We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

PC under attack?

JohnG
JohnG Posts: 477 Forumite
Part of the Furniture 100 Posts Combo Breaker
in Techie Stuff
Hi,

I'm looking for some much needed help/guidance (not for the first time). We’ve been having problems using Adobe PDf Reader recently either not opening PDf documents/statements or today, opening a statement but before we could do anything the programme closed. I tried opening the statement a number of times but it kept closing within about 5 seconds until it froze completely leaving a blank/grey screen which I could not clear – it was just ‘hanging’ I had trouble clearing one or two other web pages I had open . It also affected other webpages stopping me from viewing them and basically slowing everything up to almost a standstill.

In the end I had to reboot manually and for the last few hours have been trying to sort things out (which has meant numerous reboots, PCRepair action etc etc). Firstly I tried to install the latest Adobe Reader software- it got so far but then froze everything I then tried uninstalling theAdobe software I have so that I might be able to re-install with latestsoftware but again, it got so far but then just hung for ages until a box said it couldn’t complete the process.

Meanwhile, I got a RED warning come up from AVAST saying my 'Avast Pro' was about to run out as I hadn’t renewed it? Well I don’t/didn’t have Avast Pro, I have/had Avast Free which was what the Icon on my desk top confirmed. A little while later I got a msg (under the flag Solve PC issues) saying I no longer had AntiVirus Software in place!!?

I ended up uninstalling the Avast I had and reinstalling what I hope is the latest Avast Free but I’m no longer sure as I’m starting tothink I’m under attack from something or someone?

Anyway, I installed what I hope is genuine Avast and did ascan straight away – but this took ages even on a quick scan before the PC suddenly rebooted on it’s own accord?

I did another scan a short while later and it started quite briskly but then slowed rightup once it got to about 10% at which point I saw it had found ‘1’ threat, so Iwaited and waited for it to complete but seemed to get stuck at 10% beforestopping and showing a box which listed a few files including one that was ‘HighRisk’. I clicked the box ‘Apply’ to proceed with the necessary action and again everything just froze resulting in having to reboot.

It seems that I have got some sort of bug in the system and wonder if it’s got in thru the Adobe software? There’s an Adobe Air installed on 14/3/13 which has a different logo to that of the normal Adobe logo and try as I might I can’t uninstall it??

I've carried out an AnitSpyware scan which cleared the usual load of spywares etc and I hv also done AntiMalwareBytes (latest) but that came up clean.

Here’s my latest Hijack this log which has a number of files etc which look dodgy to me (but maybe I’m just being paranoid?)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:58:03, on 22/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal
Running processes:
C:\Users\John &Clare\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Hewlett-Packard\DigitalImaging\bin\hpohmr08.exe
C:\Program Files (x86)\Hewlett-Packard\DigitalImaging\bin\hpotdd01.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\MicrosoftOffice\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\John &Clare\AppData\Local\Microsoft\Windows\Temporary InternetFiles\Content.IE5\G33NLZ7U\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchPage = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,StartPage = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\InternetExplorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchPage = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,StartPage = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\InternetExplorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\InternetExplorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,LocalPage = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\InternetExplorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub -{18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\CommonFiles\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)

O2 - BHO: RealNetworks Download and Record Plugin forInternet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: avast! WebRep -{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVASTSoftware\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO -{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO -{B4F3A835-0E21-4959-BA22-42B3008E02FF} -C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep -{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVASTSoftware\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files(x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files(x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVASTSoftware\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\WindowsSidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\John& Clare\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\John &Clare\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\WindowsSidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin]C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\WindowsSidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin]C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk =C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk =C:\Program Files (x86)\Ralink\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel- res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote -res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote -{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\MicrosoftOffice\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote -{2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\MicrosoftOffice\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes -{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes -{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\MicrosoftOffice\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}- C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Acceleratedgraphics
O18 - Protocol: skype-ie-addon-data -{91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com -{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml -{807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\CommonFiles\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) -SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service(AdobeARMservice) - Unknown owner - C:\Program Files (x86)\CommonFiles\Adobe\ARM\1.0\armsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) -Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software -C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS)- Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax)- Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security ApplicationLocal Management Service (LMS) - Intel Corporation - C:\Program Files(x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102(Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300(ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (filemissing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter)- Ralink Technology, Corp. - C:\Program Files(x86)\Ralink\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64(RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files(x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: RaMediaServer - Unknown owner - C:\ProgramFiles (x86)\Ralink\Common\RaMediaServer.exe
O23 - Service: RealNetworks Downloader Resolver Service -Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2(RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs)- Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. -C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - SkypeTechnologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3(SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1(Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101(sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101(UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security ApplicationUser Notification Service (UNS) - Intel Corporation - C:\Program Files(x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003(VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) -Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) -Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601(WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (filemissing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104(wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110(wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (filemissing)
O23 - Service: @%PROGRAMFILES%\Windows MediaPlayer\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files(x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9830 bytes

Any help would be greatly appreciated :)
«13456789

Comments

  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Post me a DDS log - should take 2-3 minutes, then run aswMBR.

    I'm off to bed in a moment but I'll take a look tomorrow.

    Download DDS from the link below and save it to your desktop:

    Link

    After you've downloaded it and saved it to your desktop:
    • Double click DDS to run it.
    • When it's finished, DDS will open two logs:
    1. DDS.txt
    2. Attach.txt
    Save both reports to your desktop.

    Copy & paste the contents of DDS.txt & attach.txt and post them here (you may need to split the log over separate posts)



    Download aswMBR and save it to your Desktop.

    http://public.avast.com/~gmerek/aswMBR.exe
    • Right click aswMBR.exe & choose "Run as Administrator" to run it.
    • Click the Scan button.
    • Wait till the scan reports "Scan finished successfully"
    • Click Save log & save the log to your desktop.
    • Click OK
    • Two files will be created, aswMBR.txt & a file named MBR.dat
    • Click EXIT.
    • Copy & Paste the contents of aswMBR.txt into your next reply.
    Don't click to fix anything, just post the log
  • JohnG
    JohnG Posts: 477 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Hi Waddler-8,

    Many thanks indeed for your quick response and offer of help!!

    I downloaded the dds file but alas although it say it will place two logs in desk top, they simply don't appear?? I have a feeling Ive tried this before without success - something on my PC doesnt like it I think?

    I've managed to do the aswMBR successfully so hope this helps?:

    .9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-23 01:34:55
    01:34:55.909 OS Version: Windows x64 6.1.7601 Service Pack 1
    01:34:55.909 Number of processors: 4 586 0x2A07
    01:34:55.909 ComputerName: MAINPC UserName:
    01:34:56.643 Initialize success
    01:34:56.705 AVAST engine defs: 13032201
    01:35:23.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    01:35:23.677 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA3MA Size: 953869MB BusType: 3
    01:35:23.740 Disk 0 MBR read successfully
    01:35:23.740 Disk 0 MBR scan
    01:35:23.740 Disk 0 Windows 7 default MBR code
    01:35:23.740 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    01:35:23.755 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 204799 MB offset 206848
    01:35:23.755 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 748968 MB offset 419635200
    01:35:23.802 Disk 0 scanning C:\Windows\system32\drivers
    01:35:27.983 Service scanning
    01:35:38.185 Modules scanning
    01:35:38.185 Disk 0 trace - called modules:
    01:35:38.185 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    01:35:38.700 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d14060]
    01:35:38.700 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa8004a99e40]
    01:35:38.700 5 ACPI.sys[fffff88000f147a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004aa4060]
    01:35:39.199 AVAST engine scan C:\Windows
    01:35:40.151 AVAST engine scan C:\Windows\system32
    01:36:40.367 AVAST engine scan C:\Windows\system32\drivers
    01:36:45.874 AVAST engine scan C:\Users\John & Clare
    01:42:07.656 AVAST engine scan C:\ProgramData
    01:42:34.581 Scan finished successfully
    01:44:14.141 Disk 0 MBR has been saved successfully to "C:\Users\John & Clare\Documents\MBR.dat"
    01:44:14.156 The log file has been saved successfully to "C:\Users\John & Clare\Documents\aswMBR.txt"

    Many thanks again

    John
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    They'll be there - search for them if need be.

    http://windows.microsoft.com/en-us/windows7/products/features/windows-search
  • JohnG
    JohnG Posts: 477 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    I'm afraid I can't find anything, have done what I think is a thorough search for dds and attach files :(.
    I've got to go now to (My wife has just realised I'm not in bed yet and is not amused! :eek: More trouble to come my way it seems :( )

    Hopefully will feel more refreshed tomorrow :cool:

    Cheers for now
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    Run it again if not.

    Otherwise run OTL.



    Download OTL by Old Timer from the link below and save it to your Desktop.

    LINK
    • Double click on OTL.exe to run it.
    • Click the Quick Scan button.
    • When it's finished , two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extras.txt <-- Will be minimized
    • Please post the contents of OTL.txt in your next reply.
    You may have to split the contents of the notepad file over multiple posts.
  • JohnG
    JohnG Posts: 477 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    Thanks Waddler-8, I have tried to run dds a number of times, a little box says it's doing what it's supposed to but they still don't appear so I've done the OTL which has worked :j

    Incidently, when I turned the PC on this morning it started doing a (Avast) scan before it loaded everything up - took a while but came back saying no infections found? The PC then loaded pretty much as normal - no delays or hanging which it's been doing since the PDF problem yesterday.

    Here's the OTL report (Part 1 of 2):
    OTL logfile created on: 23/03/2013 10:14:21 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John & Clare\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.91 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 65.88% Memory free
    7.82 Gb Paging File | 6.30 Gb Available in Paging File | 80.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 200.00 Gb Total Space | 157.68 Gb Free Space | 78.84% Space Free | Partition Type: NTFS
    Drive D: | 731.41 Gb Total Space | 730.39 Gb Free Space | 99.86% Space Free | Partition Type: NTFS

    Computer Name: MAINPC | User Name: John & Clare | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/03/23 10:12:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John & Clare\Downloads\OTL.exe
    PRC - [2013/03/19 20:24:11 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\John & Clare\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/03/06 23:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013/03/06 23:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/12/28 20:24:13 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2010/12/31 18:14:56 | 011,474,272 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
    PRC - [2010/12/20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/11/11 10:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
    PRC - [2003/04/06 00:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    PRC - [2003/04/06 00:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe


    ========== Modules (No Company Name) ==========

    MOD - [2010/12/30 14:46:10 | 001,033,568 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/03/06 23:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2012/10/11 22:08:49 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2010/12/31 10:05:46 | 000,619,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
    SRV - [2010/12/20 17:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 17:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/11/11 10:00:48 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
    SRV - [2010/11/11 10:00:24 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/03/06 23:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2013/03/06 23:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2013/03/06 23:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
    DRV:64bit: - [2013/03/06 23:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
    DRV:64bit: - [2013/03/06 23:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2013/03/06 23:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
    DRV:64bit: - [2013/03/06 23:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2013/03/06 23:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/16 09:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/01/27 09:23:38 | 000,385,512 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
    DRV:64bit: - [2011/01/27 09:23:36 | 000,125,416 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
    DRV:64bit: - [2011/01/27 00:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/12/28 18:55:30 | 001,547,616 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2011/09/06 22:54:43 | 000,077,004 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 B6 CE 82 A1 48 CC 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/28 20:24:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/28 20:24:28 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - Extension: Docs = C:\Users\John & Clare\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Drive = C:\Users\John & Clare\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: YouTube = C:\Users\John & Clare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\John & Clare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: avast! WebRep = C:\Users\John & Clare\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
    CHR - Extension: RealDownloader = C:\Users\John & Clare\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
    CHR - Extension: Gmail = C:\Users\John & Clare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" File not found
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [Spotify] C:\Users\John & Clare\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\John & Clare\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080CCA8A-CE13-4C53-A7C1-F204CFB5B506}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D42C0546-E975-4F41-AD15-146B7255E26C}: DhcpNameServer = 194.168.4.100 194.168.8.100
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{7d7267bd-fb6e-11e1-b932-f46d043e9edc}\Shell - "" = AutoRun
    O33 - MountPoints2\{7d7267bd-fb6e-11e1-b932-f46d043e9edc}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  • JohnG
    JohnG Posts: 477 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    OTL Report (Part 2 of 2):

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/03/23 01:17:02 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2013/03/23 01:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2013/03/23 01:17:01 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2013/03/23 01:16:59 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2013/03/23 01:16:58 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2013/03/23 01:16:56 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2013/03/23 01:16:50 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2013/03/23 01:16:30 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/03/23 01:08:10 | 000,000,000 | -HSD | C] -- C:\found.001
    [2013/03/22 22:44:36 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
    [2013/03/18 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\John & Clare\AppData\Local\Deployment
    [2013/03/18 10:26:14 | 000,000,000 | ---D | C] -- C:\Users\John & Clare\AppData\Local\Apps
    [1 C:\Users\John & Clare\Documents\*.tmp files -> C:\Users\John & Clare\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/03/23 10:10:33 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/03/23 10:10:33 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/03/23 10:07:51 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/03/23 10:07:51 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/03/23 10:07:51 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/03/23 10:02:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/03/23 09:29:10 | 3151,417,344 | -HS- | M] () -- C:\hiberfil.sys
    [2013/03/23 01:44:14 | 000,000,512 | ---- | M] () -- C:\Users\John & Clare\Documents\MBR.dat
    [2013/03/23 01:20:00 | 000,001,214 | ---- | M] () -- C:\Users\John & Clare\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/03/23 01:17:02 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/03/23 01:16:50 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2013/03/23 01:08:34 | 000,003,432 | ---- | M] () -- C:\bootsqm.dat
    [2013/03/06 23:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2013/03/06 23:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2013/03/06 23:33:21 | 000,178,624 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2013/03/06 23:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
    [2013/03/06 23:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2013/03/06 23:33:21 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2013/03/06 23:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2013/03/06 23:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2013/03/06 23:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/03/06 23:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [1 C:\Users\John & Clare\Documents\*.tmp files -> C:\Users\John & Clare\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/03/23 01:44:14 | 000,000,512 | ---- | C] () -- C:\Users\John & Clare\Documents\MBR.dat
    [2013/03/23 01:17:02 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/03/23 01:16:54 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
    [2013/03/23 01:16:52 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
    [2013/03/23 01:08:34 | 000,003,432 | ---- | C] () -- C:\bootsqm.dat
    [2013/03/17 18:15:49 | 000,383,915 | ---- | C] () -- C:\Users\John & Clare\Documents\TinyAnn.jpg
    [2012/05/26 16:36:31 | 000,005,672 | ---- | C] () -- C:\Users\John & Clare\AppData\Local\Temp5.html
    [2012/05/26 16:35:39 | 000,001,955 | ---- | C] () -- C:\Users\John & Clare\AppData\Local\Temp1.html
    [2011/12/28 14:44:25 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
    [2011/12/28 13:34:50 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/12/28 13:34:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/12/28 13:34:49 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe
    [2011/12/09 07:59:59 | 000,000,251 | -H-- | C] () -- C:\Users\John & Clare\hpothb07.tif
    [2011/12/09 07:59:59 | 000,000,148 | -H-- | C] () -- C:\Users\John & Clare\hpothb07.dat
    [2011/09/06 22:51:18 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
    [2011/08/11 12:35:04 | 000,014,051 | R--- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2011/08/11 12:34:53 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
    [2011/08/11 12:34:53 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini
    [2011/08/11 12:34:52 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
    [2011/07/26 12:13:11 | 000,000,000 | ---- | C] () -- C:\Users\John & Clare\ipconfig
    [2011/07/19 12:05:12 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/07/19 12:05:12 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/07/19 12:05:11 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011/07/19 12:02:54 | 000,037,402 | ---- | C] () -- C:\Windows\Ascd_log.ini
    [2011/07/19 12:00:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2011/07/19 11:59:56 | 000,024,821 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/09/12 19:16:17 | 000,000,000 | ---D | M] -- C:\Users\John & Clare\AppData\Roaming\Canon
    [2013/01/20 13:49:41 | 000,000,000 | ---D | M] -- C:\Users\John & Clare\AppData\Roaming\PhotoFiltre
    [2013/03/21 17:32:01 | 000,000,000 | ---D | M] -- C:\Users\John & Clare\AppData\Roaming\Spotify
    [2011/07/25 18:35:57 | 000,000,000 | ---D | M] -- C:\Users\John & Clare\AppData\Roaming\Trusteer

    ========== Purity Check ==========

    < End of report >
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    That looks fine - do you have extras.txt?
  • JohnG
    JohnG Posts: 477 Forumite
    Part of the Furniture 100 Posts Combo Breaker
    No can't locate the extra.txt file and tried another scan but again can only see the OTL.exe log which is on the notepad? (Ive done a search by the way).

    I guess I should be pleased that there isnt anything untoward on the OTL log but still feel somethings amiss - maybe it's a dodgy hard drive or something? It's started to sound like it's struggling at times (since yesterday's PDF problem). It did it when I restarted/loaded up the PC just now? I keep meaning to give the insides a clean up in case it's got a big build up of dust etc in there too but would that affect the performance in this way? I'm probably clutching at straws :o.

    Many thanks for your continued help and input.

    John
  • waddler_8
    waddler_8 Posts: 3,588 Forumite
    JohnG wrote: »
    ....still feel somethings amiss - maybe it's a dodgy hard drive or something?

    Possibly. There is signs of corruption/bad sectors.
    [2013/03/23 01:08:10 | 000,000,000 | -HSD | C] -- C:\found.001

    Those folders contain file fragments recovered after running chkdsk.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.2K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.2K Work, Benefits & Business
  • 600.9K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture