Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Junkware, virus or something [Solved]


  • This topic is locked This topic is locked

#1
Zippo36

Zippo36

    New Member

  • Member
  • Pip
  • 9 posts
I googled for a pc temperature monitoring program, which led me to a forums post linking to cnet to download SpeedFan.
I havent used download.com for years but I assumed it was safe.
I unchecked the additional downloads etc but it still installed 3 programs before I had even finished downloading SpeedFan on my PC, which I removed in a fit of rage. One of 'em were called BrowserCompanion and the other one TNT2, third one I don't remember.
Right now it just keeps changing my home page to some weird search engine, and every time I open a new tab it redirects it to a directory on my PC: "file:///C:/Users/Martin/AppData/Local/TNT2/Common/pinnedSearch.htm"
I ripped up the TNT2 folder aswell.

I dont know if this is just junkware or something more serious, but I figured I'd be on the safe side and ask here.
AVG internet security & MBAM quick scans came out clean


OTL:

OTL logfile created on: 2013-06-05 08:59:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

12,00 Gb Total Physical Memory | 9,93 Gb Available Physical Memory | 82,74% Memory free
23,99 Gb Paging File | 21,80 Gb Available in Paging File | 90,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,63 Gb Total Space | 131,36 Gb Free Space | 28,77% Space Free | Partition Type: NTFS
Drive D: | 640,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 931,51 Gb Total Space | 110,49 Gb Free Space | 11,86% Space Free | Partition Type: NTFS
Drive G: | 7,61 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARTIN-DATOR | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-05 08:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2013-05-23 02:30:44 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-05-16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013-05-16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013-05-12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013-04-18 18:16:04 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-11-30 04:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012-06-28 14:54:02 | 000,695,448 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\BrowserCompanion\tcbhn.exe
PRC - [2012-03-27 17:51:19 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2012-03-27 17:51:18 | 003,521,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgui.exe
PRC - [2012-03-27 17:51:18 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2012-03-27 17:51:17 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
PRC - [2012-03-27 17:51:16 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG8\avgfws8.exe
PRC - [2012-03-27 17:51:16 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG8\avgemc.exe
PRC - [2012-03-27 17:51:16 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG8\avgam.exe
PRC - [2010-01-22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013-05-23 02:30:44 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-11-30 04:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012-11-30 04:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012-06-28 14:54:02 | 000,695,448 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\BrowserCompanion\tcbhn.exe <-- I hate this
MOD - [2012-05-15 12:54:16 | 000,070,536 | ---- | M] () -- C:\Program\TortoiseSVN\bin\libsasl32.dll


========== Services (SafeList) ==========

SRV - [2013-05-30 17:56:21 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013-05-23 02:30:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-05-15 16:15:45 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013-05-04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-04-18 18:16:04 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-03-20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012-12-26 18:34:00 | 004,814,568 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012-09-10 22:23:12 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012-03-27 17:51:17 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2012-03-27 17:51:16 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~2\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - [2012-03-27 17:51:16 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~2\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2012-03-27 17:46:23 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012-02-29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011-03-28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-02-25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012-03-29 01:19:14 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-27 17:51:20 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2012-03-27 17:51:19 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2012-03-27 17:51:16 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2012-03-27 17:35:45 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2012-03-27 17:35:31 | 000,029,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-05-20 10:04:02 | 000,276,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 03:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-06-09 11:00:14 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp)
DRV:64bit: - [2010-05-15 13:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010-04-12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010-01-22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-01-22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009-12-25 09:05:40 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009-09-16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009-08-20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008-12-26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008-07-26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008-07-26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008-07-26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008-07-26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008-01-19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2006-11-14 14:36:48 | 000,086,016 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV - [2012-08-01 15:44:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.us.com...7-0B80E0A9A1F9}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 5F EB 49 21 6D CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000fff12e5c7f
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.se"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - user.js..browser.startup.homepage: "http://search.us.com...-0B80E0A9A1F9}" <--- thats the lame search engine it keeps changing my homepage to

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@live.heroesandgenerals.com/npretox: C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mail.ru/GameCenter: C:\Users\Martin\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll File not found
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Martin\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll File not found
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\Martin\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-20 01:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-23 02:30:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-23 02:30:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-23 02:30:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-23 02:30:41 | 000,000,000 | ---D | M]

[2012-03-27 17:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2013-06-05 08:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\upxijcjg.default-1346411644975\extensions
[2012-12-04 16:38:26 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\upxijcjg.default-1346411644975\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013-05-23 02:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013-05-23 02:30:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-12-20 01:22:20 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012-08-09 09:46:00 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.us.com...7-0B80E0A9A1F9}
CHR - plugin: F\u00F6rsta anv\u00E4ndare (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Don't Starve = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - HKCU..\Run: [GameCenterMailRu] "C:\Users\Martin\AppData\Local\Mail.Ru\GameCenter\[email protected]" -autostart File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\Martin\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Martin\AppData\Roaming\BrowserCompanion\tcbhn.exe () <-- How do I kill this thing and where do I bury it??
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25895EC-1698-4D28-86A7-0ED676494ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F12E5C7F-4770-4438-AFF8-1E331C5C0531}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-05-06 06:36:00 | 000,000,059 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001-05-08 03:18:48 | 000,491,520 | R--- | M] () - D:\AutorunArcanum.exe -- [ CDFS ]
O32 - AutoRun File - [2013-05-14 06:28:06 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3cf306f2-78e1-11e1-b0b1-0025229e9908}\Shell - "" = AutoRun
O33 - MountPoints2\{3cf306f2-78e1-11e1-b0b1-0025229e9908}\Shell\AutoRun\command - "" = G:\setup.exe -- [2013-05-14 06:32:58 | 000,899,529 | R--- | M] ( )
O33 - MountPoints2\{844fc62a-734a-11e1-b0ff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{844fc62a-734a-11e1-b0ff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutorunArcanum.exe -- [2001-05-08 03:18:48 | 000,491,520 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-06-05 08:48:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013-06-05 08:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013-06-05 08:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013-06-05 08:43:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013-06-05 06:49:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OApps
[2013-06-05 04:08:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SpyParty
[2013-06-05 04:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyParty
[2013-06-05 04:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyParty
[2013-06-04 06:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gunpoint
[2013-06-03 10:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2013-05-27 14:31:57 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Razer
[2013-05-26 12:48:02 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Windows Live Writer
[2013-05-26 12:48:02 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Windows Live Writer
[2013-05-23 07:51:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArmA Edit
[2013-05-23 07:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArmA Edit
[2013-05-23 07:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArmA Edit
[2013-05-23 02:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-05-21 01:12:46 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\SH4
[2013-05-21 00:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-05-21 00:54:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\InstallShield
[2013-05-19 17:47:52 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Deus Ex
[2013-05-18 19:58:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Unity
[2013-05-18 19:40:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Unity
[2013-05-17 23:04:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Reus
[2013-05-16 18:06:32 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Game Dev Tycoon
[2013-05-13 22:53:27 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\BreakingPoint
[2013-05-13 15:18:08 | 001,858,560 | ---- | C] (Alderon Games) -- C:\Users\Martin\Desktop\BreakingPoint(2).exe
[2013-05-12 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\3DMGAME
[2013-05-11 08:33:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Fallout3
[2013-05-11 06:07:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra
[2013-05-07 09:41:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\{41CB092D-862E-4A14-BFA8-8D72C9FAD0AE}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013-06-05 09:02:38 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-05 09:02:38 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-05 08:58:33 | 001,605,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-06-05 08:58:33 | 000,671,670 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013-06-05 08:58:33 | 000,662,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-06-05 08:58:33 | 000,147,036 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013-06-05 08:58:33 | 000,126,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-06-05 08:54:03 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013-06-05 08:53:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-05 08:53:56 | 1072,234,494 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-05 08:48:24 | 000,001,007 | ---- | M] () -- C:\Users\Martin\Desktop\SpeedFan.lnk
[2013-06-05 08:48:23 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013-06-05 08:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013-06-05 08:25:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4266680609-2391001587-97202107-1001UA.job
[2013-06-05 08:15:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-05 06:49:50 | 000,000,254 | RHS- | M] () -- C:\Users\Martin\ntuser.pol
[2013-06-05 04:07:53 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\SpyParty.lnk
[2013-06-05 00:58:29 | 000,000,660 | ---- | M] () -- C:\Users\Martin\Documents\temp_settings.ini
[2013-06-05 00:25:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4266680609-2391001587-97202107-1001Core.job
[2013-06-04 23:40:26 | 000,000,501 | ---- | M] () -- C:\Users\Public\Desktop\Metro Last Light.lnk
[2013-06-04 06:48:07 | 000,000,646 | ---- | M] () -- C:\Users\Martin\Desktop\Gunpoint.lnk
[2013-06-03 00:00:00 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013-06-02 04:17:27 | 071,775,213 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2013-06-01 17:00:59 | 000,001,706 | ---- | M] () -- C:\Users\Martin\Desktop\Zoombies Launcher - genväg.lnk
[2013-05-27 14:31:50 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013-05-25 18:28:39 | 000,002,373 | ---- | M] () -- C:\Users\Martin\Desktop\Google Chrome.lnk
[2013-05-23 14:21:31 | 000,000,970 | ---- | M] () -- C:\Users\Martin\Desktop\Launch All in Arma.bat
[2013-05-23 07:51:07 | 000,002,629 | ---- | M] () -- C:\Users\Public\Desktop\ArmA Edit.lnk
[2013-05-21 00:26:58 | 000,001,593 | ---- | M] () -- C:\Users\Public\Desktop\Fallout.lnk
[2013-05-19 19:34:16 | 000,001,680 | ---- | M] () -- C:\Users\Martin\Desktop\DeusEx - genväg.lnk
[2013-05-18 16:37:56 | 001,858,560 | ---- | M] (Alderon Games) -- C:\Users\Martin\Desktop\BreakingPoint(2).exe
[2013-05-17 23:02:44 | 000,001,540 | ---- | M] () -- C:\Users\Public\Desktop\Reus.lnk
[2013-05-13 20:23:31 | 000,000,909 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\BreakingPoint_Options.ini
[2013-05-13 15:13:19 | 001,580,500 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-05-12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013-05-12 14:21:25 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2013-05-12 14:13:12 | 000,001,245 | ---- | M] () -- C:\Users\Martin\Desktop\DeadIslandGame_x86_rwdi - genväg.lnk
[2013-05-08 16:13:10 | 003,165,737 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013-05-07 01:46:10 | 000,001,208 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
[2013-05-07 01:46:10 | 000,001,178 | ---- | M] () -- C:\Users\Martin\Desktop\GamersFirst LIVE!.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013-06-05 08:48:24 | 000,001,007 | ---- | C] () -- C:\Users\Martin\Desktop\SpeedFan.lnk
[2013-06-05 08:48:23 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013-06-05 06:49:50 | 000,000,254 | RHS- | C] () -- C:\Users\Martin\ntuser.pol
[2013-06-05 04:07:53 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\SpyParty.lnk
[2013-06-05 00:58:26 | 000,000,660 | ---- | C] () -- C:\Users\Martin\Documents\temp_settings.ini
[2013-06-04 23:40:26 | 000,000,501 | ---- | C] () -- C:\Users\Public\Desktop\Metro Last Light.lnk
[2013-06-04 23:40:26 | 000,000,501 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metro Last Light.lnk
[2013-06-04 06:48:07 | 000,000,646 | ---- | C] () -- C:\Users\Martin\Desktop\Gunpoint.lnk
[2013-06-03 00:00:00 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013-05-23 13:49:16 | 000,000,970 | ---- | C] () -- C:\Users\Martin\Desktop\Launch All in Arma.bat
[2013-05-23 07:51:07 | 000,002,629 | ---- | C] () -- C:\Users\Public\Desktop\ArmA Edit.lnk
[2013-05-21 00:26:58 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Fallout.lnk
[2013-05-19 19:34:16 | 000,001,680 | ---- | C] () -- C:\Users\Martin\Desktop\DeusEx - genväg.lnk
[2013-05-17 23:02:44 | 000,001,540 | ---- | C] () -- C:\Users\Public\Desktop\Reus.lnk
[2013-05-14 14:56:56 | 000,001,706 | ---- | C] () -- C:\Users\Martin\Desktop\Zoombies Launcher - genväg.lnk
[2013-05-13 19:55:36 | 000,000,909 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\BreakingPoint_Options.ini
[2013-05-12 14:21:25 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2013-05-12 14:13:14 | 000,001,245 | ---- | C] () -- C:\Users\Martin\Desktop\DeadIslandGame_x86_rwdi - genväg.lnk
[2013-02-07 11:24:10 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013-02-02 03:24:36 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2013-02-02 03:24:36 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2013-01-08 15:52:48 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2013-01-02 06:41:17 | 000,000,094 | ---- | C] () -- C:\Users\Martin\AppData\Local\fusioncache.dat
[2012-12-07 20:31:18 | 000,001,412 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012-09-28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012-09-15 17:39:31 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012-09-01 20:06:29 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012-09-01 20:06:28 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012-09-01 20:06:28 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012-08-23 01:03:46 | 003,227,136 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_grfs.exe
[2012-08-18 23:53:10 | 000,000,046 | ---- | C] () -- C:\Users\Martin\jagex_cl_runescape_LIVE1.dat
[2012-08-18 23:43:44 | 000,000,024 | ---- | C] () -- C:\Users\Martin\jagexappletviewer.preferences
[2012-08-18 23:36:51 | 000,000,045 | ---- | C] () -- C:\Users\Martin\jagex_cl_runescape_LIVE.dat
[2012-08-18 23:36:51 | 000,000,024 | ---- | C] () -- C:\Users\Martin\random.dat
[2012-08-13 09:25:21 | 000,000,979 | ---- | C] () -- C:\Windows\eReg.dat
[2012-07-01 09:52:47 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012-06-28 02:42:04 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-06-24 02:05:03 | 000,088,864 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\icarus-dxdiag.xml
[2012-05-30 20:26:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012-05-11 01:46:36 | 001,580,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-04-11 20:18:24 | 000,007,607 | ---- | C] () -- C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
[2012-03-29 01:28:31 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-03-29 01:28:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-03-28 01:35:33 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat
[2011-09-28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-05-08 13:44:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.minecraft
[2013-04-12 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.mono
[2012-07-31 00:25:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ArmA 2 RCon
[2012-08-09 09:46:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Avnex
[2012-08-09 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Babylon
[2013-06-05 09:04:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\BrowserCompanion
[2013-02-06 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Builder
[2013-03-18 22:03:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\com.northwayGames.Incredipede
[2012-03-29 01:20:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2012-11-29 08:43:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dwarfs
[2012-07-21 10:53:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gslist
[2012-12-22 23:53:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LolClient
[2012-11-02 23:49:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mumble
[2013-06-02 07:58:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Natural Selection 2
[2012-07-07 20:47:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Notepad++
[2013-02-26 21:02:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Omerta
[2012-12-10 05:13:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Origin
[2013-03-12 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Play withSIX
[2012-03-29 01:28:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PunkBuster
[2012-08-10 00:43:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\rigonauts
[2012-08-30 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Royxy
[2013-03-13 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sandswept Studios
[2012-06-22 04:09:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\six-updater
[2012-04-28 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\six-zsync
[2012-11-21 01:51:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony Online Entertainment
[2012-08-01 18:55:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spirited Machine
[2012-07-20 00:14:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SplitMediaLabs
[2013-03-11 06:28:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SPORE
[2012-07-20 23:52:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Subversion
[2013-05-15 16:58:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TeamViewer
[2012-11-29 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Theta
[2013-02-02 03:06:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Transcend
[2012-10-20 23:15:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client
[2013-05-12 18:37:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tunngle
[2012-06-28 03:33:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft
[2013-05-18 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unity
[2013-06-05 06:51:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\uTorrent
[2012-08-31 13:12:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Veulw
[2013-05-26 12:48:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Windows Live Writer
[2012-08-30 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Wonyfu
[2013-04-06 23:27:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\XRay Engine

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Personally I would never download anything from Cnet, I will use MajorGeeks, Filehippo or Betanews instead

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000fff12e5c7f
FF - user.js..browser.startup.homepage: "http://search.us.com/?guid={7E22171A-7996-4122-8B97-0B80E0A9A1F9}" 
[2012-08-09 09:46:00 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Martin\AppData\Roaming\BrowserCompanion\tcbhn.exe () 
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
[2012-08-09 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Babylon
[2013-06-05 09:04:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\BrowserCompanion

:Files
C:\Users\Martin\AppData\Roaming\BrowserCompanion

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
Zippo36

Zippo36

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the help!

I made a minor mistake, just woke up so my head wasnt quite in the game, lesson learnt. Anyways, I messed up the AdwCleaner log a bit, a friend of mine was typing to me on skype so I seem to have missed saving it before I started the OTL scan. I pasted the majority of it to my friend on skype though. Let me know if you want me to run it again, and I will.

AdwCleaner

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Martin\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\uTorrentControl2
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Martin\AppData\Local\Conduit
Folder Deleted : C:\Users\Martin\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Martin\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Martin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Martin\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Martin\AppData\LocalLow\uTorrentControl2
Folder Deleted : C:\Users\Martin\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Martin\AppData\Roaming\BrowserCompanion

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18CE501E-DDA2-444E-8D63-02B4767285BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C05882A0-765C-4DFF-9510-A16CFD3DB317}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]

OTL fix:

All processes killed
Error: Unable to interpret <IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}> in the current context!
Error: Unable to interpret <IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000fff12e5c7f> in the current context!
Error: Unable to interpret <FF - user.js..browser.startup.homepage: "http://search.us.com...-0B80E0A9A1F9}" > in the current context!
Error: Unable to interpret <[2012-08-09 09:46:00 | 000,002,349 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Martin\AppData\Roaming\BrowserCompanion\tcbhn.exe () > in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)> in the current context!
Error: Unable to interpret <[2012-08-09 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Babylon> in the current context!
Error: Unable to interpret <[2013-06-05 09:04:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\BrowserCompanion> in the current context!
========== FILES ==========
File\Folder C:\Users\Martin\AppData\Roaming\BrowserCompanion not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martin
->Temp folder emptied: 4324248044 bytes
->Temporary Internet Files folder emptied: 203800435 bytes
->Java cache emptied: 571908 bytes
->FireFox cache emptied: 81671428 bytes
->Google Chrome cache emptied: 23340607 bytes
->Flash cache emptied: 20020 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 602112 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 328766529 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50416 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4 733,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06062013_152315

Files\Folders moved on Reboot...
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\12d3f787-4f3e-4070-beb9-0983451d2882.tmp not found!
File\Folder C:\Windows\temp\1e17eb68-7763-45e0-bdce-94874bd1b8c9.tmp not found!
File\Folder C:\Windows\temp\5233b8df-bbe3-4753-937a-812776769fd9.tmp not found!
File\Folder C:\Windows\temp\af13ea8f-9457-48b8-93b2-f14c67421e72.tmp not found!
File\Folder C:\Windows\temp\f488cee8-05dd-4a27-8470-90b8d91b13e2.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK it looks as though for the OTL fix you missed the initial part

:OTL

So could you run it again please
  • 0

#5
Zippo36

Zippo36

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
<-- Not too technically minded. Sorry about that, heres the new log:

All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
File move failed. C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk scheduled to be moved on reboot.
File C:\Users\Martin\AppData\Roaming\BrowserCompanion\tcbhn.exe not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-4266680609-2391001587-97202107-1008\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Folder C:\Users\Martin\AppData\Roaming\Babylon\ not found.
Folder C:\Users\Martin\AppData\Roaming\BrowserCompanion\ not found.
========== FILES ==========
File\Folder C:\Users\Martin\AppData\Roaming\BrowserCompanion not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martin
->Temp folder emptied: 253489 bytes
->Temporary Internet Files folder emptied: 1123031 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 14334671 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 726 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30670440 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3678 bytes

Total Files Cleaned = 44,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 06062013_161147

Files\Folders moved on Reboot...
File\Folder C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk not found!
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\079abdb4-d9b6-4cd3-b4c4-3008594a7dc1.tmp moved successfully.
C:\Windows\temp\3d0b6dd1-39b3-4270-a0f3-01b33948e695.tmp moved successfully.
C:\Windows\temp\44f1e2d5-9b98-43ab-8cb0-5eba606ac7f3.tmp moved successfully.
C:\Windows\temp\470740dc-1f41-4e41-850d-ad957058aa48.tmp moved successfully.
C:\Windows\temp\66231fbf-969e-4183-bb9c-8a81c819a7af.tmp moved successfully.
C:\Windows\temp\69baca83-cb0d-47a7-ad37-351806e6f89c.tmp moved successfully.
C:\Windows\temp\73942350-2c9d-4c0e-a84b-fd483052ca74.tmp moved successfully.
C:\Windows\temp\8080a865-854f-400f-8be7-15b83ba10e9b.tmp moved successfully.
C:\Windows\temp\8107c607-7681-4d52-b911-cef711f4e7ae.tmp moved successfully.
C:\Windows\temp\89799e84-4366-4c5d-93a2-8cfa9e94fd11.tmp moved successfully.
C:\Windows\temp\9093f30c-c387-4049-b384-4fe9dda7898e.tmp moved successfully.
C:\Windows\temp\9d6f9c9a-c5c4-43d0-abb0-93050ec84b1b.tmp moved successfully.
C:\Windows\temp\a44b8099-947f-467b-bfc8-9ff1e8ea21fb.tmp moved successfully.
C:\Windows\temp\d906209c-bade-4d7c-8966-b0609b33008f.tmp moved successfully.
C:\Windows\temp\dcef3fa3-ac67-41e0-8db3-2cb280657cd6.tmp moved successfully.
C:\Windows\temp\dde76700-1a89-4c93-adb0-a5f9927a5ade.tmp moved successfully.
C:\Windows\temp\eb848e9d-dffe-40a8-b746-904078239c77.tmp moved successfully.
C:\Windows\temp\fe290f96-0890-4325-901b-08c99dc97d23.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Browser now uses good old google again without changing after restarts, yay!

Edited by Zippo36, 06 June 2013 - 08:22 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run a fresh OTL scan now please and let me know how the computer is behaving
  • 0

#7
Zippo36

Zippo36

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It seems to be fine now, thank you. its still trying to redirect new tabs to file:///C:/Users/Martin/AppData/Local/TNT2/Common/pinnedSearch.htm though, should I be worried about that or can I just stick a google.com html in the directory instead?

OTL:

OTL logfile created on: 2013-06-06 18:59:16 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000041d | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

12,00 Gb Total Physical Memory | 9,54 Gb Available Physical Memory | 79,55% Memory free
23,99 Gb Paging File | 21,55 Gb Available in Paging File | 89,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,63 Gb Total Space | 127,59 Gb Free Space | 27,94% Space Free | Partition Type: NTFS
Drive D: | 640,54 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 931,51 Gb Total Space | 110,15 Gb Free Space | 11,83% Space Free | Partition Type: NTFS
Drive G: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: MARTIN-DATOR | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-06-06 16:53:43 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013-06-05 08:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2013-05-23 02:30:44 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013-05-16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013-05-16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013-05-16 16:38:28 | 001,213,216 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013-05-12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012-11-30 04:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012-03-27 17:51:19 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
PRC - [2012-03-27 17:51:18 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgtray.exe
PRC - [2012-03-27 17:51:17 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
PRC - [2012-03-27 17:51:16 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG8\avgfws8.exe
PRC - [2012-03-27 17:51:16 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG8\avgemc.exe
PRC - [2012-03-27 17:51:16 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~2\AVG\AVG8\avgam.exe
PRC - [2010-01-22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2013-05-23 02:30:44 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012-11-30 04:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012-11-30 04:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012-05-15 12:54:16 | 000,070,536 | ---- | M] () -- C:\Program\TortoiseSVN\bin\libsasl32.dll


========== Services (SafeList) ==========

SRV - [2013-06-06 16:53:43 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013-05-30 17:56:21 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013-05-23 02:30:44 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-05-16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013-05-15 16:15:45 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013-05-12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013-05-04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013-03-20 18:45:14 | 000,746,392 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012-12-26 18:34:00 | 004,814,568 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012-09-10 22:23:12 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012-07-13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-07-09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012-03-27 17:51:17 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2012-03-27 17:51:16 | 001,370,488 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~2\AVG\AVG8\avgfws8.exe -- (avgfws8)
SRV - [2012-03-27 17:51:16 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~2\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2012-03-27 17:46:23 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011-03-28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010-09-22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013-02-25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012-03-29 01:19:14 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012-03-27 17:51:20 | 000,033,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2012-03-27 17:51:19 | 000,427,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2012-03-27 17:51:16 | 000,014,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2012-03-27 17:35:45 | 000,133,640 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2012-03-27 17:35:31 | 000,029,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012-03-08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011-05-20 10:04:02 | 000,276,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-20 03:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-06-09 11:00:14 | 000,028,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp)
DRV:64bit: - [2010-05-15 13:11:48 | 001,327,520 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010-04-12 10:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010-01-22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010-01-22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009-12-25 09:05:40 | 000,297,512 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2009-09-16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009-08-20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 02:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-03-18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008-12-26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008-07-26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008-07-26 15:25:48 | 000,790,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2008-07-26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008-07-26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008-01-19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV:64bit: - [2006-11-14 14:36:48 | 000,086,016 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv61xx.sys -- (mv61xx)
DRV - [2012-08-01 15:44:04 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.us.com...7-0B80E0A9A1F9}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://se.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = sv-SE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 5F EB 49 21 6D CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.se"
FF - prefs.js..extensions.enabledAddons: %7B4DC70064-89E2-4a55-8FC6-E8CDEAE3618C%7D:0.7.7
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@live.heroesandgenerals.com/npretox: C:\Program Files (x86)\Heroes & Generals\live\npretoxlive.dll (Reto-Moto ApS)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mail.ru/GameCenter: C:\Users\Martin\AppData\Local\Mail.Ru\GameCenter\NPDetector.dll File not found
FF - HKCU\Software\MozillaPlugins\@tightropeinteractive.com/Plugin: C:\Users\Martin\AppData\Local\TNT2\2.0.0.1534\npTNT2.dll File not found
FF - HKCU\Software\MozillaPlugins\@tnt2ghost.com/Plugin: C:\Users\Martin\AppData\Local\TNT2\2.0.0.1534\npTNT2ghost.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martin\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-20 01:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-23 02:30:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-23 02:30:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-23 02:30:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013-05-23 02:30:41 | 000,000,000 | ---D | M]

[2012-03-27 17:58:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2013-06-05 08:51:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\upxijcjg.default-1346411644975\extensions
[2012-12-04 16:38:26 | 000,013,345 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\upxijcjg.default-1346411644975\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2013-05-23 02:30:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013-05-23 02:30:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012-12-20 01:22:20 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.us.com...7-0B80E0A9A1F9}
CHR - plugin: F\u00F6rsta anv\u00E4ndare (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Don't Starve = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiledapehlkhdehbhppgmekfalnlfajc\1.0.0.37_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-06-06 16:11:48 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Desura] C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)
O4 - HKCU..\Run: [GameCenterMailRu] "C:\Users\Martin\AppData\Local\Mail.Ru\GameCenter\[email protected]" -autostart File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent File not found
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk = C:\Users\Martin\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E25895EC-1698-4D28-86A7-0ED676494ACD}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F12E5C7F-4770-4438-AFF8-1E331C5C0531}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001-05-06 06:36:00 | 000,000,059 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001-05-08 03:18:48 | 000,491,520 | R--- | M] () - D:\AutorunArcanum.exe -- [ CDFS ]
O32 - AutoRun File - [2007-06-12 04:27:33 | 000,000,140 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{3cf306f2-78e1-11e1-b0b1-0025229e9908}\Shell - "" = AutoRun
O33 - MountPoints2\{3cf306f2-78e1-11e1-b0b1-0025229e9908}\Shell\AutoRun\command - "" = G:\Setup\rsrc\AUTORUN.EXE -- [2007-03-23 01:57:09 | 000,051,336 | R--- | M] ()
O33 - MountPoints2\{3cf306f2-78e1-11e1-b0b1-0025229e9908}\Shell\dinstall\command - "" = G:\DirectX\DXSETUP.exe -- [2007-06-01 05:23:56 | 000,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{844fc62a-734a-11e1-b0ff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{844fc62a-734a-11e1-b0ff-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutorunArcanum.exe -- [2001-05-08 03:18:48 | 000,491,520 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-06-06 15:23:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2013-06-05 17:07:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013-06-05 16:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013-06-05 16:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013-06-05 16:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013-06-05 16:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2013-06-05 10:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2013-06-05 10:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013-06-05 08:48:23 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013-06-05 08:48:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013-06-05 08:48:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan
[2013-06-05 08:43:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013-06-05 04:08:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\SpyParty
[2013-06-05 04:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpyParty
[2013-06-05 04:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpyParty
[2013-06-04 06:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gunpoint
[2013-06-03 10:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks
[2013-05-27 14:31:57 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Razer
[2013-05-26 12:48:02 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Windows Live Writer
[2013-05-26 12:48:02 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Windows Live Writer
[2013-05-23 07:51:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArmA Edit
[2013-05-23 07:51:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArmA Edit
[2013-05-23 07:51:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArmA Edit
[2013-05-23 02:30:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013-05-21 01:12:46 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\SH4
[2013-05-21 00:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2013-05-21 00:54:12 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\InstallShield
[2013-05-19 17:47:52 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Deus Ex
[2013-05-18 19:58:54 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Unity
[2013-05-18 19:40:40 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Unity
[2013-05-17 23:04:42 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Reus
[2013-05-16 18:06:32 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Game Dev Tycoon
[2013-05-13 22:53:27 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\BreakingPoint
[2013-05-13 15:18:08 | 001,858,560 | ---- | C] (Alderon Games) -- C:\Users\Martin\Desktop\BreakingPoint(2).exe
[2013-05-12 14:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\3DMGAME
[2013-05-11 08:33:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Fallout3
[2013-05-11 06:07:39 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra

========== Files - Modified Within 30 Days ==========

[2013-06-06 18:25:00 | 000,001,008 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4266680609-2391001587-97202107-1001UA.job
[2013-06-06 18:15:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-06-06 18:05:13 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013-06-06 18:05:13 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013-06-06 17:32:50 | 000,281,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013-06-06 16:53:43 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013-06-06 16:23:01 | 000,022,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-06-06 16:23:01 | 000,022,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-06-06 16:19:39 | 001,605,866 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013-06-06 16:19:39 | 000,671,670 | ---- | M] () -- C:\Windows\SysNative\perfh01D.dat
[2013-06-06 16:19:39 | 000,662,566 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013-06-06 16:19:39 | 000,147,036 | ---- | M] () -- C:\Windows\SysNative\perfc01D.dat
[2013-06-06 16:19:39 | 000,126,122 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013-06-06 16:14:45 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013-06-06 16:14:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-06-06 16:14:38 | 1072,234,494 | -HS- | M] () -- C:\hiberfil.sys
[2013-06-06 16:11:48 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013-06-05 20:57:38 | 000,280,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013-06-05 19:26:30 | 000,002,373 | ---- | M] () -- C:\Users\Martin\Desktop\Google Chrome.lnk
[2013-06-05 16:19:27 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013-06-05 10:48:33 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2013-06-05 10:48:33 | 000,002,010 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2013-06-05 10:35:05 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
[2013-06-05 08:48:24 | 000,001,007 | ---- | M] () -- C:\Users\Martin\Desktop\SpeedFan.lnk
[2013-06-05 08:48:23 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013-06-05 08:43:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013-06-05 06:49:50 | 000,000,254 | RHS- | M] () -- C:\Users\Martin\ntuser.pol
[2013-06-05 04:07:53 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\SpyParty.lnk
[2013-06-05 00:25:00 | 000,000,956 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4266680609-2391001587-97202107-1001Core.job
[2013-06-04 23:40:26 | 000,000,501 | ---- | M] () -- C:\Users\Public\Desktop\Metro Last Light.lnk
[2013-06-04 06:48:07 | 000,000,646 | ---- | M] () -- C:\Users\Martin\Desktop\Gunpoint.lnk
[2013-06-03 00:00:00 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013-06-02 04:17:27 | 071,775,213 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2013-06-01 17:00:59 | 000,001,706 | ---- | M] () -- C:\Users\Martin\Desktop\Zoombies Launcher - genväg.lnk
[2013-05-27 14:31:50 | 000,001,198 | ---- | M] () -- C:\Users\Public\Desktop\Razer Game Booster.lnk
[2013-05-23 14:21:31 | 000,000,970 | ---- | M] () -- C:\Users\Martin\Desktop\Launch All in Arma.bat
[2013-05-23 07:51:07 | 000,002,629 | ---- | M] () -- C:\Users\Public\Desktop\ArmA Edit.lnk
[2013-05-21 00:26:58 | 000,001,593 | ---- | M] () -- C:\Users\Public\Desktop\Fallout.lnk
[2013-05-19 19:34:16 | 000,001,680 | ---- | M] () -- C:\Users\Martin\Desktop\DeusEx - genväg.lnk
[2013-05-18 16:37:56 | 001,858,560 | ---- | M] (Alderon Games) -- C:\Users\Martin\Desktop\BreakingPoint(2).exe
[2013-05-17 23:02:44 | 000,001,540 | ---- | M] () -- C:\Users\Public\Desktop\Reus.lnk
[2013-05-13 20:23:31 | 000,000,909 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\BreakingPoint_Options.ini
[2013-05-13 15:13:19 | 001,580,500 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013-05-12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013-05-12 14:21:25 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2013-05-12 14:13:12 | 000,001,245 | ---- | M] () -- C:\Users\Martin\Desktop\DeadIslandGame_x86_rwdi - genväg.lnk
[2013-05-08 16:13:10 | 003,165,737 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin

========== Files Created - No Company Name ==========

[2013-06-05 16:19:27 | 000,002,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2013-06-05 16:19:27 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2013-06-05 10:48:33 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Singleplayer.lnk
[2013-06-05 10:48:33 | 000,002,010 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty® 4 - Modern Warfare™ Multiplayer.lnk
[2013-06-05 10:35:05 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2013-06-05 08:48:24 | 000,001,007 | ---- | C] () -- C:\Users\Martin\Desktop\SpeedFan.lnk
[2013-06-05 08:48:23 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2013-06-05 06:49:50 | 000,000,254 | RHS- | C] () -- C:\Users\Martin\ntuser.pol
[2013-06-05 04:07:53 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\SpyParty.lnk
[2013-06-04 23:40:26 | 000,000,501 | ---- | C] () -- C:\Users\Public\Desktop\Metro Last Light.lnk
[2013-06-04 23:40:26 | 000,000,501 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metro Last Light.lnk
[2013-06-04 06:48:07 | 000,000,646 | ---- | C] () -- C:\Users\Martin\Desktop\Gunpoint.lnk
[2013-06-03 00:00:00 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013-05-23 13:49:16 | 000,000,970 | ---- | C] () -- C:\Users\Martin\Desktop\Launch All in Arma.bat
[2013-05-23 07:51:07 | 000,002,629 | ---- | C] () -- C:\Users\Public\Desktop\ArmA Edit.lnk
[2013-05-21 00:26:58 | 000,001,593 | ---- | C] () -- C:\Users\Public\Desktop\Fallout.lnk
[2013-05-19 19:34:16 | 000,001,680 | ---- | C] () -- C:\Users\Martin\Desktop\DeusEx - genväg.lnk
[2013-05-17 23:02:44 | 000,001,540 | ---- | C] () -- C:\Users\Public\Desktop\Reus.lnk
[2013-05-14 14:56:56 | 000,001,706 | ---- | C] () -- C:\Users\Martin\Desktop\Zoombies Launcher - genväg.lnk
[2013-05-13 19:55:36 | 000,000,909 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\BreakingPoint_Options.ini
[2013-05-12 14:21:25 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2013-05-12 14:13:14 | 000,001,245 | ---- | C] () -- C:\Users\Martin\Desktop\DeadIslandGame_x86_rwdi - genväg.lnk
[2013-02-07 11:24:10 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2013-02-02 03:24:36 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2013-02-02 03:24:36 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2013-01-08 15:52:48 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2013-01-02 06:41:17 | 000,000,094 | ---- | C] () -- C:\Users\Martin\AppData\Local\fusioncache.dat
[2012-12-07 20:31:18 | 000,001,412 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012-09-28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012-09-15 17:39:31 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012-09-01 20:06:29 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012-09-01 20:06:28 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012-09-01 20:06:28 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012-08-23 01:03:46 | 003,227,136 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_grfs.exe
[2012-08-18 23:53:10 | 000,000,046 | ---- | C] () -- C:\Users\Martin\jagex_cl_runescape_LIVE1.dat
[2012-08-18 23:43:44 | 000,000,024 | ---- | C] () -- C:\Users\Martin\jagexappletviewer.preferences
[2012-08-18 23:36:51 | 000,000,045 | ---- | C] () -- C:\Users\Martin\jagex_cl_runescape_LIVE.dat
[2012-08-18 23:36:51 | 000,000,024 | ---- | C] () -- C:\Users\Martin\random.dat
[2012-08-13 09:25:21 | 000,000,979 | ---- | C] () -- C:\Windows\eReg.dat
[2012-07-01 09:52:47 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012-06-28 02:42:04 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012-06-24 02:05:03 | 000,088,864 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\icarus-dxdiag.xml
[2012-05-30 20:26:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012-05-11 01:46:36 | 001,580,500 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-04-11 20:18:24 | 000,007,607 | ---- | C] () -- C:\Users\Martin\AppData\Local\Resmon.ResmonCfg
[2012-03-29 01:28:31 | 000,281,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012-03-29 01:28:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012-03-28 01:35:33 | 000,000,027 | ---- | C] () -- C:\Program Files\plugins.dat
[2011-09-28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013-05-08 13:44:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.minecraft
[2013-04-12 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.mono
[2012-07-31 00:25:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ArmA 2 RCon
[2012-08-09 09:46:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Avnex
[2013-02-06 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Builder
[2013-03-18 22:03:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\com.northwayGames.Incredipede
[2012-03-29 01:20:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2012-11-29 08:43:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dwarfs
[2012-07-21 10:53:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gslist
[2012-12-22 23:53:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LolClient
[2012-11-02 23:49:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mumble
[2013-06-02 07:58:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Natural Selection 2
[2012-07-07 20:47:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Notepad++
[2013-02-26 21:02:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Omerta
[2012-12-10 05:13:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Origin
[2013-03-12 12:38:39 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Play withSIX
[2012-03-29 01:28:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PunkBuster
[2012-08-10 00:43:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\rigonauts
[2012-08-30 17:27:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Royxy
[2013-03-13 07:16:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sandswept Studios
[2012-06-22 04:09:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\six-updater
[2012-04-28 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\six-zsync
[2012-11-21 01:51:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Sony Online Entertainment
[2012-08-01 18:55:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Spirited Machine
[2012-07-20 00:14:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SplitMediaLabs
[2013-03-11 06:28:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\SPORE
[2012-07-20 23:52:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Subversion
[2013-05-15 16:58:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TeamViewer
[2012-11-29 10:24:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Theta
[2013-02-02 03:06:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Transcend
[2012-10-20 23:15:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client
[2013-06-06 18:35:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tunngle
[2012-06-28 03:33:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ubisoft
[2013-05-18 19:58:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unity
[2013-06-05 20:13:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\uTorrent
[2012-08-31 13:12:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Veulw
[2013-05-26 12:48:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Windows Live Writer
[2012-08-30 17:35:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Wonyfu
[2013-04-06 23:27:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\XRay Engine

========== Purity Check ==========



< End of report >
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is this in Firefox or Chrome ? Yes replace it manually if you know how
  • 0

#9
Zippo36

Zippo36

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ah, Chromes homepage was changed aswell, but I switched back to google, restarted and it's still on google so I think it's all good.
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#11
Zippo36

Zippo36

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
All done!
Thank you very much for your help Essexboy!
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP