Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My laptop seems to be infected - Please help! [Closed]


  • This topic is locked This topic is locked

#1
Peter60

Peter60

    New Member

  • Member
  • Pip
  • 1 posts
Hello! This is what OTL gave me as result of quick scan. Could anybody tell me what this is meaning in "normal" words:


I hope to get some help by someone....

Regards
Peter

OTL logfile created on: 01.03.2014 16:07:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BrazzoBaby\Desktop\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,80 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 54,27% Memory free
7,60 Gb Paging File | 5,58 Gb Available in Paging File | 73,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449,63 Gb Total Space | 226,50 Gb Free Space | 50,38% Space Free | Partition Type: NTFS
Drive D: | 15,84 Gb Total Space | 1,94 Gb Free Space | 12,24% Space Free | Partition Type: NTFS

Computer Name: HOMESWEETHOME | User Name: BrazzoBaby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.03.01 16:06:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BrazzoBaby\Desktop\Downloads\OTL.exe
PRC - [2013.12.21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.10.08 13:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010.04.23 11:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe


========== Modules (No Company Name) ==========

MOD - [2014.02.20 02:03:05 | 000,394,568 | ---- | M] () -- C:\Users\BrazzoBaby\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
MOD - [2014.02.20 02:03:03 | 004,060,488 | ---- | M] () -- C:\Users\BrazzoBaby\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014.02.20 02:02:59 | 000,716,616 | ---- | M] () -- C:\Users\BrazzoBaby\AppData\Local\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014.02.20 02:02:58 | 000,100,168 | ---- | M] () -- C:\Users\BrazzoBaby\AppData\Local\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014.02.20 02:02:56 | 001,647,432 | ---- | M] () -- C:\Users\BrazzoBaby\AppData\Local\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014.02.20 02:02:54 | 000,051,016 | ---- | M] () -- C:\Users\BrazzoBaby\AppData\Local\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014.01.28 16:05:58 | 000,038,200 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2010.06.22 06:57:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2014.02.21 16:52:34 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.01.28 16:06:04 | 002,412,344 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2014.01.28 16:05:58 | 000,030,520 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2014.01.06 14:33:42 | 002,151,744 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013.12.21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.10.16 15:32:54 | 000,289,496 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Programme\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV - [2013.10.08 13:28:15 | 000,275,696 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe -- (NIS)
SRV - [2012.12.07 16:26:56 | 000,167,424 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.07.05 16:02:58 | 000,227,384 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.10.12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.07.02 10:51:16 | 000,027,192 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.06.18 15:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.04.13 08:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 20:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.03.18 20:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.11.15 21:56:21 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.11.11 09:55:45 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.10.25 02:32:08 | 000,167,936 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
DRV:64bit: - [2013.09.27 04:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013.09.27 03:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.09.27 03:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.09.26 04:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.09.26 03:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013.09.10 03:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013.09.10 02:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.05.13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013.03.28 19:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2013.02.12 15:02:24 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012.12.13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.12.07 17:27:50 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.21 07:37:36 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.07.16 01:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.06.22 08:17:52 | 006,856,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.06.22 06:28:32 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.22 06:24:12 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.05.08 03:00:24 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.05.06 14:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.13 08:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.02 17:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.09.23 02:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 00:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014.02.27 18:47:06 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140228.008\ex64.sys -- (NAVEX15)
DRV - [2014.02.27 18:47:06 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140228.008\eng64.sys -- (NAVENG)
DRV - [2014.01.21 00:30:55 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140228.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.12.27 18:12:25 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.12.18 01:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.11.21 03:43:35 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.03.26 17:52:10 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.23 02:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{07873841-2A81-4D22-95FA-5DECFAAB7880}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{15BF5E0C-64E5-4047-BC61-02FD0474A573}: "URL" = http://de.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{CB6E70F3-9E43-4A06-8820-45BBE4136007}: "URL" = http://de.search.yah...psg&type=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{26000D9C-F7BB-4E13-89E1-69197572AF68}: "URL" = http://search.softon...b382ef545&r=588
IE - HKCU\..\SearchScopes\{F748111B-050B-4394-B149-6563C7748281}: "URL" = http://de.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo!"
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo!"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://de.search.yah...=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.9
FF - prefs.js..extensions.enabledAddons: %7B58d2a791-6199-482f-a9aa-9b725ec61362%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo....0236&ilc=12&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\BrazzoBaby\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\BrazzoBaby\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\BrazzoBaby\AppData\Roaming\okitSpace\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013.11.15 21:56:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014.03.01 10:33:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3d90f257-fa16-4fd0-9407-f1fc34a25274}: C:\Program Files (x86)\Show-Password\150.xpi

[2013.03.21 21:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Extensions
[2011.10.30 19:34:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Extensions\[email protected]
[2014.03.01 08:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Firefox\Profiles\0vqjbiwr.default-1386869751427\extensions
[2014.03.01 07:23:23 | 000,000,000 | ---D | M] (Start Page) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Firefox\Profiles\0vqjbiwr.default-1386869751427\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
[2014.03.01 07:21:32 | 000,000,000 | ---D | M] (Slick Savings) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Firefox\Profiles\0vqjbiwr.default-1386869751427\extensions\[email protected]
[2014.03.01 10:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Firefox\Profiles\0vqjbiwr.default-1386869751427\extensions\staged
[2014.03.01 07:45:19 | 000,008,061 | ---- | M] () -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\firefox\profiles\0vqjbiwr.default-1386869751427\searchplugins\yahoo_ff.xml
File not found (No name found) -- C:\USERS\BRAZZOBABY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0VQJBIWR.DEFAULT-1386869751427\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BRAZZOBABY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0VQJBIWR.DEFAULT-1386869751427\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BRAZZOBABY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0VQJBIWR.DEFAULT-1386869751427\EXTENSIONS\[email protected]41232CD59.COM

========== Chrome ==========

CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...x={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Norton Identity Protection = C:\Users\BrazzoBaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.4.11_0\
CHR - Extension: Google Wallet = C:\Users\BrazzoBaby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No CLSID value found.
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {7b70de8b-3616-42e2-a8d3-f8e01d6a1d09} - No CLSID value found.
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\BrazzoBaby\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\BrazzoBaby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\BrazzoBaby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = firefox.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Download ALL with IDA - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Download remotely with IDA - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Download with IDA - Reg Error: Value error. File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\Microsoft Office\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Download ALL with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download remotely with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Download with IDA - Reg Error: Value error. File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.100.206 80.69.100.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC2183EA-6054-46D1-A18D-EBDED6F3307E}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E60DE64C-FD6B-455A-ABCE-00CBF77AFF10}: DhcpNameServer = 80.69.100.206 80.69.100.182
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.12.24 01:30:41 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.03.01 08:39:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.03.01 08:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResultsAlpha
[2014.03.01 07:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014.03.01 07:49:59 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2014.03.01 07:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.03.01 07:25:48 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2014.03.01 07:25:31 | 000,121,856 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExtension.dll
[2014.03.01 07:24:01 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Roaming\ProductData
[2014.03.01 07:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014.03.01 07:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2014.03.01 07:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
[2014.03.01 07:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014.03.01 07:21:04 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Roaming\IObit
[2014.03.01 07:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014.03.01 06:55:29 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Roaming\Nico Mak Computing
[2014.02.28 01:41:54 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\Desktop\Beth Hart
[2014.02.24 08:32:33 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014.02.23 04:33:20 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Local\Temp696cc98a47419e339ddf6565f86e22a9
[2014.02.23 04:33:19 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Local\Temp73a86cfb26c574f8e6d4cb928f0aa086
[2014.02.19 17:56:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WiMP
[2014.02.18 00:08:29 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\Desktop\Ebay Doris Heberer
[2014.02.12 00:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeoDownloader Lite
[2014.02.07 03:18:14 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\Desktop\Raw & Rough Mixes Soundtrack For Gangsters
[2014.02.05 07:25:29 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\Documents\EBAY Vordrucke usw
[2014.02.05 00:52:02 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\Desktop\Railpictures
[2014.02.02 14:45:52 | 000,000,000 | ---D | C] -- C:\ProgramData\PreSonus
[2014.02.02 14:45:50 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Roaming\PreSonus
[2014.02.02 03:12:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Propellerhead Software
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[1 C:\Users\BrazzoBaby\Documents\*.tmp files -> C:\Users\BrazzoBaby\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.03.01 15:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.03.01 15:47:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1266849904-4151900022-580544786-1000UA.job
[2014.03.01 10:38:04 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.03.01 10:38:04 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.03.01 10:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.03.01 10:24:16 | 000,000,153 | ---- | M] () -- C:\Users\BrazzoBaby\Desktop\Goodgame Empire.url
[2014.03.01 09:47:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1266849904-4151900022-580544786-1000Core.job
[2014.03.01 08:36:27 | 000,689,352 | ---- | M] () -- C:\Users\BrazzoBaby\Desktop\AdwCleaner_Setup_Download.exe
[2014.02.28 08:26:01 | 000,000,748 | ---- | M] () -- C:\Users\BrazzoBaby\Documents\Tagging very interesting.rtf
[2014.02.28 02:18:10 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.02.28 02:18:10 | 000,648,704 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.02.28 02:18:10 | 000,611,332 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.02.28 02:18:10 | 000,128,930 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.02.28 02:18:10 | 000,105,512 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.02.28 02:15:04 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBrazzoBaby.job
[2014.02.25 02:31:34 | 000,000,647 | ---- | M] () -- C:\Users\BrazzoBaby\Documents\2x FSh.rtf
[2014.02.24 08:32:33 | 000,002,388 | ---- | M] () -- C:\Users\BrazzoBaby\Desktop\Google Chrome.lnk
[2014.02.23 11:18:06 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1266849904-4151900022-580544786-1000UA.job
[2014.02.23 11:18:06 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1266849904-4151900022-580544786-1000Core1cea9115e32f52b.job
[2014.02.23 02:45:08 | 000,024,209 | ---- | M] () -- C:\Users\BrazzoBaby\AppData\Roaming\UserTile.png
[2014.02.19 17:56:39 | 000,000,783 | ---- | M] () -- C:\Users\Public\Desktop\WiMP.lnk
[2014.02.18 21:28:46 | 000,000,360 | ---- | M] () -- C:\Users\BrazzoBaby\Documents\Tempur.rtf
[2014.02.12 06:06:50 | 000,000,974 | ---- | M] () -- C:\Users\BrazzoBaby\Documents\Handy-Zubehör Zlatko.rtf
[2014.02.06 17:40:59 | 000,000,400 | ---- | M] () -- C:\Users\BrazzoBaby\Documents\e-Mail Adressen für Dauergebrauch.rtf
[2014.02.05 06:45:08 | 000,000,449 | ---- | M] () -- C:\Users\BrazzoBaby\Documents\Tagging.rtf
[2014.02.05 04:03:01 | 000,001,242 | ---- | M] () -- C:\Users\BrazzoBaby\Desktop\VSO Downloader 3.lnk
[2014.02.02 02:02:31 | 000,000,312 | ---- | M] () -- C:\Users\BrazzoBaby\Documents\Gewährleistungs Satz.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]
[1 C:\Users\BrazzoBaby\Documents\*.tmp files -> C:\Users\BrazzoBaby\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.03.01 10:24:16 | 000,000,153 | ---- | C] () -- C:\Users\BrazzoBaby\Desktop\Goodgame Empire.url
[2014.03.01 08:36:26 | 000,689,352 | ---- | C] () -- C:\Users\BrazzoBaby\Desktop\AdwCleaner_Setup_Download.exe
[2014.02.25 12:24:08 | 000,000,748 | ---- | C] () -- C:\Users\BrazzoBaby\Documents\Tagging very interesting.rtf
[2014.02.25 02:31:34 | 000,000,647 | ---- | C] () -- C:\Users\BrazzoBaby\Documents\2x FSh.rtf
[2014.02.24 08:32:33 | 000,002,388 | ---- | C] () -- C:\Users\BrazzoBaby\Desktop\Google Chrome.lnk
[2014.02.24 08:32:05 | 000,001,140 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1266849904-4151900022-580544786-1000UA.job
[2014.02.24 08:32:05 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1266849904-4151900022-580544786-1000Core.job
[2014.02.23 02:45:08 | 000,024,209 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Roaming\UserTile.png
[2014.02.18 21:28:46 | 000,000,360 | ---- | C] () -- C:\Users\BrazzoBaby\Documents\Tempur.rtf
[2014.02.17 02:39:37 | 000,000,948 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1266849904-4151900022-580544786-1000UA.job
[2014.02.12 06:06:50 | 000,000,974 | ---- | C] () -- C:\Users\BrazzoBaby\Documents\Handy-Zubehör Zlatko.rtf
[2014.02.02 13:47:31 | 000,000,449 | ---- | C] () -- C:\Users\BrazzoBaby\Documents\Tagging.rtf
[2014.02.02 02:02:31 | 000,000,312 | ---- | C] () -- C:\Users\BrazzoBaby\Documents\Gewährleistungs Satz.rtf
[2014.01.14 15:08:53 | 000,004,608 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.01.01 10:32:51 | 000,000,306 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Roaming\Earthquakes Meter_Settings.ini
[2013.12.29 07:12:19 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2013.12.29 07:12:17 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2013.12.01 09:51:03 | 000,033,795 | ---- | C] () -- C:\Users\BrazzoBaby\401259_291089120946928_1796989648_n.jpg
[2013.11.20 01:51:56 | 000,007,611 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Local\Resmon.ResmonCfg
[2013.11.14 06:15:33 | 000,000,005 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Roaming\mbam.context.scan
[2013.08.24 22:18:15 | 000,000,000 | ---- | C] () -- C:\ProgramData\Plug-Ins
[2013.08.24 22:18:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\Printer Icons
[2013.06.29 22:43:55 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013.05.21 13:59:26 | 000,003,725 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Local\Mozilla Firefoxavg-secure-search.xml
[2013.03.17 06:57:25 | 000,000,575 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.12.06 02:16:40 | 000,001,500 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Local\RecConfig.xml
[2012.12.06 01:31:43 | 000,000,130 | ---- | C] () -- C:\Windows\wininit.ini
[2012.06.16 17:01:15 | 000,017,408 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Local\WebpageIcons.db
[2011.12.28 22:29:28 | 001,469,315 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.12.07 05:37:15 | 000,000,000 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Local\{1C6405A4-E4DD-4ACB-8BB2-868C17FB221D}
[2011.10.29 21:38:07 | 000,000,000 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Local\{DC6CEC18-9434-4C12-AD3E-5E17CF01EAF1}
[2011.07.03 22:10:06 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Radio Sounds
[2011.07.03 22:10:06 | 000,000,268 | RH-- | C] () -- C:\Users\BrazzoBaby\AppData\Roaming\PrintsService
[2011.07.03 22:10:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011.07.03 22:07:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.07.03 22:07:52 | 000,000,000 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Roaming\Printers
[2010.07.08 10:37:14 | 000,101,544 | ---- | C] () -- C:\Program Files\Common Files\LinkInstaller.exe

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.12.23 09:39:00 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\AIMP3
[2013.11.14 06:31:29 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Amazon
[2011.09.28 03:49:38 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\AntiBrowserSpy 2009
[2013.03.12 13:14:52 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\AnySend
[2013.09.26 01:31:07 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\AVG
[2012.01.27 02:38:49 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\AVG2012
[2013.09.07 21:42:18 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\AVG2013
[2013.06.04 06:41:52 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Canneverbe Limited
[2011.12.10 19:16:49 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013.12.04 04:54:23 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\com.aspiro.wimp.de
[2013.12.04 04:54:23 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\com.aspiro.wimp.de.25F5C0086CDE1F22CA0B92A487729991CA6CD013.1
[2013.10.09 19:14:07 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\COMPUTERBILD PC-Aufräumer 2012
[2011.09.24 22:22:14 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2013.01.15 09:24:41 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Cool Record Edit Pro
[2013.04.19 13:12:57 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\COWON
[2014.01.11 00:45:35 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\DVDVideoSoft
[2013.01.15 03:44:03 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Free Sound Recorder
[2011.08.16 03:41:51 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\GrabPro
[2013.09.18 17:53:22 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Greenshot
[2013.08.24 22:24:58 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\HTC
[2012.01.31 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Internet Download Accelerator
[2014.03.01 07:25:20 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\IObit
[2012.01.10 09:23:08 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\LibreOffice
[2011.07.15 04:31:13 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Music Wizard
[2013.11.18 01:32:43 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\NeoDownloader
[2014.03.01 07:51:46 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Nico Mak Computing
[2011.07.04 00:55:57 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Nikon
[2013.10.12 13:28:05 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\OpenOffice
[2012.06.18 19:00:53 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\OpenOffice.org
[2012.02.28 21:04:07 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Orbit
[2013.05.12 03:16:36 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Pamela
[2013.05.12 03:18:10 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Pamela Call Recorder
[2012.01.25 12:26:42 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Panda Security
[2014.02.02 14:45:50 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\PreSonus
[2014.03.01 07:24:01 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\ProductData
[2011.08.16 03:41:56 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\ProgSense
[2011.12.28 22:30:02 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\QuickScan
[2013.11.14 21:40:09 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\SecureSearch
[2012.01.10 09:31:31 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\SoftGrid Client
[2011.10.30 19:33:20 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Songbird2
[2013.11.06 01:07:56 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\spotimote
[2013.11.15 19:49:31 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Steganos
[2013.11.14 17:33:05 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Steganos VPN
[2013.01.04 22:53:39 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\TeamViewer
[2011.08.16 18:44:56 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Tobit
[2011.07.04 00:06:16 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\TP
[2013.11.12 04:04:18 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\TumblRipper2
[2013.11.29 00:57:28 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\TuneUp Software
[2011.09.01 15:08:08 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Windows Live Writer
[2013.11.20 00:56:03 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\XnView
[2011.07.03 17:59:24 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Attached Files


  • 0

Advertisements


#2
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Peter60 :)

Welcome to GeekstoGo!
If you still need help ~ I'm 23red, and it'll be my pleasure to assist you with your problem. I am currently reviewing your log. In the meantime, I'd be grateful if you would note the following:

• Please make sure to carefully read every post completely before doing anything.

• If you're not sure, or if something unexpected happens do not continue! Stop and ask! It is not a problem.

• Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

• Please stick with me until all malware is gone from your system. Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

• Please copy/paste to Notepad and save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.

• Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

• As I am currently in training, I will be helping you under the supervision of our Expert Teachers. As such, there will likely be a delay between posts. I do my best to respond as quick as I can. I, like everyone else here am also a volunteer and sometimes life keeps me busy ;)

• Thank you for your understanding and I appreciate your patience.

Please allow some time to go through the logs you posted. It is a diagnostic scan that shows areas that are likely to have issues if malware is present. I'll post back as soon as possible. :thumbsup:
  • 0

#3
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts
Hi Peter60 :)

Not too bad. You do have two Antivirus programs visible, only one is needed. Two will cause problems. Which would you like to keep? AVG or Norton? I'll help you completely uninstall the other. That should help the computer's performance.

And it looks like all of your browsers are having issues ;) Let's see if we can fix them. We'll start with this:

Step 1

OTL Fix

Please right click on Posted Image on your Desktop and choose Run as Administrator from the dropdown list, accept UAC prompts.

Under Posted Image
in the textbox at the bottom of the OTL console, please paste in the following text:

:Commands
[CREATERESTOREPOINT]
:OTL
SRV - [2014.01.06 14:33:42 | 002,151,744 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{07873841-2A81-4D22-95FA-5DECFAAB7880}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{15BF5E0C-64E5-4047-BC61-02FD0474A573}: "URL" = http://de.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{CB6E70F3-9E43-4A06-8820-45BBE4136007}: "URL" = http://de.search.yah...psg&type=HPNTDF
IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - No CLSID value found
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{26000D9C-F7BB-4E13-89E1-69197572AF68}: "URL" = http://search.softon...b382ef545&r=588
IE - HKCU\..\SearchScopes\{F748111B-050B-4394-B149-6563C7748281}: "URL" = http://de.search.yah...p={searchTerms}
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://de.search.yah...=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: savingsslider%40mybrowserbar.com:2.9
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\BrazzoBaby\AppData\Roaming\okitSpace\Firefox
[2014.03.01 08:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Firefox\Profiles\0vqjbiwr.default-1386869751427\extensions
[2014.03.01 07:23:23 | 000,000,000 | ---D | M] (Start Page) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Firefox\Profiles\0vqjbiwr.default-1386869751427\extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
[2014.03.01 07:21:32 | 000,000,000 | ---D | M] (Slick Savings) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Firefox\Profiles\0vqjbiwr.default-1386869751427\extensions\[email protected]
[2014.03.01 10:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\Firefox\Profiles\0vqjbiwr.default-1386869751427\extensions\staged
[2014.03.01 07:45:19 | 000,008,061 | ---- | M] () -- C:\Users\BrazzoBaby\AppData\Roaming\mozilla\firefox\profiles\0vqjbiwr.default-1386869751427\searchplugins\yahoo_ff.xml
File not found (No name found) -- C:\USERS\BRAZZOBABY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0VQJBIWR.DEFAULT-1386869751427\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BRAZZOBABY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0VQJBIWR.DEFAULT-1386869751427\EXTENSIONS\[email protected]
File not found (No name found) -- C:\USERS\BRAZZOBABY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0VQJBIWR.DEFAULT-1386869751427\EXTENSIONS\[email protected]41232CD59.COM
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://search.condui...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = http://suggest.searc...x={searchTerms},
O2:64bit: - BHO: (no name) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No CLSID value found.
O2 - BHO: (no name) - {7b70de8b-3616-42e2-a8d3-f8e01d6a1d09} - No CLSID value found.
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKCU..\RunOnce: [Uninstall C:\Users\BrazzoBaby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\BrazzoBaby\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O27:64bit: - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\iastorui.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe (TuneUp Software)
[2014.03.01 08:38:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResultsAlpha
[2014.03.01 07:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2014.03.01 07:25:48 | 000,034,080 | ---- | C] (IObit) -- C:\Windows\SysNative\SmartDefragBootTime.exe
[2014.03.01 07:25:31 | 000,121,856 | ---- | C] (IObit) -- C:\Windows\SysNative\IObitSmartDefragExftension.dll
[2014.03.01 07:24:01 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Roaming\ProductData
[2014.03.01 07:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2014.03.01 07:22:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{D76294E6-03B8-4971-AF2E-3F846161A690}
[2014.03.01 07:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{E1ED556E-3EA0-4F44-8BE7-CC5FB0F4B424}
[2014.03.01 07:21:18 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014.03.01 07:21:04 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Roaming\IObit
[2014.03.01 07:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014.02.23 04:33:20 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Local\Temp696cc98a47419e339ddf6565f86e22a9
[2014.02.23 04:33:19 | 000,000,000 | ---D | C] -- C:\Users\BrazzoBaby\AppData\Local\Temp73a86cfb26c574f8e6d4cb928f0aa086
[2013.05.21 13:59:26 | 000,003,725 | ---- | C] () -- C:\Users\BrazzoBaby\AppData\Local\Mozilla Firefoxavg-secure-search.xml
[2011.07.03 22:10:06 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011.07.03 22:07:52 | 000,000,000 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2012.01.31 09:19:41 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\Internet Download Accelerator
[2014.03.01 07:25:20 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\IObit
[2013.11.14 21:40:09 | 000,000,000 | ---D | M] -- C:\Users\BrazzoBaby\AppData\Roaming\SecureSearch
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]





Posted Image

• Push the Posted Image button.
• OTL may ask to reboot the machine. Please do so if asked.
• A massage box Posted Image will pop-up.
• Click the OK button and a report will open.
• Copy and Paste that report in your next reply, please
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step 2

Fresh OTL Scan

• Please right click on Posted Image icon on your Desktop, choose Run as Administrator from the dropdown menu, accept UAC prompts.

• Make sure all other windows are closed and to let it run uninterrupted.
• Please check the box next to Scan All Users.
• Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open a notepad window. OTL.Txt . This is saved in the same location as OTL ~ Desktop

• Please copy (Edit ~> Select All, Edit ~> Copy) this log in your next reply also.

When you return please post:

OTL fix log
OTL fresh scan
Which Antivirus do you wish to keep?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP