they come:
    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.29.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16660
    Paul :: FAMILY2 [limited]

    29/08/13 18:57:51
    mbam-log-2013-08-29 (18-57-51).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 400241
    Time elapsed: 47 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    OTL logfile created on: 29/08/13 19:50:22 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16660)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy

    1.75 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 47.66% Memory free
    3.50 Gb Paging File | 2.24 Gb Available in Paging File | 63.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.13 Gb Total Space | 197.25 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
    Drive H: | 1863.01 Gb Total Space | 1229.71 Gb Free Space | 66.01% Space Free | Partition Type: NTFS

    Computer Name: FAMILY2 | User Name: Paul | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
    PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (Live Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Incorporated)
    SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
    SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
    SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
    SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    SRV - (GREGService) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe (Acer Incorporated)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
    DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
    DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
    DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
    DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
    DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
    DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (gwmvid) -- C:\Windows\SysNative\drivers\gwmvid.sys (Windows (R) Codename Longhorn DDK provider)
    DRV:64bit: - (gwrdmir) -- C:\Windows\SysNative\drivers\gwrdmir.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
    DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
    DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
    DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
    DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Paul\Desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKCU\..\SearchScopes,DefaultScope = {0B696672-CAC0-42AA-B206-C1FD9D0C68ED}
    IE - HKCU\..\SearchScopes\{0B696672-CAC0-42AA-B206-C1FD9D0C68ED}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Amazon (UK) Search Suggestions"
    FF - prefs.js..browser.search.selectedEngine: "Amazon (UK) Search Suggestions"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
    FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
    FF - prefs.js..extensions.enabledAddons: extensionlistdumper%40sogame.cat:1.15.2
    FF - prefs.js..extensions.enabledAddons: FavIconReloader%40mozilla.org:0.8
    FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
    FF - prefs.js..extensions.enabledAddons: %7BE10A6337-382E-4FE6-96DE-936ADC34DD04%7D:1.4.3
    FF - prefs.js..extensions.enabledAddons: CloneTab%40alex-koliada.com:1.0.1
    FF - prefs.js..extensions.enabledAddons: autorefresh%40plugin:1.0.2
    FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:10.0
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
    FF - prefs.js..network.proxy.ftp: "54.232.227.85"
    FF - prefs.js..network.proxy.ftp_port: 3128
    FF - prefs.js..network.proxy.http: "54.232.227.85"
    FF - prefs.js..network.proxy.http_port: 3128
    FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "54.232.227.85"
    FF - prefs.js..network.proxy.socks_port: 3128
    FF - prefs.js..network.proxy.ssl: "54.232.227.85"
    FF - prefs.js..network.proxy.ssl_port: 3128
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/23 00:29:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/06/27 20:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
    [2013/08/27 00:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions
    [2013/06/30 23:42:30 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2013/08/27 00:49:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/06/29 17:37:56 | 000,000,000 | ---D | M] (FavIconReloader) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\FavIconReloader@mozilla.org
    [2013/07/12 02:19:42 | 000,036,763 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\autorefresh@plugin.xpi
    [2013/07/10 00:10:13 | 000,002,421 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\CloneTab@alex-koliada.com.xpi
    [2013/07/09 21:28:13 | 000,011,479 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\CNT@ednovak.net.xpi
    [2013/07/03 02:06:48 | 000,016,387 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\downloadpaneltweaks@dagger2-addons.mozilla.org.xpi
    [2013/06/28 11:55:31 | 000,075,035 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\extensionlistdumper@sogame.cat.xpi
    [2013/06/28 11:55:31 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\personas@christopher.beard.xpi
    [2013/08/17 22:24:39 | 000,098,081 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\printedit@DW-dev.xpi
    [2013/06/28 11:55:31 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\stealthyextension@gmail.com.xpi
    [2013/07/30 23:37:13 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/06/30 23:43:20 | 000,048,903 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
    [2013/07/06 12:31:03 | 000,002,586 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\searchplugins\amazon-united-kingdom-search-suggestions.xml
    [2013/08/18 03:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/08/18 03:20:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    O1 HOSTS File: ([2013/06/20 09:14:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} https://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab (PrintEngine ActiveX Control v4.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45C30D9B-AA1E-40DD-8E34-204F2BCE2AD7}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (c:\Windows\SysWOW64\guard32.dll) - c:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/29 06:52:30 | 000,000,035 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    MsConfig:64bit - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    MsConfig:64bit - StartUpReg: Hotkey Utility - hkey= - key= - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
    MsConfig:64bit - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
    MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
    MsConfig:64bit - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
    MsConfig:64bit - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
    MsConfig:64bit - StartUpReg: SanDiskSecureAccess_Manager.exe - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
    MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    MsConfig:64bit - StartUpReg: Xvid - hkey= - key= - C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
    MsConfig:64bit - State: "services" - Reg Error: Key error.
    MsConfig:64bit - State: "startup" - Reg Error: Key error.

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/08/29 19:09:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    [2013/08/29 18:49:29 | 000,000,000 | ---D | C] -- C:\erdnt
    [2013/08/29 18:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/08/29 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2013/08/29 18:47:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Paul\Desktop\erunt-setup.exe
    [2013/08/29 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{E8720900-E6EF-44BD-99DD-662D3F9BC041}
    [2013/08/29 02:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeDigger
    [2013/08/29 02:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TubeDigger
    [2013/08/28 21:31:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{BA22C9BC-7E5B-427A-ABDB-702DF3D28225}
    [2013/08/28 04:37:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{657673DC-7C32-461B-9BB4-6C56F23CC90E}
    [2013/08/27 23:20:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Ashampoo
    [2013/08/27 23:20:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\ashampoo
    [2013/08/27 23:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
    [2013/08/27 23:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
    [2013/08/27 23:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
    [2013/08/26 04:59:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2013/08/25 02:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2013/08/24 01:25:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/08/18 03:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/08/17 23:39:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Ben School Uniform
    [2013/08/13 19:48:58 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/08/13 19:48:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/08/13 19:48:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/08/13 19:48:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/08/13 19:48:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/08/13 19:48:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/08/13 19:48:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/08/13 19:48:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/08/13 19:48:52 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/08/13 19:48:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/08/13 19:48:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/08/13 19:48:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/08/13 19:48:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/08/13 19:48:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/08/13 19:48:40 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/08/13 19:37:55 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2013/08/13 19:37:54 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2013/08/13 19:37:47 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
    [2013/08/13 19:37:33 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/08/13 19:37:32 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2013/08/13 19:37:32 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2013/08/13 19:37:03 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/08/13 19:37:01 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/08/13 19:37:01 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/08/13 19:37:00 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2013/08/13 19:36:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/08/13 19:36:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/08/13 19:36:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/08/13 19:36:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/08/13 19:36:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/08/13 19:36:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/08/07 01:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    [2013/08/07 01:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap

    ========== Files - Modified Within 30 Days ==========

    [2013/08/29 19:34:53 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/08/29 19:34:53 | 000,664,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/08/29 19:34:53 | 000,125,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/08/29 19:29:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/08/29 19:09:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    [2013/08/29 18:47:57 | 000,001,068 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/08/29 18:47:43 | 000,000,888 | ---- | M] () -- C:\Users\Paul\Desktop\NTREGOPT.lnk
    [2013/08/29 18:47:43 | 000,000,869 | ---- | M] () -- C:\Users\Paul\Desktop\ERUNT.lnk
    [2013/08/29 18:47:08 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Paul\Desktop\erunt-setup.exe
    [2013/08/29 18:10:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000UA.job
    [2013/08/29 15:10:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000Core.job
    [2013/08/29 14:11:52 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/08/29 14:11:52 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/08/29 14:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/08/29 14:04:14 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys
    [2013/08/29 03:26:16 | 000,000,222 | ---- | M] () -- C:\Users\Paul\.swfinfo
    [2013/08/29 02:52:43 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\TubeDigger.lnk
    [2013/08/27 23:20:34 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
    [2013/08/25 02:29:22 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/08/24 02:14:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/08/24 02:14:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/08/24 01:51:14 | 000,000,538 | ---- | M] () -- C:\Users\Paul\Desktop\WIN7 Ext Drive 2TB (H).lnk
    [2013/08/19 05:21:43 | 469,844,005 | ---- | M] () -- C:\Users\Paul\Desktop\SummerSlam Kickoff - Dean Ambrose vs. Rob Van Dam.mp4
    [2013/08/18 01:08:26 | 000,223,738 | ---- | M] () -- C:\Users\Paul\Documents\sf246 instruction manual _version 18-10-07_.pdf
    [2013/08/16 04:37:50 | 000,000,000 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
    [2013/08/15 20:50:19 | 478,760,581 | ---- | M] () -- C:\Users\Paul\Desktop\By.Rulez.W.M.2013.08.14.HDTV.mp4
    [2013/08/14 21:54:20 | 000,285,228 | ---- | M] () -- C:\Users\Paul\Desktop\RingTone-Bastille - Pompeii.mp3
    [2013/08/11 22:45:32 | 000,959,222 | ---- | M] () -- C:\Users\Paul\Desktop\TQB0E2329U.pdf
    [2013/08/11 19:19:10 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/08/11 19:19:10 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
    [2013/08/05 22:23:08 | 001,394,626 | ---- | M] () -- C:\Users\Paul\Documents\38163v01s7-06.pdf
    [2013/08/05 22:03:50 | 000,179,809 | ---- | M] () -- C:\Users\Paul\Documents\E7Q-UserGuide.pdf
    [2013/08/05 21:44:48 | 000,000,845 | ---- | M] () -- C:\Users\Paul\AppData\Local\recently-used.xbel
    [2013/08/02 05:10:26 | 012,791,152 | ---- | M] () -- C:\Users\Paul\Documents\el1358.pdf

    ========== Files Created - No Company Name ==========

    [2013/08/29 18:47:57 | 000,001,068 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/08/29 18:47:43 | 000,000,888 | ---- | C] () -- C:\Users\Paul\Desktop\NTREGOPT.lnk
    [2013/08/29 18:47:43 | 000,000,869 | ---- | C] () -- C:\Users\Paul\Desktop\ERUNT.lnk
    [2013/08/29 03:26:16 | 000,000,222 | ---- | C] () -- C:\Users\Paul\.swfinfo
    [2013/08/29 02:52:43 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\TubeDigger.lnk
    [2013/08/27 23:20:34 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
    [2013/08/25 02:29:22 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/08/19 05:01:25 | 469,844,005 | ---- | C] () -- C:\Users\Paul\Desktop\SummerSlam Kickoff - Dean Ambrose vs. Rob Van Dam.mp4
    [2013/08/18 01:08:26 | 000,223,738 | ---- | C] () -- C:\Users\Paul\Documents\sf246 instruction manual _version 18-10-07_.pdf
    [2013/08/16 04:37:50 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
    [2013/08/15 20:33:22 | 478,760,581 | ---- | C] () -- C:\Users\Paul\Desktop\By.Rulez.W.M.2013.08.14.HDTV.mp4
    [2013/08/14 21:54:17 | 000,285,228 | ---- | C] () -- C:\Users\Paul\Desktop\RingTone-Bastille - Pompeii.mp3
    [2013/08/11 22:45:31 | 000,959,222 | ---- | C] () -- C:\Users\Paul\Desktop\TQB0E2329U.pdf
    [2013/08/05 22:23:08 | 001,394,626 | ---- | C] () -- C:\Users\Paul\Documents\38163v01s7-06.pdf
    [2013/08/05 22:03:50 | 000,179,809 | ---- | C] () -- C:\Users\Paul\Documents\E7Q-UserGuide.pdf
    [2013/08/05 21:44:48 | 000,000,845 | ---- | C] () -- C:\Users\Paul\AppData\Local\recently-used.xbel
    [2013/08/02 05:09:52 | 012,791,152 | ---- | C] () -- C:\Users\Paul\Documents\el1358.pdf
    [2013/04/19 01:24:16 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2013/01/09 09:37:16 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\tcjpaut.dll
    [2013/01/09 09:37:16 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\nfmonko.dll
    [2013/01/09 09:37:16 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\v8sos1h.dll
    [2012/09/11 23:37:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
    [2012/07/22 02:46:04 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/03/29 14:53:06 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MobOlExt.dll
    [2012/03/19 15:24:47 | 000,022,528 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/22 14:43:51 | 000,000,288 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\.backup.dm
    [2011/09/29 17:13:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011/09/29 17:08:52 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
    [2011/09/28 21:31:14 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/09/28 21:31:14 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/09/28 21:19:10 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/09/28 11:48:24 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\532E1276CB.sys
    [2011/09/28 11:48:22 | 000,005,018 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
    [2011/09/27 23:37:41 | 000,764,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/04/25 18:44:01 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\addpcs
    [2013/04/12 03:34:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\aignes
    [2011/09/28 08:18:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\AnvSoft
    [2013/08/27 23:20:52 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Ashampoo
    [2013/08/14 21:51:37 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Audacity
    [2012/08/31 18:25:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\calibre
    [2013/05/09 02:47:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\com.cam4dancer.app
    [2013/02/06 00:19:41 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\DVDVideoSoft
    [2013/02/07 09:06:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FLVPlayer4Free
    [2012/04/05 05:03:28 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FVDIEPlugin
    [2011/11/02 08:06:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
    [2013/05/07 22:41:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\IrfanView
    [2013/05/15 18:46:04 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nokia
    [2011/09/27 14:27:39 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\OEM
    [2013/04/17 00:12:30 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Opera
    [2013/05/04 00:48:49 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Oracle
    [2013/02/28 04:06:32 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Orbit
    [2013/05/15 18:46:05 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite
    [2013/02/28 02:57:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ProgSense
    [2012/05/02 00:03:56 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\SanDisk SecureAccess
    [2012/05/13 19:00:43 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ScanSoft
    [2013/03/27 15:29:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Sensory
    [2011/10/11 21:45:34 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Thunderbird
    [2013/08/26 14:30:13 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent
    [2011/10/04 00:10:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Windows Live Writer
    [2012/03/29 03:24:29 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Xilisoft Corporation
    [2012/05/13 19:00:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Zeon

    ========== Purity Check ==========



    ========== Custom Scans ==========

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD50 00AAKX-221CA SCSI Disk Device
    Partitions: 3
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
    Interface type: USB
    Media Type: External hard disk media
    Model: Seagate Desktop USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 -
    Interface type: USB
    Media Type:
    Model: Generic- Multi-Card USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 20.00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 20972568576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 446.00GB
    Starting Offset: 21077426176
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 1,863.00GB
    Starting Offset: 32256
    Hidden sectors: 0


    < %SYSTEMDRIVE%\*.* >
    [2011/03/18 05:16:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/02/13 06:12:36 | 000,004,191 | ---- | M] () \E2Z1LP61.MD5 -- C:\E2Z1LP61.MD5
    [2013/08/29 14:04:14 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys
    [2013/05/03 01:04:24 | 000,040,693 | ---- | M] () -- C:\JavaRa.log
    [2011/02/13 06:10:35 | 000,000,622 | ---- | M] () -- C:\LPCD.DAT
    [2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2013/08/29 14:04:15 | 1878,384,640 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\*.exe /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\* >
    [2009/07/14 05:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/08/18 03:20:12 | 000,869,656 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/08/18 03:20:12 | 000,869,656 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/08/18 03:20:12 | 000,869,656 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" [2013/08/18 03:20:14 | 000,276,376 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013/08/18 03:20:14 | 000,276,376 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013/08/18 03:20:14 | 000,276,376 | ---- | M] (Mozilla Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013/07/26 07:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2013/07/26 07:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013/08/18 03:20:12 | 000,869,656 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013/08/18 03:20:12 | 000,869,656 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013/08/18 03:20:12 | 000,869,656 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" [2013/08/18 03:20:14 | 000,276,376 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013/08/18 03:20:14 | 000,276,376 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013/08/18 03:20:14 | 000,276,376 | ---- | M] (Mozilla Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013/07/26 06:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013/07/26 06:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013/07/26 06:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/07/26 07:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE [2013/07/26 07:23:39 | 000,775,256 | ---- | M] (Microsoft Corporation)

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >

    OTL Extras logfile created on: 29/08/13 19:50:22 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16660)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy

    1.75 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 47.66% Memory free
    3.50 Gb Paging File | 2.24 Gb Available in Paging File | 63.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.13 Gb Total Space | 197.25 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
    Drive H: | 1863.01 Gb Total Space | 1229.71 Gb Free Space | 66.01% Space Free | Partition Type: NTFS

    Computer Name: FAMILY2 | User Name: Paul | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0163D49C-D3BD-4E15-A621-720056421B14}" = rport=139 | protocol=6 | dir=out | app=system |
    "{02702671-4B50-4EF8-840F-8A7EE2929F35}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{0BEC96EB-125E-410D-9ABD-70977EAB5E67}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{0FF0FCB4-15DB-4CAA-A260-5EE0F65DA340}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{27284B32-3282-437F-8B7A-BA09ECEAA27E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3A76CE91-8249-47F0-BADD-D44A8D423854}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4A30DBD3-43F4-4FBB-9BF4-AE61B21A8944}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{500514EE-4A14-424D-9CFC-96C8CDDCE6BB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5461BAE0-0CA4-40A7-899A-7624228BC808}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{59F4D9B5-4EAA-46BB-BF6A-D3821E13CD7A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6B39A4FF-D2C4-4C8E-8275-43628C2AFB6B}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{71A94DF5-A26E-41F0-8DEA-08654B295312}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{73631E04-1E92-4C86-9D22-48CC8AAD4045}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{75FF0530-8CA7-49DC-B49E-E49DEF6A75D7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{78D4A119-E0E7-4480-95DB-095D96B24FCF}" = lport=137 | protocol=17 | dir=in | app=system |
    "{7C1E75FB-8C54-4C08-94C7-310AEF361490}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7D688CF9-771D-49AC-9602-5FD8BEB5ACD7}" = lport=138 | protocol=17 | dir=in | app=system |
    "{7E361B54-71E1-45D3-8683-BBB99286765D}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{83D00D4D-5257-4032-B857-18E2E6A9A73F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8956BAE2-7D35-446F-9190-3D8D8ECE6FD6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{9B2EEFEB-1958-4BC4-82F2-3CE2A74F5829}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A9ACF53C-073D-4D60-9947-A86E3ADDAD23}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{B82EF25D-1563-4276-B9BD-364025AB7DD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BACC00E9-AC28-4BFB-B9B2-7E45BB70CA34}" = rport=445 | protocol=6 | dir=out | app=system |
    "{BC994478-27B3-4FF6-84D2-E2B011CC80AB}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C92A5CBF-5930-4180-BCF2-1109DAA58B20}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D9133506-F517-4968-8ECE-87881D170422}" = lport=445 | protocol=6 | dir=in | app=system |
    "{DB42D457-E16C-4CF2-B977-AD25A60BF36A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{DE16472B-4218-4C22-9826-C8ADFD81AE9B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E8308B3F-16CF-4E8D-994A-5B6DE9B0F2A6}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F1082783-051D-47E8-91EE-D52400A7E25C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{F3B3FF09-CD1E-40F0-B6D5-5334691B6637}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FD3B207F-616B-4965-BD1F-15A6CBCADD6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{013FD2B7-C642-4974-96B5-E2DFE048A6F1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{018EA267-D113-4B57-B079-4368B2951773}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{03B46737-A0E7-4BB0-828B-1F6EB34CC213}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{0C03303D-1750-4362-9A5A-BCE4932BDF4D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0CCDBC61-BBCE-4A4A-9CF1-74CF6CFA40CB}" = dir=in | app=c:\users\paul\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{15D36DE8-5DF7-4573-89A5-FF5DBE741E65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1C2C3B28-4A2A-4F61-91B2-3A9F1707CAA5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{246216D7-3D5C-4861-A135-81996157A837}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{2E64C241-870C-492B-96AE-BED84AA37C90}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{3DF89E6D-E488-4FA2-BDCB-C754544549C8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{488A4E50-791E-487B-952B-E18D76B8BCE9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{49B87C34-B333-4A69-9833-AB4AF3F146C3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4FED6BD9-6BA8-4616-A979-ADD2761E23A0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{524B32E3-CCBE-4B34-9C4F-C23BB86195D2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{528F2994-236E-415D-A554-E70F91AB6C77}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{57D7CC2F-BB0B-4522-825B-2FD3A6616294}" = protocol=6 | dir=out | app=system |
    "{58632378-7056-4AF7-B389-94F1D8F0D8FF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{5A4B5C34-DBD8-4557-B7FB-02A254B1835F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
    "{6421792F-A1B3-4CCB-ACE4-23E92A91E5E3}" = protocol=6 | dir=in | app=c:\program files (x86)\tubedigger\tubedigger.exe |
    "{689025ED-251D-4D90-BDFF-9020CE4E113F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{6A352210-3F78-4F5F-9025-18B1CFCFC976}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6C1BEB8A-3289-42D0-9A31-B1008325E92E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{73DC9721-0AD6-4DDF-BD4B-9638E962FC18}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{74F9A5C4-011E-43AD-9308-CB2984ED05F3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{785AE3D4-1D00-4CC8-97BF-47D27A85D6A3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
    "{790A81CC-11C1-4D55-A9ED-AECA0F17ACB0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7E2F7C2D-CE97-47E3-B378-8F9F93179975}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{865FF30D-0FF7-4804-850D-444F89D6868A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{8EFEAA31-0B34-45A6-9255-F7FF0E11AF11}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{946EB1C4-0C92-4A47-9D6B-3BB07FF952FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{A663F15C-A7F5-47AF-9629-3C5A9EBD5F63}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{A7D5EAB6-310E-4D40-85CE-A154CC21C68F}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{AFDCCF08-CC07-4B07-8DEA-78899F2737FA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{BED389CA-1E2B-4481-992B-F9DA666EDF5E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C90A7D3C-846D-4827-84AB-1154A7559936}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CAE9E145-BEB2-4F96-A4B2-AC8E29ECB6CA}" = protocol=17 | dir=in | app=c:\program files\freedom scientific\activator\1.1\fsactivate.exe |
    "{CBDE7260-3528-45CC-AB78-8795F2199FD0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CBF38C8B-0CF2-488E-BF03-E0EE2C88CB5F}" = protocol=6 | dir=out | app=system |
    "{D0ACE433-9AA4-427E-A346-79517270E5C1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
    "{D0AEC83C-E9C3-4715-86F2-090C221903F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{D881DAEA-1E28-4943-8872-3F695F486116}" = protocol=6 | dir=in | app=c:\program files\freedom scientific\activator\1.1\fsactivate.exe |
    "{D9C1344F-F48E-45F5-8F6F-D70CD3C54BA9}" = protocol=17 | dir=in | app=c:\program files (x86)\tubedigger\tubedigger.exe |
    "{DEEE4F0C-1726-413D-8FFD-FF1FDE9665BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E341C8C0-71CA-4A59-BDC8-B0268B7AD2C2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{E8FE8C34-4F1F-4BEB-A553-36994A7A140E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EAB2D22A-43ED-4021-B1FF-E90435E1E6FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F3AD0662-3D0E-4034-B138-0AF66B131023}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F4D1DFE4-036A-42EB-9375-541B65250CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
    "{F566D95F-C54C-4D00-A5BF-54A5A3751C4A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
    "{F6600C7B-6FCC-454F-9FD3-2A00224C0097}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FABA302A-A46F-4D31-BED0-C4799370D672}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FEF3BDB1-1126-4359-8971-8843663A0763}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
    "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D617DF82-6046-44EB-AD4A-D3423319E12C}" = Geosense for Windows
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
    "CCleaner" = CCleaner
    "GIMP-2_is1" = GIMP 2.8.2
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "Speccy" = Speccy
    "Temp File Cleaner" = Temp File Cleaner
    "WinRAR archiver" = WinRAR 4.20 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0099B484-C24C-4D5F-8167-B0F6DF196E72}" = Adobe Shockwave Player 12.0
    "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11
    "{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1" = TubeDigger 4.5.6
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
    "{7FB6B1B7-075B-4B7F-BEB6-97584F73C7B5}" = Brother MFL-Pro Suite DCP-J715W
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1" = Ashampoo Burning Studio 2013 v.11.0.6
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
    "{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}" = Sentinel System Driver Installer 7.5.0
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "ALCATEL PC Suite_is1" = ALCATEL PC Suite V6.3.28
    "Any Video Converter_is1" = Any Video Converter 3.2.7
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "avast" = avast! Free Antivirus
    "DVDStyler_is1" = DVDStyler v2.3
    "eMachines Registration" = eMachines Registration
    "eMachines Screensaver" = eMachines ScreenSaver
    "eMachines Welcome Center" = Welcome Center
    "ERUNT_is1" = ERUNT 1.1j
    "FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 4.8.0.0
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Hotkey Utility" = Hotkey Utility
    "Identity Card" = Identity Card
    "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "IrfanView" = IrfanView (remove only)
    "LAME for Audacity_is1" = LAME v3.98.3 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "RealPlayer 16.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.95
    "Secunia PSI" = Secunia PSI (2.0.0.4003)
    "SnagIt7" = SnagIt 7
    "SpywareBlaster_is1" = SpywareBlaster 5.0
    "Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
    "uTorrent" = ĀµTorrent
    "VLC media player" = VLC media player 2.0.8
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "Xvid Video Codec 1.3.2" = Xvid Video Codec

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 28/08/13 09:42:55 | Computer Name = Family2 | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files (x86)\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
    files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 28/08/13 09:43:02 | Computer Name = Family2 | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
    Dependent
    Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ System Events ]
    Error - 28/08/13 09:01:03 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
    Description = The Net.Msmq Listener Adapter service depends the following service:
    msmq. This service might not be installed.

    Error - 28/08/13 09:01:03 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
    Description = The Net.Pipe Listener Adapter service depends the following service:
    was. This service might not be installed.

    Error - 28/08/13 09:01:03 | Computer Name = Family2 | Source = Service Control Manager | ID = 7001
    Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
    Service service which failed to start because of the following error: %%1058

    Error - 28/08/13 21:43:01 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
    Description = The Net.Msmq Listener Adapter service depends the following service:
    msmq. This service might not be installed.

    Error - 28/08/13 21:43:01 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
    Description = The Net.Pipe Listener Adapter service depends the following service:
    was. This service might not be installed.

    Error - 28/08/13 21:43:01 | Computer Name = Family2 | Source = Service Control Manager | ID = 7001
    Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
    Service service which failed to start because of the following error: %%1058

    Error - 29/08/13 09:04:34 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
    Description = The Net.Msmq Listener Adapter service depends the following service:
    msmq. This service might not be installed.

    Error - 29/08/13 09:04:34 | Computer Name = Family2 | Source = Service Control Manager | ID = 7003
    Description = The Net.Pipe Listener Adapter service depends the following service:
    was. This service might not be installed.

    Error - 29/08/13 09:04:34 | Computer Name = Family2 | Source = Service Control Manager | ID = 7001
    Description = The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing
    Service service which failed to start because of the following error: %%1058


    < End of report >

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-08-29 21:11:32
    -----------------------------
    21:11:32.499 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:11:32.499 Number of processors: 2 586 0x603
    21:11:32.499 ComputerName: FAMILY2 UserName: Paul
    21:11:34.059 Initialize success
    21:11:35.588 AVAST engine defs: 13082900
    21:13:15.613 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
    21:13:15.613 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
    21:13:15.691 Disk 0 MBR read successfully
    21:13:15.707 Disk 0 MBR scan
    21:13:15.722 Disk 0 unknown MBR code
    21:13:15.722 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20000 MB offset 2048
    21:13:15.738 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40962048
    21:13:15.753 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 456838 MB offset 41166848
    21:13:15.769 Disk 0 scanning C:\Windows\system32\drivers
    21:13:24.835 Service scanning
    21:13:40.507 Modules scanning
    21:13:40.523 Disk 0 trace - called modules:
    21:13:40.554 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
    21:13:40.554 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80026ac060]
    21:13:40.554 3 CLASSPNP.SYS[fffff8800190c43f] -> nt!IofCallDriver -> [0xfffffa8001fa07f0]
    21:13:40.569 5 ACPI.sys[fffff88000ee87a1] -> nt!IofCallDriver -> \Device\00000067[0xfffffa800247d060]
    21:13:41.131 AVAST engine scan C:\Windows
    21:13:43.502 AVAST engine scan C:\Windows\system32
    21:16:19.620 AVAST engine scan C:\Windows\system32\drivers
    21:16:29.448 AVAST engine scan C:\Users\Paul
    21:24:10.709 AVAST engine scan C:\ProgramData
    21:27:10.249 Scan finished successfully
    21:27:24.788 Disk 0 MBR has been saved successfully to "C:\Users\Paul\Desktop\MBR.dat"
    21:27:24.804 The log file has been saved successfully to "C:\Users\Paul\Desktop\aswMBR.txt"
  14. Offline
    starbuck

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR Super Moderators

    Joined:
    Sep 26, 2009
    Messages:
    1,812
    Location:
    Midlands, UK
    Hi JokersWild75

    This will cause a possible error each time the system is booted.
    It was covered in the Prep Guide:
    Just so that you know.

    P2P Warning
    Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, UTorrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
    Once upon a time, P2P file sharing was fairly safe. That is no longer true.
    P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

    Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

    If do you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.

    Step 1
    It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either COMODO Internet Security or avast.
    Even if you are only using the Firewall from Comodo.... it's still not a good idea to have programs from 2 different vendors running like this.


    Step 2
    Spybot - Search & Destroy:
    This really isn't worth having on your system.
    We stopped recommending this program a long time ago, due to poor testing results.
    I recommend this program is also removed.

    There are some issues we need to address in the report, but i need a fresh report after programs have been removed.
    Just run OTL again and click the scan button.
    Only one report will be made this time.

    Thanks
  15. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    Hi Starbuck,

    Firstly ,, thanks for your reply even though it baffles me I have never heard anyone say never to use different vendors and I do apologise for this but I need more information regarding this before I will remove it and I will NOT (unless very good reason) use windows firewall or the resident protection of windows defender. so the configuration below seems to fit. I am not being difficult just there has been cases in the past were they have saved me from things so just don't see it.

    Avast Virus ONLY not firewall
    Comodo Firewall Only (Windows Firewall Off)

    I did remove Spybot using revo uninstaller and I went in msconfig and removed the startup entry for Erunt

    Regards
    JokersWild75

    I dunno if I should have waited but here is the OTL Report :

    OTL logfile created on: 31/08/13 22:59:01 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Paul\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16660)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yy

    1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.32% Memory free
    3.50 Gb Paging File | 2.20 Gb Available in Paging File | 62.99% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 446.13 Gb Total Space | 195.85 Gb Free Space | 43.90% Space Free | Partition Type: NTFS
    Drive H: | 1863.01 Gb Total Space | 1229.71 Gb Free Space | 66.01% Space Free | Partition Type: NTFS

    Computer Name: FAMILY2 | User Name: Paul | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
    PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
    MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
    SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
    SRV:64bit: - (Live Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Incorporated)
    SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
    SRV:64bit: - (ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
    SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
    SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
    SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
    SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
    SRV - (GREGService) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe (Acer Incorporated)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
    DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
    DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
    DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
    DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
    DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
    DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
    DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (gwmvid) -- C:\Windows\SysNative\drivers\gwmvid.sys (Windows (R) Codename Longhorn DDK provider)
    DRV:64bit: - (gwrdmir) -- C:\Windows\SysNative\drivers\gwrdmir.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (MSHUSBVideo) -- C:\Windows\SysNative\drivers\nx6000.sys (Microsoft Corporation)
    DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
    DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
    DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
    DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
    DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (BVRPMPR5a64) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS (Avanquest Software)
    DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AEMTDF&pc=MAEM&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Paul\Desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
    IE - HKCU\..\SearchScopes,DefaultScope = {0B696672-CAC0-42AA-B206-C1FD9D0C68ED}
    IE - HKCU\..\SearchScopes\{0B696672-CAC0-42AA-B206-C1FD9D0C68ED}: "URL" = http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Amazon (UK) Search Suggestions"
    FF - prefs.js..browser.search.selectedEngine: "Amazon (UK) Search Suggestions"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
    FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
    FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
    FF - prefs.js..extensions.enabledAddons: extensionlistdumper%40sogame.cat:1.15.2
    FF - prefs.js..extensions.enabledAddons: FavIconReloader%40mozilla.org:0.8
    FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
    FF - prefs.js..extensions.enabledAddons: %7BE10A6337-382E-4FE6-96DE-936ADC34DD04%7D:1.4.3
    FF - prefs.js..extensions.enabledAddons: CloneTab%40alex-koliada.com:1.0.1
    FF - prefs.js..extensions.enabledAddons: autorefresh%40plugin:1.0.2
    FF - prefs.js..extensions.enabledAddons: printedit%40DW-dev:10.0
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
    FF - prefs.js..network.proxy.ftp: "54.247.119.128"
    FF - prefs.js..network.proxy.ftp_port: 3128
    FF - prefs.js..network.proxy.http: "54.247.119.128"
    FF - prefs.js..network.proxy.http_port: 3128
    FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "54.247.119.128"
    FF - prefs.js..network.proxy.socks_port: 3128
    FF - prefs.js..network.proxy.ssl: "54.247.119.128"
    FF - prefs.js..network.proxy.ssl_port: 3128
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/03/23 00:29:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2013/06/27 20:56:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
    [2013/08/27 00:49:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions
    [2013/06/30 23:42:30 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
    [2013/08/27 00:49:32 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/06/29 17:37:56 | 000,000,000 | ---D | M] (FavIconReloader) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\FavIconReloader@mozilla.org
    [2013/07/12 02:19:42 | 000,036,763 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\autorefresh@plugin.xpi
    [2013/07/10 00:10:13 | 000,002,421 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\CloneTab@alex-koliada.com.xpi
    [2013/07/09 21:28:13 | 000,011,479 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\CNT@ednovak.net.xpi
    [2013/07/03 02:06:48 | 000,016,387 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\downloadpaneltweaks@dagger2-addons.mozilla.org.xpi
    [2013/06/28 11:55:31 | 000,075,035 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\extensionlistdumper@sogame.cat.xpi
    [2013/06/28 11:55:31 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\personas@christopher.beard.xpi
    [2013/08/17 22:24:39 | 000,098,081 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\printedit@DW-dev.xpi
    [2013/06/28 11:55:31 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\stealthyextension@gmail.com.xpi
    [2013/07/30 23:37:13 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2013/06/30 23:43:20 | 000,048,903 | ---- | M] () (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04}.xpi
    [2013/07/06 12:31:03 | 000,002,586 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\gi2hacqd.default-1372415597096\searchplugins\amazon-united-kingdom-search-suggestions.xml
    [2013/08/18 03:20:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/08/18 03:20:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    O1 HOSTS File: ([2013/06/20 09:14:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {76392179-60A8-462D-8961-B95C14DAADF4} https://billcentre.vodafone.co.uk/bpa/content/ddiprintengine.cab (PrintEngine ActiveX Control v4.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45C30D9B-AA1E-40DD-8E34-204F2BCE2AD7}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (c:\Windows\SysWOW64\guard32.dll) - c:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/07/29 06:52:30 | 000,000,035 | -H-- | M] () - H:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/08/31 22:35:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013/08/31 14:58:10 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{C2CCC961-ABAC-4EE2-B977-0ED202173693}
    [2013/08/31 02:32:00 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{4DFD8976-56E6-462F-9793-083C0CC9A8FB}
    [2013/08/30 14:31:34 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{6948B2F1-5543-446E-82EB-46ACBFEBFBC7}
    [2013/08/30 02:26:36 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{B93C869E-153A-4779-A3CB-3138365F2D67}
    [2013/08/29 21:10:35 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Paul\Desktop\aswmbr.exe
    [2013/08/29 19:09:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    [2013/08/29 18:49:29 | 000,000,000 | ---D | C] -- C:\erdnt
    [2013/08/29 18:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/08/29 18:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2013/08/29 18:47:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Paul\Desktop\erunt-setup.exe
    [2013/08/29 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{E8720900-E6EF-44BD-99DD-662D3F9BC041}
    [2013/08/29 02:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TubeDigger
    [2013/08/29 02:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TubeDigger
    [2013/08/28 21:31:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{BA22C9BC-7E5B-427A-ABDB-702DF3D28225}
    [2013/08/28 04:37:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{657673DC-7C32-461B-9BB4-6C56F23CC90E}
    [2013/08/27 23:20:52 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Ashampoo
    [2013/08/27 23:20:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\ashampoo
    [2013/08/27 23:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
    [2013/08/27 23:20:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ashampoo
    [2013/08/27 23:20:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
    [2013/08/26 04:59:53 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2013/08/25 02:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2013/08/24 01:25:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/08/18 03:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/08/17 23:39:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\Desktop\Ben School Uniform
    [2013/08/13 19:48:58 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/08/13 19:48:57 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/08/13 19:48:54 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/08/13 19:48:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/08/13 19:48:54 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/08/13 19:48:53 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/08/13 19:48:53 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/08/13 19:48:53 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/08/13 19:48:52 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/08/13 19:48:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/08/13 19:48:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/08/13 19:48:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/08/13 19:48:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/08/13 19:48:41 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/08/13 19:48:40 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/08/13 19:37:55 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
    [2013/08/13 19:37:54 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
    [2013/08/13 19:37:47 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
    [2013/08/13 19:37:33 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/08/13 19:37:32 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
    [2013/08/13 19:37:32 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2013/08/13 19:37:03 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2013/08/13 19:37:01 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/08/13 19:37:01 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2013/08/13 19:37:00 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
    [2013/08/13 19:36:59 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2013/08/13 19:36:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2013/08/13 19:36:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2013/08/13 19:36:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2013/08/13 19:36:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2013/08/13 19:36:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2013/08/07 01:52:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
    [2013/08/07 01:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap

    ========== Files - Modified Within 30 Days ==========

    [2013/08/31 22:49:37 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/08/31 22:49:37 | 000,016,976 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/08/31 22:41:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/08/31 22:41:53 | 1408,786,432 | -HS- | M] () -- C:\hiberfil.sys
    [2013/08/31 22:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/08/31 15:10:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000UA.job
    [2013/08/31 15:10:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1253406721-2315796278-1497747152-1000Core.job
    [2013/08/30 23:59:00 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/08/30 23:59:00 | 000,664,548 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/08/30 23:59:00 | 000,125,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/08/30 23:05:54 | 513,174,211 | ---- | M] () -- C:\Users\Paul\Desktop\ME.2013.08.28.HDTV.MP4
    [2013/08/29 21:27:24 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Desktop\MBR.dat
    [2013/08/29 21:10:47 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Paul\Desktop\aswmbr.exe
    [2013/08/29 19:09:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
    [2013/08/29 18:47:43 | 000,000,888 | ---- | M] () -- C:\Users\Paul\Desktop\NTREGOPT.lnk
    [2013/08/29 18:47:43 | 000,000,869 | ---- | M] () -- C:\Users\Paul\Desktop\ERUNT.lnk
    [2013/08/29 18:47:08 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Paul\Desktop\erunt-setup.exe
    [2013/08/29 03:26:16 | 000,000,222 | ---- | M] () -- C:\Users\Paul\.swfinfo
    [2013/08/29 02:52:43 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\TubeDigger.lnk
    [2013/08/27 23:20:34 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
    [2013/08/25 02:29:22 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/08/24 02:14:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/08/24 02:14:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/08/24 01:51:14 | 000,000,538 | ---- | M] () -- C:\Users\Paul\Desktop\WIN7 Ext Drive 2TB (H).lnk
    [2013/08/19 05:21:43 | 469,844,005 | ---- | M] () -- C:\Users\Paul\Desktop\SummerSlam Kickoff - Dean Ambrose vs. Rob Van Dam.mp4
    [2013/08/18 01:08:26 | 000,223,738 | ---- | M] () -- C:\Users\Paul\Documents\sf246 instruction manual _version 18-10-07_.pdf
    [2013/08/16 04:37:50 | 000,000,000 | ---- | M] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
    [2013/08/15 20:50:19 | 478,760,581 | ---- | M] () -- C:\Users\Paul\Desktop\By.Rulez.W.M.2013.08.14.HDTV.mp4
    [2013/08/14 21:54:20 | 000,285,228 | ---- | M] () -- C:\Users\Paul\Desktop\RingTone-Bastille - Pompeii.mp3
    [2013/08/11 22:45:32 | 000,959,222 | ---- | M] () -- C:\Users\Paul\Desktop\TQB0E2329U.pdf
    [2013/08/11 19:19:10 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2013/08/11 19:19:10 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
    [2013/08/05 22:23:08 | 001,394,626 | ---- | M] () -- C:\Users\Paul\Documents\38163v01s7-06.pdf
    [2013/08/05 22:03:50 | 000,179,809 | ---- | M] () -- C:\Users\Paul\Documents\E7Q-UserGuide.pdf
    [2013/08/05 21:44:48 | 000,000,845 | ---- | M] () -- C:\Users\Paul\AppData\Local\recently-used.xbel
    [2013/08/02 05:10:26 | 012,791,152 | ---- | M] () -- C:\Users\Paul\Documents\el1358.pdf

    ========== Files Created - No Company Name ==========

    [2013/08/30 22:47:51 | 513,174,211 | ---- | C] () -- C:\Users\Paul\Desktop\ME.2013.08.28.HDTV.MP4
    [2013/08/29 21:27:24 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Desktop\MBR.dat
    [2013/08/29 18:47:43 | 000,000,888 | ---- | C] () -- C:\Users\Paul\Desktop\NTREGOPT.lnk
    [2013/08/29 18:47:43 | 000,000,869 | ---- | C] () -- C:\Users\Paul\Desktop\ERUNT.lnk
    [2013/08/29 03:26:16 | 000,000,222 | ---- | C] () -- C:\Users\Paul\.swfinfo
    [2013/08/29 02:52:43 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\TubeDigger.lnk
    [2013/08/27 23:20:34 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 2013.lnk
    [2013/08/25 02:29:22 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/08/19 05:01:25 | 469,844,005 | ---- | C] () -- C:\Users\Paul\Desktop\SummerSlam Kickoff - Dean Ambrose vs. Rob Van Dam.mp4
    [2013/08/18 01:08:26 | 000,223,738 | ---- | C] () -- C:\Users\Paul\Documents\sf246 instruction manual _version 18-10-07_.pdf
    [2013/08/16 04:37:50 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat
    [2013/08/15 20:33:22 | 478,760,581 | ---- | C] () -- C:\Users\Paul\Desktop\By.Rulez.W.M.2013.08.14.HDTV.mp4
    [2013/08/14 21:54:17 | 000,285,228 | ---- | C] () -- C:\Users\Paul\Desktop\RingTone-Bastille - Pompeii.mp3
    [2013/08/11 22:45:31 | 000,959,222 | ---- | C] () -- C:\Users\Paul\Desktop\TQB0E2329U.pdf
    [2013/08/05 22:23:08 | 001,394,626 | ---- | C] () -- C:\Users\Paul\Documents\38163v01s7-06.pdf
    [2013/08/05 22:03:50 | 000,179,809 | ---- | C] () -- C:\Users\Paul\Documents\E7Q-UserGuide.pdf
    [2013/08/05 21:44:48 | 000,000,845 | ---- | C] () -- C:\Users\Paul\AppData\Local\recently-used.xbel
    [2013/08/02 05:09:52 | 012,791,152 | ---- | C] () -- C:\Users\Paul\Documents\el1358.pdf
    [2013/04/19 01:24:16 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
    [2013/01/09 09:37:16 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\tcjpaut.dll
    [2013/01/09 09:37:16 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\nfmonko.dll
    [2013/01/09 09:37:16 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\v8sos1h.dll
    [2012/09/11 23:37:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
    [2012/07/22 02:46:04 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/03/29 14:53:06 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\MobOlExt.dll
    [2012/03/19 15:24:47 | 000,022,528 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/02/22 14:43:51 | 000,000,288 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\.backup.dm
    [2011/09/29 17:13:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2011/09/29 17:08:52 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
    [2011/09/28 21:31:14 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/09/28 21:31:14 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/09/28 21:19:10 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/09/28 11:48:24 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\532E1276CB.sys
    [2011/09/28 11:48:22 | 000,005,018 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
    [2011/09/27 23:37:41 | 000,764,774 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

    < End of report >
  16. Offline
    starbuck

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR Super Moderators

    Joined:
    Sep 26, 2009
    Messages:
    1,812
    Location:
    Midlands, UK
    Hi JokersWild75

    Mmm a lot to answer here. :)

    I'm not saying to never use different vendors, just that it isn't the way to go.
    Basically, all programs will probably be set to auto update.... so this causes more Pc usage and uses more resources.
    Plus we all know that at some point the bad guys will find holes in security programs that they will utilise.
    The more programs you have running, the better chance of a way in to your system.
    One vendor may block their security holes but another may not be so quick.
    Trying to keep things simple will give you a better chance of being covered.

    Most AV's and security programs will now disable Windows Defender when they install.
    Windows Defender is a bit of a throw back to older systems and isn't really needed now.
    The fact that it runs in RealTime may cause conflicts with other RealTime security programs.... this is why it's disabled.

    As for the Windows Firewall.
    It did get a bad name when it was introduced a long time ago, but things have changed a lot since then.
    It was knocked for the fact that it didn't cover 'Outgoing' requests.... if set up correctly the Win Vista and Win7 firewall will do this.
    But to be honest, the ability to check 'Outgoing' requests is not really needed for most users anyway.
    Most 'below average' and 'average' users wouldn't understand the outgoing request screens.
    Most vendors will use certain programs/files from other vendors when they create a program..... so the outgoing request for an update may not seem to come from the actual program.
    This can lead to uncertainty on part of the user and may lead to a legit update not being allowed.
    Most third party firewalls won't cover against Keyloggers anyway (it would have to have an HIPs program combined to cover against that....most don't have this)
    Covering 'INbound' requests is the most important and the Windows firewall will do this as well as any third party firewall.
    and as it's already apart of the operating system.... it uses a lot less resources.
    There's a little more information here

    This is a good read as well:
    5 Reasons Why the Windows Firewall is One of the Best Firewalls

    MsConfig is a very over used facility.
    It was designed as a diagnostic tool, not as a way of permanently stopping a program from starting up.
    The best advice would be to unblock the startup entry and then uninstall Erunt.
    Then reinstall Erunt, but when you get to this screen:

    [​IMG]

    Click No.
    My tutorial on installing Erunt will explain all this.
    Tutorial here

    The Otl report only needs a little cleaning, nothing to worry about.

    Double click on OTL to run it.
    Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
    Code:
    :otl
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2B171655-A70C-5C18-B693-6CB5DC269D41} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: SanDiskSecureAccess_Manager.exe - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - File not found
    MsConfig:64bit - State: "services" - Reg Error: Key error.
    MsConfig:64bit - State: "startup" - Reg Error: Key error.
    [2013/08/29 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{E8720900-E6EF-44BD-99DD-662D3F9BC041}
    [2013/08/28 21:31:51 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{BA22C9BC-7E5B-427A-ABDB-702DF3D28225}
    [2013/08/28 04:37:31 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{657673DC-7C32-461B-9BB4-6C56F23CC90E}
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
    
    :Files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [purity]
    [RESETHOSTS]
    
    
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

      [​IMG]
    • Click the red Run Fix button.

      [​IMG]
    • OTL will reboot your system once the fix has completed.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.

    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles

    In your next reply, please submit:
    Otl fix report


    Thanks.
    Last edited: Sep 1, 2013
  17. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    Hi Starbuck

    Thanks for the info it does kinda make sense some of it so i will decide to use the windows firewall I will do this when I look at the best way to remove Comodo.

    I have fixed Erunt so all should be as it should I hope.

    would anything you seen in my logs indicate the reason for those emails even though I have not had any that looked like it was from me in a few days even though this account is getting attacked with spam not that high a volume but still am will probably kill it and move on just this is attached to my xbox live so I will see what come out of this.

    The fix went ok I think here is the log:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2B171655-A70C-5C18-B693-6CB5DC269D41} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B171655-A70C-5C18-B693-6CB5DC269D41}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
    Starting removal of ActiveX control {166B1BCA-3F9C-11CF-8075-444553540000}
    C:\Windows\Downloaded Program Files\swdir.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{166B1BCA-3F9C-11CF-8075-444553540000}\ not found.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\iTunesHelper\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SanDiskSecureAccess_Manager.exe\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Sidebar\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SunJavaUpdateSched\ not found.
    C:\Users\Paul\AppData\Local\{E8720900-E6EF-44BD-99DD-662D3F9BC041} folder moved successfully.
    C:\Users\Paul\AppData\Local\{BA22C9BC-7E5B-427A-ABDB-702DF3D28225} folder moved successfully.
    C:\Users\Paul\AppData\Local\{657673DC-7C32-461B-9BB4-6C56F23CC90E} folder moved successfully.
    ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Paul\Desktop\cmd.bat deleted successfully.
    C:\Users\Paul\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    [EMPTYTEMP]
    User: All Users
    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57472 bytes
    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    User: Paul
    ->Temp folder emptied: 7292334 bytes
    ->Temporary Internet Files folder emptied: 35040459 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 122565873 bytes
    ->Flash cache emptied: 58361 bytes
    User: Public
    User: Shona
    ->Temp folder emptied: 1390 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 16760250 bytes
    ->Flash cache emptied: 687 bytes
    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes
    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 2750874 bytes
    Total Files Cleaned = 176.00 mb
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    OTL by OldTimer - Version 3.2.69.0 log created on 09012013_185501

    Files\Folders moved on Reboot...
    C:\Users\Paul\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  18. Offline
    starbuck

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR Super Moderators

    Joined:
    Sep 26, 2009
    Messages:
    1,812
    Location:
    Midlands, UK
    Hi JokersWild75

    No there was nothing in the report to suggest a reason for the spam emails.
    It was mainly 'orphan' entries we removed.... plus reset a few things.
    More than likely it was setting a new password that sorted the emails out.
    If you do a Google search for ' Yahoo email spam' you will find loads of pages on this.
    Yahoo doesn't have a very good reputation when it comes to spam.
    Plus they were hacked by criminal spammers earlier this year.
    http://www.channel4.com/news/yahoos-email-system-hacked-by-criminal-spammers

    If you have another email account, i'd recommend switching to that.
    I personally have found that the Gmail system has a very good spam filter.

    Keep an eye on things for a day or two and see how it goes.
    We can always run some more 'in depth' scans if needed.
  19. Offline
    JokersWild75

    JokersWild75 Registered Members

    Joined:
    Aug 26, 2013
    Messages:
    147
    Location:
    United Kingdom
    Hi Starbuck,

    Thanks for your help I have removed Comodo and now using windows firewall alongside avast also I have decided to get rid of yahoo as this was what I was thinking about there spam filters or lack of I missed that hacking incident so that had made my mind up shame though I have had that email almost for as long as I have had Internet and you are right Gmail are better.

    So unless there is something else to do I will again say thanks very much for your help.

    Regards
    JokersWild75
  20. Offline
    starbuck

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR Super Moderators

    Joined:
    Sep 26, 2009
    Messages:
    1,812
    Location:
    Midlands, UK
    Hi JokersWild75

    Just a little cleaning up to do.... that's all.

    Step 1
    • Please double-click OTL.exe to run it.
    • You should see a CleanUp! button, press that button,

      [​IMG]
    • This will cleanup an assortment of tools used during malware removal, plus itself

    Note:
    MBAM will not be removed if it's installed.


    Step 2
    Now you should set a New Restore Point to prevent possible reinfection from an old one. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    Click Start >> Right click Computer >> Properties.
    Click System protection (left pane)
    Select the System Protection tab, and then click Create.
    In the System Protection dialog box, type a description, and then click Create.

    To delete all but the last restore point:

    Open Disk Cleanup by clicking the Start button.
    In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
    If prompted, select the drive that you want to clean up, and then click OK.
    In the Disk Cleanup for (drive letter) dialog box, click Clean up system files.
    If prompted, select the drive that you want to clean up, and then click OK.
    Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
    In the Disk Cleanup dialog box, click Delete.
    Click Delete Files, and then click OK.

    Glad I was able to help.

    Safe surfing. [​IMG]

Share This Page