[RESOLVED] Internet Security Virus

Here is the extras log:

OTL Extras logfile created on: 5/14/2013 10:48:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Clare\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.79 Gb Available Physical Memory | 73.38% Memory free
7.60 Gb Paging File | 6.10 Gb Available in Paging File | 80.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.81 Gb Total Space | 370.35 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

Computer Name: CLARE-PC | User Name: Clare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04099777-A2E6-4211-83BA-3FD7BAAC698F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{290173C5-DEE1-4B4D-B0B3-B1DFE583678E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2BB054BE-0A0B-4FF6-AC76-CDD15617B962}" = lport=139 | protocol=6 | dir=in | app=system |
"{32007BD8-BC80-4A45-8836-1F6DA1F87A34}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3B4191FB-43D9-4DB8-8F06-B9C5D1E5ABD3}" = rport=445 | protocol=6 | dir=out | app=system |
"{4E5F0363-2406-4C92-96EA-3728C19BB723}" = lport=137 | protocol=17 | dir=in | app=system |
"{59A61094-7F7A-42E0-8C35-08457E96E1AD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5DFA8418-90BF-43BC-A253-3B12204FD2A1}" = rport=137 | protocol=17 | dir=out | app=system |
"{6858DC7B-9CDD-449B-BCAD-136411CB2318}" = lport=138 | protocol=17 | dir=in | app=system |
"{75683613-26EF-4FBB-9365-734583091C7F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7577EEE9-3565-4737-84CF-4FBE7A48C92E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{79B35672-D081-4E9D-9DC0-8671F29E08A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A6F409D-E321-4FE7-9643-04810691F98C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{87352B2D-64C4-4E0A-BA91-69AE3DCF8D8D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{98E8CD45-A7A6-45B1-9BD3-E5F6C834C84B}" = rport=138 | protocol=17 | dir=out | app=system |
"{B58422A8-21AD-426C-BBE7-C306B3B5EA7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC822ECD-55AE-4E26-9D26-5BEBAE483790}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CBCEBEEF-3A16-4D76-9959-695F6427113A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E44C9B0A-08F3-4091-99FB-54A5DF0411AB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E4DE50CD-84BD-45D6-8C9C-D7216E3051E9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFBBED67-BA49-467A-B553-1A3903D357E9}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B269BA6-0973-453C-B2AC-330D06E3BB7D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2ED7AAED-0ED5-47F9-9B80-6F44A2917391}" = protocol=1 | dir=in | [email protected],-28543 |
"{35865B1D-C2DA-465E-942C-490EE1FA3E27}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40293C5A-13B7-4AAC-9C9D-5530D8C33204}" = protocol=6 | dir=out | app=system |
"{405B9FF2-F2E4-48ED-A1AD-CB6335ED349E}" = protocol=58 | dir=in | [email protected],-28545 |
"{4FE390CB-BCB6-4FE6-935A-0FFCA6BA5002}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5534DDA2-A746-478E-AFC7-1A516871CC6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5CB85CCB-228A-43CC-B370-B817BE535DCD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5FDB23D2-14CB-4916-BC77-25CFFF615348}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{687E562C-EA3B-4770-948B-8B2209185634}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{816A2EB5-B90F-4256-9697-569D69E030C3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{938723D2-5667-4F54-B5FB-642903AAB6D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6E4F56B-C2A5-4886-A3BD-4C56815F5F14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B763394C-3D9A-4B3E-98A2-B7EB16F485D8}" = protocol=58 | dir=out | [email protected],-28546 |
"{C3DBF58C-6487-4191-B7B7-D49ACB4C9E7D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD348DBD-64E5-4856-92BA-06A2BC8CDC89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D056D195-E151-41DF-A3CF-DF47C6C29BCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E3757A03-2EA4-48EB-B2FE-90DD595A2ED6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA83194B-AD1A-40EC-9ACC-ADA87081FDDD}" = protocol=1 | dir=out | [email protected],-28544 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Dell Support Center" = Dell Support Center
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F7319A9-083D-40B3-8256-00A6F3C2AAA2}" = Citrix online plug-in (SSON)
"{133236FE-E2F7-4313-8BF8-A10ACAAA7CB9}" = Citrix online plug-in (USB)
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FC7287D-39DD-4A84-9806-D27D3CCDC51B}" = Citrix online plug-in (Web)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{57287FDF-27E6-45BC-9DD2-A33545C46C1A}" = Citrix online plug-in (HDX)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{6F2FDD50-E0F3-4117-B575-78E77F8D11EF}" = Citrix online plug-in (DV)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{913778D3-E1D8-4B55-9246-3308C54D3162}" = Citrix online plug-in (PNA)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}" = Dell Stage
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BFG-100 Percent Hidden Objects" = 100% Hidden Objects
"BFGC" = Big Fish Games: Game Manager
"BFG-Deadtime Stories" = Deadtime Stories
"BFG-Final Cut - Death on the Silver Screen Collector's Edition" = Final Cut: Death on the Silver Screen Collector's Edition
"BFG-Haunted Legends - The Undertaker Collector's Edition" = Haunted Legends: The Undertaker Collector's Edition
"BFG-House of 1000 Doors - Family Secrets" = House of 1000 Doors: Family Secrets
"BFG-Lost Tales - Forgotten Souls" = Lost Tales: Forgotten Souls
"BFG-Midnight Mysteries - Haunted Houdini Deluxe" = Midnight Mysteries: Haunted Houdini Deluxe
"BFG-Mystery Case Files - 13th Skull" = Mystery Case Files &reg;: 13th Skull ™
"BFG-Mystery Case Files - Escape from Ravenhearst Collector's Edition" = Mystery Case Files&reg;: Escape from Ravenhearst™ Collector's Edition
"BFG-Mystery Trackers - Black Isle" = Mystery Trackers: Black Isle
"BFG-The Great Unknown - Houdini's Castle" = The Great Unknown: Houdini's Castle
"CitrixOnlinePluginFull" = Citrix online plug-in
"Dell Webcam Central" = Dell Webcam Central
"GoToAssist" = GoToAssist Corporate
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MSC" = McAfee SecurityCenter
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"VLC media player" = VLC media player 2.0.0
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2944183578-3487090842-871884772-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Broadcom Wireless LAN Events ]
Error - 12/29/2012 11:33:03 PM | Computer Name = Clare-PC | Source = WLAN-Tray | ID = 0
Description = 22:33:03, Sat, Dec 29, 12 Error - Unable to gain access to user store


Error - 1/19/2013 7:45:45 PM | Computer Name = Clare-PC | Source = WLAN-Tray | ID = 0
Description = 18:45:45, Sat, Jan 19, 13 Error - Unable to gain access to user store


Error - 3/19/2013 9:59:37 AM | Computer Name = Clare-PC | Source = WLAN-Tray | ID = 0
Description = 09:59:37, Tue, Mar 19, 13 Error - Unable to gain access to user store


Error - 4/5/2013 7:13:15 AM | Computer Name = Clare-PC | Source = WLAN-Tray | ID = 0
Description = 07:13:14, Fri, Apr 05, 13 Error - Unable to gain access to user store


Error - 5/8/2013 11:20:23 PM | Computer Name = Clare-PC | Source = WLAN-Tray | ID = 0
Description = 23:20:23, Wed, May 08, 13 Error - Unable to gain access to user store


Error - 5/9/2013 7:29:59 AM | Computer Name = Clare-PC | Source = WLAN-Tray | ID = 0
Description = 07:29:59, Thu, May 09, 13 Error - Unable to gain access to user store


Error - 5/11/2013 10:03:30 AM | Computer Name = Clare-PC | Source = WLAN-Tray | ID = 0
Description = 10:03:30, Sat, May 11, 13 Error - Unable to gain access to user store


[ Dell Events ]
Error - 2/22/2013 5:34:05 PM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/23/2013 1:04:49 AM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/23/2013 1:04:49 AM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/23/2013 4:46:41 PM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/23/2013 4:46:41 PM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/23/2013 4:53:31 PM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 2/23/2013 4:53:31 PM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/11/2013 12:26:50 AM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/11/2013 12:26:50 AM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 5/14/2013 6:04:36 PM | Computer Name = Clare-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.


< End of report >

http://dev.discussions.virtualdr.forums.relay.cool/ Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

---

:OTL
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] CARD\WLTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4 - HKLM..\Run: [] File not found
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/01/05 21:25:48 | 000,010,634 | -HS- | C] () -- C:\Users\Clare\AppData\Local\uv308yh046ialy08701ee72886k54oe275b2hq2s7qe206
[2012/01/05 21:25:48 | 000,010,634 | -HS- | C] () -- C:\ProgramData\uv308yh046ialy08701ee72886k54oe275b2hq2s7qe206
[2012/01/02 16:06:09 | 000,009,086 | -HS- | C] () -- C:\Users\Clare\AppData\Local\658vt81rq44k26254832ldwjcu8h317hgs2of56838w
[2012/01/02 16:06:09 | 000,009,086 | -HS- | C] () -- C:\ProgramData\658vt81rq44k26254832ldwjcu8h317hgs2of56838w

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

http://dev.discussions.virtualdr.forums.relay.cool/ Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


http://dev.discussions.virtualdr.forums.relay.cool/ Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

http://dev.discussions.virtualdr.forums.relay.cool/ Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

http://dev.discussions.virtualdr.forums.relay.cool/ Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@nexon.net/NxGame\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Broadcom Wireless Manager UI deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Clare\AppData\Local\uv308yh046ialy08701ee72886k54oe275b2hq2s7qe206 moved successfully.
C:\ProgramData\uv308yh046ialy08701ee72886k54oe275b2hq2s7qe206 moved successfully.
C:\Users\Clare\AppData\Local\658vt81rq44k26254832ldwjcu8h317hgs2of56838w moved successfully.
C:\ProgramData\658vt81rq44k26254832ldwjcu8h317hgs2of56838w moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Clare
->Temp folder emptied: 241790 bytes
->Temporary Internet Files folder emptied: 146213092 bytes
->Java cache emptied: 8862461 bytes
->Google Chrome cache emptied: 6099312 bytes
->Flash cache emptied: 607 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 248760141 bytes
->Flash cache emptied: 34211 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84659 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 391.00 mb


[EMPTYJAVA]

User: All Users

User: Clare
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Guest

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Clare
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05172013_124420

Files\Folders moved on Reboot...
C:\Users\Clare\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Clare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QZJXC51N\ba[1].htm moved successfully.
C:\Users\Clare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QZJXC51N\page2;;e=i;s=9503;g=172;w=37;m=501;;z=40824058;;v=0;k=;ord=12345[1].htm moved successfully.
C:\Users\Clare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GQZO93BN\page2;;e=i;s=9503;g=172;w=37;m=501;;z=40824058;;v=0;k=;ord=12345[1].htm moved successfully.
C:\Users\Clare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GQZO93BN\showthread[3].htm moved successfully.
C:\Users\Clare\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.63
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java(TM) 6 Update 35
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.7.700.202
Adobe Reader 9
Adobe Reader XI
Google Chrome 26.0.1410.43
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 14-04-2013
Ran by Clare (administrator) on 17-05-2013 at 13:24:28
Running from "C:\Users\Clare\Desktop"
Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-02-13 08:25] - [2013-01-04 01:41] - 1893224 ____A (Microsoft Corporation) 5CFB7AB8F9524D1A1E14369DE63B83CC

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2009-07-13 19:54] - [2009-07-13 21:41] - 1011712 ____A () D41D8CD98F00B204E9800998ECF8427E

ATTENTION!=====> C:\Program Files\Windows Defender\MpSvc.dll IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

When done with Eset....

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Program Files\Windows Defender\MpSvc.dll
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

No threats found on eset.

When I tried to analyze dll file, I got a message that I didn't have permission.

I just found out that we're dealing here with new type of infection.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.[/*]
• Press Scan button.[/*]
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.[/*]
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.[/*]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013
Ran by Clare (administrator) on 17-05-2013 19:20:09
Running from C:\Users\Clare\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcagent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Core\mchost.exe
(Farbar) C:\Users\Clare\Downloads\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()
HKLM\...\RunOnce: [EDocs] C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe /s [1499648 2010-04-28] (Dell Inc.)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
HKLM-x32\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161088 2010-07-21] ()
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {B74E569A-E0DC-4F64-8E20-B586BF9B1AD9} URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120629212639.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120629212639.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
PDF: HKLM-x32 {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56...y/jeopardy.cab
PDF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
PDF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab
PDF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shoc...sh/swflash.cab
Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [65024] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\Bonjour\mdnsNSP.dll [193824] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Chrome:
=======

==================== Services (Whitelisted) =================

R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] ()
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4950016 2009-12-17] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U3 mfeavfk01; No ImagePath
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-17 19:19 - 2013-05-17 19:19 - 01877468 ____A (Farbar) C:\Users\Clare\Downloads\FRST64.exe
2013-05-17 19:19 - 2013-05-17 19:19 - 00000000 ____D C:\FRST
2013-05-17 14:07 - 2013-05-17 14:07 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-17 13:40 - 2013-05-17 13:40 - 00448512 ____A (OldTimer Tools) C:\Users\Clare\Downloads\TFC.exe
2013-05-17 13:30 - 2013-05-17 13:30 - 00448512 ____A (OldTimer Tools) C:\Users\Clare\Desktop\TFC.exe
2013-05-17 13:24 - 2013-05-17 13:25 - 00002754 ____A C:\Users\Clare\Downloads\FSS.txt
2013-05-17 13:23 - 2013-05-17 13:23 - 00354299 ____A (Farbar) C:\Users\Clare\Downloads\FSS.exe
2013-05-17 13:06 - 2013-05-17 13:06 - 00890825 ____A C:\Users\Clare\Downloads\SecurityCheck.exe
2013-05-17 12:44 - 2013-05-17 12:44 - 00000000 ____D C:\_OTL
2013-05-14 23:07 - 2013-05-14 23:07 - 00125960 ____A C:\Users\Clare\Downloads\OTL.Txt
2013-05-14 23:07 - 2013-05-14 23:07 - 00060650 ____A C:\Users\Clare\Downloads\Extras.Txt
2013-05-14 22:45 - 2013-05-14 22:45 - 00602112 ____A (OldTimer Tools) C:\Users\Clare\Downloads\OTL.exe
2013-05-14 22:36 - 2013-05-14 22:36 - 00002217 ____A C:\Users\Clare\Downloads\JRT.txt
2013-05-14 22:33 - 2013-05-14 22:33 - 00000000 ____D C:\Windows\ERUNT
2013-05-14 22:32 - 2013-05-14 22:33 - 00000000 ____D C:\JRT
2013-05-14 22:32 - 2013-05-14 22:32 - 00001099 ____A C:\Users\Clare\Downloads\JRT - Shortcut.lnk
2013-05-14 22:31 - 2013-05-14 22:31 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clare\Downloads\JRT.exe
2013-05-14 22:19 - 2013-05-14 22:19 - 00002324 ____A C:\AdwCleaner[S1].txt
2013-05-14 22:16 - 2013-05-14 22:16 - 00628743 ____A C:\Users\Clare\Downloads\adwcleaner.exe
2013-05-14 21:12 - 2013-05-14 21:12 - 00011472 ____A C:\ComboFix.txt
2013-05-14 21:12 - 2013-05-14 21:12 - 00000000 ____D C:\Windows\erdnt
2013-05-14 20:58 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-14 20:58 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-14 20:58 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-14 20:58 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-14 20:58 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-14 20:58 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-14 20:58 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-14 20:58 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-14 20:57 - 2013-05-14 21:12 - 00000000 ___AD C:\Qoobox
2013-05-14 20:57 - 2013-05-14 20:57 - 00001150 ____A C:\Users\Clare\Downloads\ComboFix - Shortcut.lnk
2013-05-14 20:50 - 2013-05-14 20:50 - 05066131 ____R (Swearware) C:\Users\Clare\Downloads\ComboFix.exe
2013-05-12 01:20 - 2013-02-22 02:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-12 01:20 - 2013-02-22 02:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-12 01:20 - 2013-02-22 02:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-12 01:20 - 2013-02-22 02:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-12 01:20 - 2013-02-22 02:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-12 01:20 - 2013-02-22 02:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-12 01:20 - 2013-02-22 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-12 01:20 - 2013-02-22 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-12 01:20 - 2013-02-22 02:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-12 01:20 - 2013-02-22 02:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-12 01:20 - 2013-02-22 02:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-12 01:20 - 2013-02-22 02:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-12 01:20 - 2013-02-22 02:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-12 01:20 - 2013-02-22 02:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-12 01:20 - 2013-02-22 02:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-12 01:20 - 2013-02-22 02:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-12 01:20 - 2013-02-22 00:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-12 01:20 - 2013-02-21 23:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-12 01:20 - 2013-02-21 23:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-12 01:20 - 2013-02-21 23:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-12 01:20 - 2013-02-21 23:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-12 01:20 - 2013-02-21 23:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-12 01:20 - 2013-02-21 23:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-12 01:20 - 2013-02-21 23:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-12 01:20 - 2013-02-21 23:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-12 01:20 - 2013-02-21 23:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-12 01:20 - 2013-02-21 23:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-12 01:20 - 2013-02-21 23:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-12 01:20 - 2013-02-21 23:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-12 01:20 - 2013-02-21 23:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-12 01:20 - 2013-02-21 23:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-12 01:20 - 2013-02-21 23:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-11 11:52 - 2013-04-12 10:36 - 01653096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-11 11:52 - 2013-02-28 23:32 - 03150848 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-11 11:51 - 2013-03-19 02:05 - 05466472 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-11 11:51 - 2013-03-19 01:54 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-11 11:51 - 2013-03-19 01:51 - 00058368 ____A (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2013-05-11 11:51 - 2013-03-19 01:51 - 00034304 ____A (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2013-05-11 11:51 - 2013-03-19 01:04 - 03971432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-05-11 11:51 - 2013-03-19 01:04 - 03915608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-05-11 11:51 - 2013-03-19 00:53 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-05-11 11:51 - 2013-03-19 00:49 - 00050688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2013-05-11 11:51 - 2013-03-18 23:57 - 00148480 ____A (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2013-05-11 11:51 - 2013-03-18 23:57 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2013-05-11 11:51 - 2013-03-18 23:57 - 00017920 ____A (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2013-05-11 11:51 - 2013-03-18 23:19 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-11 11:51 - 2013-02-12 11:42 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-05-11 11:51 - 2013-02-12 11:37 - 03138048 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-11 11:51 - 2013-02-12 11:31 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-05-11 11:51 - 2013-02-12 11:13 - 02691072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-05-11 11:51 - 2013-02-12 11:07 - 00131072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-05-11 11:51 - 2013-02-12 09:59 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-05-11 11:51 - 2013-01-24 01:41 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-11 11:49 - 2013-02-12 10:02 - 00019968 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-11 11:42 - 2013-05-17 14:15 - 00984355 ____A C:\Windows\WindowsUpdate.log
2013-05-11 11:04 - 2013-05-11 11:04 - 00000000 ____D C:\Users\Clare\Downloads\mbar-1.05.0.1001
2013-05-11 10:58 - 2013-05-11 10:58 - 00002574 ____A C:\Users\Clare\Downloads\RKreport[2]_D_05112013_02d1058.txt
2013-05-11 10:50 - 2013-05-11 10:50 - 00002703 ____A C:\Users\Clare\Downloads\RKreport[1]_S_05112013_02d1050.txt
2013-05-11 10:45 - 2013-05-11 10:57 - 00000000 ____D C:\Users\Clare\Downloads\RK_Quarantine
2013-05-11 10:01 - 2013-05-17 13:52 - 00002756 ____A C:\Windows\PFRO.log
2013-05-11 10:01 - 2013-05-17 13:52 - 00000728 ____A C:\Windows\setupact.log
2013-05-11 10:01 - 2013-05-11 10:01 - 00000000 ____A C:\Windows\setuperr.log
2013-05-11 00:12 - 2013-05-11 00:14 - 12917756 ____A C:\Users\Clare\Downloads\mbar-1.05.0.1001.zip
2013-05-11 00:11 - 2013-05-11 00:11 - 00791040 ____A C:\Users\Clare\Downloads\RogueKillerX64.exe
2013-05-09 10:58 - 2013-05-09 10:58 - 00113949 ____A C:\acrobat.exe
2013-05-08 22:52 - 2013-05-08 22:52 - 00648921 ____A C:\googleupdate.exe
2013-05-06 15:52 - 2013-05-06 15:52 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-05 23:33 - 2013-05-05 23:33 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-05 23:33 - 2013-05-05 23:33 - 00000000 ____D C:\Users\Clare\AppData\Roaming\Malwarebytes
2013-05-05 23:33 - 2013-05-05 23:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-05 23:33 - 2013-05-05 23:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-05 23:33 - 2013-04-04 14:50 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-05-05 23:32 - 2013-05-05 23:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Clare\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-05 23:27 - 2013-05-10 23:20 - 00049388 ____A C:\Users\Clare\Desktop\attach.txt
2013-05-05 23:27 - 2013-05-10 23:20 - 00019365 ____A C:\Users\Clare\Desktop\dds.txt
2013-05-05 23:25 - 2013-05-05 23:25 - 00688992 ____R (Swearware) C:\Users\Clare\Downloads\dds.com
2013-05-05 17:33 - 2013-05-05 17:33 - 02399436 ____A C:\Users\Clare\Downloads\hist251.zip
2013-04-27 00:21 - 2013-04-27 00:21 - 17605512 ____A (Adobe Systems Incorporated) C:\Users\Clare\Downloads\install_flash_player.exe
2013-04-27 00:21 - 2013-04-27 00:21 - 16940424 ____A (Adobe Systems Incorporated) C:\Users\Clare\Downloads\install_flash_player_ax (1).exe
2013-04-27 00:19 - 2013-04-27 00:19 - 16940424 ____A (Adobe Systems Incorporated) C:\Users\Clare\Downloads\install_flash_player_ax.exe

==================== One Month Modified Files and Folders =======

2013-05-17 19:19 - 2013-05-17 19:19 - 01877468 ____A (Farbar) C:\Users\Clare\Downloads\FRST64.exe
2013-05-17 19:19 - 2013-05-17 19:19 - 00000000 ____D C:\FRST
2013-05-17 19:09 - 2011-07-20 17:40 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944183578-3487090842-871884772-1000UA.job
2013-05-17 18:58 - 2012-10-03 08:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-17 18:37 - 2012-09-10 00:09 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-17 14:15 - 2013-05-11 11:42 - 00984355 ____A C:\Windows\WindowsUpdate.log
2013-05-17 14:07 - 2013-05-17 14:07 - 00000000 ____D C:\Program Files (x86)\ESET
2013-05-17 13:59 - 2009-07-14 00:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-17 13:59 - 2009-07-14 00:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-17 13:56 - 2012-09-10 00:09 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-17 13:56 - 2011-04-19 17:41 - 00000000 ___HD C:\Users\Clare\AppData\Local\SoftThinks
2013-05-17 13:52 - 2013-05-11 10:01 - 00002756 ____A C:\Windows\PFRO.log
2013-05-17 13:52 - 2013-05-11 10:01 - 00000728 ____A C:\Windows\setupact.log
2013-05-17 13:52 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-17 13:40 - 2013-05-17 13:40 - 00448512 ____A (OldTimer Tools) C:\Users\Clare\Downloads\TFC.exe
2013-05-17 13:30 - 2013-05-17 13:30 - 00448512 ____A (OldTimer Tools) C:\Users\Clare\Desktop\TFC.exe
2013-05-17 13:25 - 2013-05-17 13:24 - 00002754 ____A C:\Users\Clare\Downloads\FSS.txt
2013-05-17 13:23 - 2013-05-17 13:23 - 00354299 ____A (Farbar) C:\Users\Clare\Downloads\FSS.exe
2013-05-17 13:06 - 2013-05-17 13:06 - 00890825 ____A C:\Users\Clare\Downloads\SecurityCheck.exe
2013-05-17 12:44 - 2013-05-17 12:44 - 00000000 ____D C:\_OTL
2013-05-17 10:02 - 2011-04-19 17:45 - 00000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2013-05-16 07:50 - 2011-04-19 17:45 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-05-15 23:37 - 2011-05-19 18:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 23:35 - 2012-12-30 00:55 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 23:07 - 2013-05-14 23:07 - 00125960 ____A C:\Users\Clare\Downloads\OTL.Txt
2013-05-14 23:07 - 2013-05-14 23:07 - 00060650 ____A C:\Users\Clare\Downloads\Extras.Txt
2013-05-14 22:45 - 2013-05-14 22:45 - 00602112 ____A (OldTimer Tools) C:\Users\Clare\Downloads\OTL.exe
2013-05-14 22:36 - 2013-05-14 22:36 - 00002217 ____A C:\Users\Clare\Downloads\JRT.txt
2013-05-14 22:33 - 2013-05-14 22:33 - 00000000 ____D C:\Windows\ERUNT
2013-05-14 22:33 - 2013-05-14 22:32 - 00000000 ____D C:\JRT
2013-05-14 22:32 - 2013-05-14 22:32 - 00001099 ____A C:\Users\Clare\Downloads\JRT - Shortcut.lnk
2013-05-14 22:31 - 2013-05-14 22:31 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Clare\Downloads\JRT.exe
2013-05-14 22:19 - 2013-05-14 22:19 - 00002324 ____A C:\AdwCleaner[S1].txt
2013-05-14 22:16 - 2013-05-14 22:16 - 00628743 ____A C:\Users\Clare\Downloads\adwcleaner.exe
2013-05-14 21:12 - 2013-05-14 21:12 - 00011472 ____A C:\ComboFix.txt
2013-05-14 21:12 - 2013-05-14 21:12 - 00000000 ____D C:\Windows\erdnt
2013-05-14 21:12 - 2013-05-14 20:57 - 00000000 ___AD C:\Qoobox
2013-05-14 21:11 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-05-14 21:10 - 2011-04-19 17:41 - 00000000 ____D C:\users\Clare
2013-05-14 20:57 - 2013-05-14 20:57 - 00001150 ____A C:\Users\Clare\Downloads\ComboFix - Shortcut.lnk
2013-05-14 20:50 - 2013-05-14 20:50 - 05066131 ____R (Swearware) C:\Users\Clare\Downloads\ComboFix.exe
2013-05-14 18:04 - 2011-04-19 15:50 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-05-14 17:58 - 2012-10-03 08:12 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 17:58 - 2011-07-22 21:39 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-14 08:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-12 19:56 - 2011-04-19 15:44 - 00000000 ____D C:\ProgramData\Adobe
2013-05-12 11:47 - 2009-07-14 00:45 - 00461464 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-12 01:19 - 2011-07-20 17:40 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2944183578-3487090842-871884772-1000Core.job
2013-05-11 11:40 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-11 11:04 - 2013-05-11 11:04 - 00000000 ____D C:\Users\Clare\Downloads\mbar-1.05.0.1001
2013-05-11 10:58 - 2013-05-11 10:58 - 00002574 ____A C:\Users\Clare\Downloads\RKreport[2]_D_05112013_02d1058.txt
2013-05-11 10:57 - 2013-05-11 10:45 - 00000000 ____D C:\Users\Clare\Downloads\RK_Quarantine
2013-05-11 10:50 - 2013-05-11 10:50 - 00002703 ____A C:\Users\Clare\Downloads\RKreport[1]_S_05112013_02d1050.txt
2013-05-11 10:01 - 2013-05-11 10:01 - 00000000 ____A C:\Windows\setuperr.log
2013-05-11 01:15 - 2012-12-01 20:58 - 00000000 ____D C:\Users\Clare\Documents\Registry Backup
2013-05-11 00:28 - 2009-07-14 01:13 - 00730596 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-11 00:23 - 2012-09-10 00:09 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-11 00:14 - 2013-05-11 00:12 - 12917756 ____A C:\Users\Clare\Downloads\mbar-1.05.0.1001.zip
2013-05-11 00:11 - 2013-05-11 00:11 - 00791040 ____A C:\Users\Clare\Downloads\RogueKillerX64.exe
2013-05-10 23:20 - 2013-05-05 23:27 - 00049388 ____A C:\Users\Clare\Desktop\attach.txt
2013-05-10 23:20 - 2013-05-05 23:27 - 00019365 ____A C:\Users\Clare\Desktop\dds.txt
2013-05-08 22:55 - 2011-04-19 17:46 - 00000072 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log
2013-05-08 22:52 - 2013-05-08 22:52 - 00648921 ____A C:\googleupdate.exe
2013-05-06 15:54 - 2013-02-25 11:47 - 00000000 ____D C:\Windows\Minidump
2013-05-06 15:52 - 2013-05-06 15:52 - 00001981 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-05-06 15:52 - 2011-05-07 09:46 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-05-05 23:33 - 2013-05-05 23:33 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-05 23:33 - 2013-05-05 23:33 - 00000000 ____D C:\Users\Clare\AppData\Roaming\Malwarebytes
2013-05-05 23:33 - 2013-05-05 23:33 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-05-05 23:33 - 2013-05-05 23:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-05 23:32 - 2013-05-05 23:32 - 10285040 ____A (Malwarebytes Corporation ) C:\Users\Clare\Downloads\mbam-setup-1.75.0.1300.exe
2013-05-05 23:25 - 2013-05-05 23:25 - 00688992 ____R (Swearware) C:\Users\Clare\Downloads\dds.com
2013-05-05 23:13 - 2011-05-17 15:48 - 00000000 ____D C:\users\Guest
2013-05-05 23:13 - 2009-07-14 03:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-05 23:13 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-05-05 23:13 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-05-05 23:13 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-05 23:13 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-05-05 23:13 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-05-05 23:13 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-05-05 23:13 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-05-05 23:13 - 2009-07-13 23:20 - 00000000 __RSD C:\Windows\Media
2013-05-05 23:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\migwiz
2013-05-05 23:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\servicing
2013-05-05 23:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\IME
2013-05-05 23:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Cursors
2013-05-05 23:13 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-05-05 23:13 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Services
2013-05-05 23:12 - 2013-03-19 08:01 - 00000000 ____D C:\ProgramData\9876B713BC4D0F33000098761EA314AA
2013-05-05 23:12 - 2012-10-18 16:04 - 00000000 ____D C:\Program Files (x86)\The Great Unknown - Houdini's Castle
2013-05-05 23:12 - 2012-09-10 00:09 - 00000000 ____D C:\Program Files\CCleaner
2013-05-05 23:12 - 2012-05-20 12:57 - 00000000 ____D C:\Program Files (x86)\WinRAR
2013-05-05 23:12 - 2012-05-13 11:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-05 23:12 - 2011-04-21 16:04 - 00000000 ____D C:\Windows\SysWOW64\Atheros_L1e
2013-05-05 23:12 - 2011-04-20 00:28 - 00000000 ____D C:\Program Files\iTunes
2013-05-05 23:12 - 2011-04-20 00:26 - 00000000 ____D C:\Program Files\Bonjour
2013-05-05 23:12 - 2011-04-19 16:06 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-05 23:12 - 2011-04-19 15:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-05 23:12 - 2011-04-19 15:52 - 00000000 ____D C:\ProgramData\McAfee
2013-05-05 23:12 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\System32\restore
2013-05-05 23:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2013-05-05 23:11 - 2013-04-16 15:47 - 00000000 ____D C:\Program Files (x86)\100 Percent Hidden Objects
2013-05-05 23:11 - 2013-04-11 14:14 - 00000000 ____D C:\Program Files (x86)\Lost Tales - Forgotten Souls
2013-05-05 23:11 - 2013-03-30 14:16 - 00000000 ____D C:\Program Files (x86)\Deadtime Stories
2013-05-05 23:11 - 2013-03-19 09:56 - 00000000 ____D C:\9876B713BC4D0F33000098761EA314AA
2013-05-05 23:11 - 2012-11-17 15:27 - 00000000 ____D C:\Program Files (x86)\Haunted Legends - The Undertaker Collector's Edition
2013-05-05 23:11 - 2012-07-05 09:40 - 00000000 ____D C:\Program Files (x86)\Final Cut - Death on the Silver Screen Collector's Edition
2013-05-05 23:11 - 2012-05-25 17:22 - 00000000 ____D C:\Program Files (x86)\Mystery Trackers - Black Isle
2013-05-05 23:11 - 2012-05-13 11:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-05-05 23:11 - 2012-02-09 09:56 - 00000000 ____D C:\Program Files (x86)\Midnight Mysteries - Haunted Houdini Deluxe
2013-05-05 23:11 - 2012-01-27 15:04 - 00000000 ____D C:\Program Files (x86)\House of 1000 Doors - Family Secrets
2013-05-05 23:11 - 2011-12-27 00:30 - 00000000 ____D C:\Program Files (x86)\Mystery Case Files - Escape from Ravenhearst Collector's Edition
2013-05-05 23:11 - 2011-11-29 11:21 - 00000000 ____D C:\Program Files (x86)\Mystery Case Files - 13th Skull
2013-05-05 23:11 - 2011-09-18 02:00 - 00000000 ____D C:\e31876b2b5cf41153fee98c7
2013-05-05 23:11 - 2011-06-11 17:57 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-05-05 23:11 - 2011-04-20 00:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-05 23:11 - 2011-04-20 00:27 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-05 23:11 - 2011-04-20 00:27 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-05-05 23:11 - 2011-04-20 00:26 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-05-05 23:11 - 2011-04-19 19:05 - 00000000 ____D C:\Program Files (x86)\bfgclient
2013-05-05 23:11 - 2011-04-19 15:45 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Online
2013-05-05 23:11 - 2011-04-17 16:45 - 00000000 ____D C:\dell
2013-05-05 23:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2013-05-05 17:33 - 2013-05-05 17:33 - 02399436 ____A C:\Users\Clare\Downloads\hist251.zip
2013-04-27 00:21 - 2013-04-27 00:21 - 17605512 ____A (Adobe Systems Incorporated) C:\Users\Clare\Downloads\install_flash_player.exe
2013-04-27 00:21 - 2013-04-27 00:21 - 16940424 ____A (Adobe Systems Incorporated) C:\Users\Clare\Downloads\install_flash_player_ax (1).exe
2013-04-27 00:19 - 2013-04-27 00:19 - 16940424 ____A (Adobe Systems Incorporated) C:\Users\Clare\Downloads\install_flash_player_ax.exe
2013-04-24 11:52 - 2011-04-19 17:57 - 00000000 ____D C:\Users\Clare\AppData\Roaming\Adobe
2013-04-22 07:28 - 2009-07-14 01:08 - 00032612 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-21 18:09 - 2011-04-27 11:09 - 00000000 ___HD C:\Users\Clare\AppData\Local\Adobe
2013-04-19 10:16 - 2013-04-04 09:06 - 00029696 ____A C:\Users\Clare\Downloads\Medical Reimbursement.xls

Other Malware:
===========
C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-14 08:22

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-05-2013
Ran by Clare at 2013-05-17 19:21:41 Run:
Running from C:\Users\Clare\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

100% Hidden Objects
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Advanced Audio FX Engine (Version: 1.12.05)
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.2.120)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.23)
Big Fish Games: Game Manager (Version: 3.0.1.60)
Bonjour (Version: 2.0.5.0)
CCleaner (Version: 3.25)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Citrix online plug-in (DV) (Version: 12.3.0.8)
Citrix online plug-in (HDX) (Version: 12.3.0.8)
Citrix online plug-in (PNA) (Version: 12.3.0.8)
Citrix online plug-in (SSON) (Version: 12.3.0.8)
Citrix online plug-in (USB) (Version: 12.3.0.8)
Citrix online plug-in (Version: 12.3.0.8)
Citrix online plug-in (Web) (Version: 12.3.0.8)
Consumer In-Home Service Agreement (Version: 2.0.0)
D3DX10 (Version: 15.4.2368.0902)
Deadtime Stories
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.47)
Dell DataSafe Online (Version: 1.2.0011)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell MusicStage (Version: 1.4.162.0)
Dell PhotoStage (Version: 1.5.0.30)
Dell Stage (Version: 1.4.173.0)
Dell Support Center (Version: 3.0.5621.01)
Dell VideoStage (Version: 1.1.1.1408)
Dell Webcam Central (Version: 2.00.35)
DirectX 9 Runtime (Version: 1.00.0000)
DW WLAN Card Utility (Version: 5.60.48.18)
ESET Online Scanner v3
Final Cut: Death on the Silver Screen Collector's Edition
Google Chrome (Version: 26.0.1410.64)
Google Update Helper (Version: 1.3.21.145)
GoToAssist Corporate (Version: 9.1.0.615)
Haunted Legends: The Undertaker Collector's Edition
House of 1000 Doors: Family Secrets
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Internet Explorer (Version: 8)
iTunes (Version: 10.2.2.12)
Java 7 Update 7 (Version: 7.0.70)
Java Auto Updater (Version: 2.1.9.0)
Java(TM) 6 Update 24 (64-bit) (Version: 6.0.240)
Java(TM) 6 Update 35 (Version: 6.0.350)
Junk Mail filter update (Version: 15.4.3502.0922)
LoJack Factory Installer (Version: 1.0.0)
Lost Tales: Forgotten Souls
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee SecurityCenter (Version: 11.6.511)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Midnight Mysteries: Haunted Houdini Deluxe
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mystery Case Files &reg;: 13th Skull ™
Mystery Case Files&reg;: Escape from Ravenhearst™ Collector's Edition
Mystery Trackers: Black Isle
OpenAL
PhotoShowExpress (Version: 2.0.063)
QuickTime (Version: 7.69.80.9)
RBVirtualFolder64Inst (Version: 1.00.0000)
Roxio Activation Module (Version: 1.0)
Roxio BackOnTrack (Version: 1.3.3)
Roxio Burn (Version: 1.8)
Roxio Creator Starter (Version: 1.0.439)
Roxio Creator Starter (Version: 12.1.77.0)
Roxio Creator Starter (Version: 5.0.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio File Backup (Version: 1.3.2)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 5.10 (Version: 5.10.116)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
The Great Unknown: Houdini's Castle
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
VLC media player 2.0.0 (Version: 2.0.0)
WildTangent Games (Version: 1.0.0.71)
WildTangent Games App (Dell Games) (Version: 4.0.5.32)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.11 (32-bit) (Version: 4.11.0)

==================== Restore Points =========================

06-05-2013 19:56:12 Test
11-05-2013 04:25:25 Before Drive
11-05-2013 15:36:35 Malwarebytes Anti-Rootkit Restore Point
11-05-2013 15:43:35 Windows Update
12-05-2013 05:19:26 Windows Update
15-05-2013 00:47:54 Combofix BEFORE
16-05-2013 03:34:22 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2013 01:38:17 PM) (Source: Application Hang) (User: )
Description: The program TFC.exe version 3.1.9.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c24

Start Time: 01ce53243d6579b3

Termination Time: 0

Application Path: C:\Users\Clare\Desktop\TFC.exe

Report Id:

Error: (05/17/2013 01:01:12 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (05/17/2013 10:00:08 AM) (Source: PC-Doctor) (User: )
Description: (20172) Asapi: (10:00:08:2390)(20172) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (05/17/2013 10:00:08 AM) (Source: PC-Doctor) (User: )
Description: (20172) Asapi: (10:00:08:2390)(20172) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (05/16/2013 11:31:29 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (05/16/2013 10:00:05 AM) (Source: PC-Doctor) (User: )
Description: (4156) Asapi: (10:00:05:9460)(4156) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (05/16/2013 10:00:05 AM) (Source: PC-Doctor) (User: )
Description: (4156) Asapi: (10:00:05:8830)(4156) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (05/15/2013 11:34:07 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (05/15/2013 02:13:46 PM) (Source: PC-Doctor) (User: )
Description: (3208) Asapi: (14:13:46:9820)(3208) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (05/15/2013 02:13:46 PM) (Source: PC-Doctor) (User: )
Description: (3208) Asapi: (14:13:46:9660)(3208) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'


System errors:
=============
Error: (05/17/2013 06:28:13 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{AE1FA7B2-B120-4E1A-BF66-C1DEB08815F5}.
The backup browser is stopping.

Error: (05/17/2013 02:10:12 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{AE1FA7B2-B120-4E1A-BF66-C1DEB08815F5}.
The backup browser is stopping.

Error: (05/17/2013 01:52:36 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%5

Error: (05/17/2013 01:41:06 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (05/17/2013 01:30:53 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/17/2013 01:19:16 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{AE1FA7B2-B120-4E1A-BF66-C1DEB08815F5}.
The backup browser is stopping.

Error: (05/17/2013 01:02:26 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%5

Error: (05/17/2013 00:44:20 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (05/17/2013 07:35:35 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%5

Error: (05/16/2013 07:50:53 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (05/17/2013 01:38:17 PM) (Source: Application Hang)(User: )
Description: TFC.exe3.1.9.0c2401ce53243d6579b30C:\Users\Clare\Desktop\TFC.exe

Error: (05/17/2013 01:01:12 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (05/17/2013 10:00:08 AM) (Source: PC-Doctor)(User: )
Description: (20172) Asapi: (10:00:08:2390)(20172) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (05/17/2013 10:00:08 AM) (Source: PC-Doctor)(User: )
Description: (20172) Asapi: (10:00:08:2390)(20172) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (05/16/2013 11:31:29 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (05/16/2013 10:00:05 AM) (Source: PC-Doctor)(User: )
Description: (4156) Asapi: (10:00:05:9460)(4156) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (05/16/2013 10:00:05 AM) (Source: PC-Doctor)(User: )
Description: (4156) Asapi: (10:00:05:8830)(4156) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'

Error: (05/15/2013 11:34:07 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}wltrynt SENS Logon Spy Subscription

Error: (05/15/2013 02:13:46 PM) (Source: PC-Doctor)(User: )
Description: (3208) Asapi: (14:13:46:9820)(3208) Asapi.State - Error -- 123 Plugin S3LogPusher.dll failed to load.

Error: (05/15/2013 02:13:46 PM) (Source: PC-Doctor)(User: )
Description: (3208) Asapi: (14:13:46:9660)(3208) libAsapi.DynamicLoadedPlugin - Error -- 64 Unable to load library 'S3LogPusher.dll'


CodeIntegrity Errors:
===================================
Date: 2013-05-14 21:10:05.252
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-14 21:10:05.174
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-15 10:09:57.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\SETFF14.tmp because the set of per-page image hashes could not be found on the system.

Date: 2012-12-15 10:09:57.717
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\SETFF14.tmp because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 3892.52 MB
Available physical RAM: 1914.28 MB
Total Pagefile: 7783.15 MB
Available Pagefile: 5679.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.81 GB) (Free:369.74 GB) NTFS (Disk=0 Partition=3)
Drive d: (THE_GOOD_WIFE_S2_D5) (CDROM) (Total:7.07 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E0000000)
Partition 1: (Not Active) - (Size=125 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

==================== End Of Log ============================

OK, here is the latest on your type of issue...

Neither MpSvc.dll nor other patched/corrupted files in Windows Defender folder can trigger any malware activity. The files are simply corrupted and all have the same void MD5.
At this moment there is no viable way to reinstall Windows Defender, which is a part of Windows.
Since Windows Defender is totally useless the only way to deal with your issue is to disable Windows Defender.
It's already disabled in your case so you're fine.

=============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

============================

Your computer is clean http://dev.discussions.virtualdr.forums.relay.cool/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

---

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

---

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tuto...r-safe-online/

14. Please, let me know, how your computer is doing.

Thanks so much for all of your help. The computer is running fine now.

Way to go!! http://dev.discussions.virtualdr.forums.relay.cool/
Good luck and stay safe :)