My computer is rapidly consuming available free space on drive C:\
It will soon have no free space available.
I've not been able to determine the cause or stop it.
See history below.
I have no idea how the malware below got on my computer.
History:
June 28, 2014: Computer behaving strange. Websites distorted after loading. Example YouTube would load all distorted. If clicked on video to view it would be taken to another page saying *this video is not available at this time*. This page would be distorted also.
I did the following:
1. I ran Malwarebytes Quick Scan. It found well over 100 (too many to count) of the following:
Vendor: PUP,Optional,CrossRider,A
Location: C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8mde7.default\prefs.js
Vendor: PUP:,Optional,InstallCore
Location: C:\Users\Bob\AppData\Local\Temp\dlmFB13.tmp\Alchol120_trial_2.0.2.5830.exe
Vendor: PUP,Optional,CrossFire,A
Location: C\Users\Bob\AppData\Roaming\Mazilla\Firefox\Profiles\rk8kmde7.default\extensions\c....
There were about 200+ of these.
I Quarantined them in Malarebytes.
2. Cleared my Firefox browser cache.
After that pages loaded okay and computer stopped behaving strange.
-------------
July 18, 2014: While running Back Ups to Amazon S3 via Cloudberry BackUp Desktop Edition, I noticed my C:\ hard drive was down to 103 GB of available free space. Normally, I only use about 200 GB of space on C:\ drive leaving about 300+ GB of available free space (it's a 600 GB drive). Something seemed to be consuming free drive space at on average of 10 to 20 GB per hour. I contacted Cloudberry Lab to see if it could be related to there backup program. It wasn't.
I then did the following:
1. Ran Avast Quick Scan. No threats found.
2. Ran Avast Full System Scan. No threats found.
3. Ran Avast Boot-Time Scan. The following malware was found:
Original file name: 1cc90452-1359cc8c
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\6.0\18
Size of file: 746
Category: Infected files
Virus description: Java:Malware-gen [Trj]
=======
Original file name: mrwbkwf\atynwkjnucyffvgpg.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\6.0\18\1cc90452-1359cc8c
Size of file: 3355
Category: Infected files
Virus description: Java:Malware-gen [Trj]
========
Original file name: mrwbkwf\cyfbureswrnn.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 398
Category: Infected files
Virus description: Java:Malware-gen [Trj]
=======
Original file name: mrwbkwf\febrrhgdurerjwmwlyffn.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 6710
Category: Infected files
Virus description: Java:Agent-ELL [Trj]
========
Original file name: mrwbkwf\ktcvfwwwrmdnhtfbsenbdryt.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 696
Category: Infected files
Virus description: Java:Agent-GTN [Trj]
=========
Original file name: mrwbkwt\qgnsftgquevrlfu.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 201
Category: Infected files
Virus description: Java:Malware-gen [Trj]
==========
Original file name: mrwbkwt\qrspnnrtgaqrkpdfvhmfjtu.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 2493
Category: Infected files
Virus description: Java:Malware-gen [Trj]
==========
Original file name: mrwbkwt\rjgggeykefgkjugl.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 808
Category: Infected files
Virus description: Java:Malware-gen [Trj]
============
Original file name: mrwbkwt\sgcdtket.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 200
Category: Infected files
Virus description: Java:Malware-gen [Trj]
===========
Original file name: mrwbkwt\wabpgtqsvgmh.class
Original folder: C;\Users\Bob\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\1cc90452-1359cc8c
Size of file: 720
Category: Infected files
Virus description: Java:Malware-gen [Trj]
============
I placed all of these in the Avast Virus Chest.
On the evening of July 18th while running backups to my external hard drive, I noticed free drive space on C;\ drive was disappearing at 20 GB every 10 to 20 minutes or so. I disconnected the external hard drive from my computer.
At this point I had about 85 GB of free space on C:\ left. (Night of 7/18th).
On the morning of July 19th when I first got on the computer, I only had about 65 GB of C;\ free space available. It stayed around that level until the morning of July 20th when it went down to 58 GB. Since seems to loose about 5 to 8 GB of free space per day.
Currently, July 23rd, 4:45 pm (CT) it is at 36 GB of available free space.
I've been doing the follow in an attempt to slow it down:
Ran Avast Full System and Boot-Time scans 2 times per day ... with No Threats Found.
Ran Malwarebytes Treat Scan 2 times per day ... with No Threats Found.
Ran SpywareBalster (its on all the time).
Ran CCCleaner once per day.
Ran MyTurboPC 3 to 4 times per day to free up disk space.
Ran Windows Disk Cleaner multiple times per day to free up disk space.
Last night, July 22nd, C:\ drive was at 58.6 GB. This morning it was at 44.1 GB free space. Then went up to 45.6 GB. An hour later it dropped to 36.4 GB.
In an effort to free up more space on C:\ drive I've also been deleting old data file, video files, photo and image files on my computer that I no longer use or need.
Hopefully, I can maintain some free space on C:\ drive until you are able to assist me with fixing whatever is causing this.
Thank you and advance for your speedy attention to this matter.
Bob
------------------------------
Below is a copy of the OTL Logfile:
-------------------------------
OTL logfile created on: 7/23/2014 4:55:28 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bob\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.93 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 67.77% Memory free
11.86 Gb Paging File | 9.73 Gb Available in Paging File | 82.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.56 Gb Total Space | 36.49 Gb Free Space | 6.24% Space Free | Partition Type: NTFS
Drive D: | 11.51 Gb Total Space | 1.64 Gb Free Space | 14.24% Space Free | Partition Type: NTFS
Computer Name: BOB-PC | User Name: Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/07/23 11:17:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
PRC - [2014/06/29 03:29:48 | 004,086,432 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2014/06/29 03:29:48 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/17 21:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/19 13:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/12/09 21:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2013/12/09 21:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2012/06/04 11:43:32 | 001,057,408 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/06/10 14:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/24 21:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/07/07 15:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2009/06/03 14:35:16 | 000,430,080 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
========== Modules (No Company Name) ==========
MOD - [2014/06/29 03:29:49 | 019,329,904 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2014/06/29 03:29:48 | 000,301,152 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MOD - [2014/05/15 03:27:30 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/05/15 03:27:26 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 05:38:34 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/12 04:58:51 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5939ca2869d7b8acc98bc216519d6bca\System.Xml.ni.dll
MOD - [2014/02/12 04:58:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 04:58:31 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 04:57:48 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 04:57:44 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 04:57:39 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2011/05/26 14:14:52 | 000,477,080 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
MOD - [2009/12/01 20:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/06/03 14:43:14 | 001,703,936 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2009/06/03 14:34:18 | 003,764,224 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/03/26 16:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/03/17 06:39:46 | 000,148,992 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2009/02/06 20:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
========== Services (SafeList) ==========
SRV:64bit: - [2014/06/29 03:29:48 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/06/18 19:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/12/09 21:20:28 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/07/22 10:38:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/07/08 16:52:34 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/06/05 04:50:50 | 000,061,440 | ---- | M] (CloudBerry Lab Inc.) [Auto | Running] -- C:\Program Files (x86)\CloudBerryLab\CloudBerry Online Backup\CloudBerry.Backup.Scheduler.exe -- (CloudBerry Backup Service)
SRV - [2014/04/28 17:40:27 | 000,227,904 | ---- | M] (WildTangent) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService)
SRV - [2014/04/28 17:40:27 | 000,203,344 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/19 13:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/12/09 21:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Start_Pending] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/05 10:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011/09/14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/05/16 17:36:43 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/03 12:57:26 | 000,020,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Cincopa\cincopaAgent.exe -- (cincopaAgent)
SRV - [2010/07/04 11:17:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/07/01 10:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/06/29 13:16:41 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/23 16:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/02/23 13:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/07/23 15:23:45 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/04 15:29:56 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/06/29 03:29:51 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/06/29 03:29:51 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/06/29 03:29:51 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/06/29 03:29:50 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/06/29 03:29:50 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/06/29 03:29:50 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/06/29 03:29:50 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/02/25 18:11:47 | 000,386,680 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013/12/05 03:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 08:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/10/02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 07:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/17 00:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0)
DRV:64bit: - [2009/08/20 19:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 05:34:50 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {AC6C70BA-D774-4C32-A269-7BFEA5CA2226}
IE:64bit: - HKLM\..\SearchScopes\{54CCE146-0603-4190-898D-B43BD86BBA9C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{AC6C70BA-D774-4C32-A269-7BFEA5CA2226}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {AC6C70BA-D774-4C32-A269-7BFEA5CA2226}
IE - HKLM\..\SearchScopes\{54CCE146-0603-4190-898D-B43BD86BBA9C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{AC6C70BA-D774-4C32-A269-7BFEA5CA2226}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {AC6C70BA-D774-4C32-A269-7BFEA5CA2226}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: viewtubetraintoolbar%40viewtubetrain.com:0.03
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.15
FF - prefs.js..extensions.enabledAddons: %7B7CEA821D-3DAB-4238-B424-BF7324531750%7D:0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.65.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/06/29 03:29:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/07/22 10:38:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2014/07/16 21:39:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions
[2013/12/25 10:38:02 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions\[email protected]
[2012/05/14 10:50:37 | 000,009,994 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions\[email protected]
[2014/06/24 23:09:58 | 000,265,248 | ---- | M] () (No name found) -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\rk8kmde7.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}.xpi
[2014/07/22 10:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/07/22 10:38:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_1\
CHR - Extension: Google Wallet = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Bob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/07/13 09:25:19 | 000,449,956 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15471 more lines...
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Bob\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [CTRegRun] C:\Windows\Ctregrun.exe (Creative Technology Ltd )
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk = C:\Users\Bob\AppData\Roaming\Leadertech\PowerRegister\Epson scanner Registration.exe (Leader Technologies/Epson)
O4 - Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk = C:\Users\Bob\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.65.2)
O16 - DPF: {CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_60)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.65.2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{402023E8-C102-46E6-B31E-8020B90FC5CA}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: ({DLL_Str}) - File not found
O20 - AppInit_DLLs: ({DLL_Str}) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/07/23 15:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/07/23 15:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/07/23 15:03:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/07/23 11:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/07/23 11:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/07/23 11:17:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2014/07/23 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\MyTurboPC.com
[2014/07/23 09:04:30 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\DriverCure
[2014/07/23 09:04:24 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyTurboPC.com
[2014/07/23 09:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MyTurboPC.com
[2014/07/23 09:04:20 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2014/07/23 09:04:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyTurboPC.com
[2014/07/22 10:38:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/07/13 18:03:19 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\CB Affiliate Ads
[2014/07/04 14:40:44 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\Cloudberry
[2014/06/29 03:29:50 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/28 22:23:07 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/28 22:22:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/28 22:22:52 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/28 22:22:52 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/28 22:22:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2012/07/17 00:37:30 | 001,268,560 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Bob\PremiereElements_10_Content_ALL_LS15.exe
========== Files - Modified Within 30 Days ==========
[2014/07/23 16:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/23 16:23:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/23 15:29:10 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/23 15:29:10 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/23 15:25:38 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBob.job
[2014/07/23 15:23:45 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/07/23 15:20:08 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/23 15:19:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/23 15:18:47 | 479,522,815 | -HS- | M] () -- C:\hiberfil.sys
[2014/07/23 14:49:17 | 006,500,352 | ---- | M] () -- C:\Users\Bob\Desktop\Bob's Quicken Data-2014-07-23.QDF-backup
[2014/07/23 11:39:52 | 000,000,784 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/23 11:17:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bob\Desktop\OTL.exe
[2014/07/23 11:13:06 | 000,000,547 | ---- | M] () -- C:\Windows\tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job
[2014/07/23 09:35:43 | 000,001,185 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson scanner Registration.lnk
[2014/07/23 09:33:53 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Update3_triggeronce.job
[2014/07/23 09:33:53 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Update3.job
[2014/07/23 09:33:52 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2014/07/23 09:04:47 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\Creative Product Registration.lnk
[2014/07/23 09:04:47 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\CloudBerry Online Backup.lnk
[2014/07/23 09:04:47 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2014/07/23 09:04:47 | 000,002,217 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/07/23 09:04:47 | 000,002,179 | ---- | M] () -- C:\Users\Bob\Desktop\HP Support Assistant.lnk
[2014/07/23 09:04:47 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2014/07/23 09:04:47 | 000,002,127 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Premiere Elements 8.0.lnk
[2014/07/23 09:04:47 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression 2.lnk
[2014/07/23 09:04:47 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\Scan-n-Stitch Deluxe.lnk
[2014/07/23 09:04:47 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2014/07/23 09:04:47 | 000,002,048 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014/07/23 09:04:47 | 000,001,985 | ---- | M] () -- C:\Users\Public\Desktop\Traffic Hybrid Software.lnk
[2014/07/23 09:04:47 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/07/23 09:04:47 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/07/23 09:04:47 | 000,001,941 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/07/23 09:04:47 | 000,001,829 | ---- | M] () -- C:\Users\Bob\Desktop\Cincopa.lnk
[2014/07/23 09:04:47 | 000,001,764 | ---- | M] () -- C:\Users\Bob\Desktop\Quicken Home & Business 2010.lnk
[2014/07/23 09:04:47 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2014/07/23 09:04:47 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2014/07/23 09:04:47 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.1.0.lnk
[2014/07/23 09:04:47 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2014/07/23 09:04:47 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/07/23 09:04:47 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat_com.lnk
[2014/07/23 09:04:47 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Core FTP Lite.lnk
[2014/07/23 09:04:47 | 000,000,811 | ---- | M] () -- C:\Users\Public\Desktop\SAT.lnk
[2014/07/23 09:04:24 | 000,001,122 | ---- | M] () -- C:\Users\Bob\Desktop\MyTurboPC.lnk
[2014/07/22 23:27:10 | 000,001,437 | ---- | M] () -- C:\Users\Bob\Desktop\Spybot - Search & Destroy.lnk
[2014/07/22 21:58:19 | 000,007,622 | ---- | M] () -- C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
[2014/07/22 10:53:34 | 000,002,046 | ---- | M] () -- C:\Users\Bob\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/07/21 19:06:30 | 000,002,386 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
[2014/07/19 05:11:43 | 000,001,919 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
[2014/07/16 02:05:23 | 000,000,175 | ---- | M] () -- C:\ProgramData\LockFilePath.ini
[2014/07/13 09:25:19 | 000,449,956 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/07/09 03:21:38 | 000,360,272 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/07/08 00:50:44 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/07/04 15:29:56 | 000,427,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/06/30 10:00:00 | 000,000,544 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job
[2014/06/29 03:30:00 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/29 03:29:51 | 001,041,168 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/06/29 03:29:51 | 000,224,896 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/06/29 03:29:51 | 000,092,008 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/06/29 03:29:50 | 000,307,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/06/29 03:29:50 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/06/29 03:29:50 | 000,079,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/06/29 03:29:50 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/06/29 03:29:50 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/29 03:29:50 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
========== Files Created - No Company Name ==========
[2014/07/23 11:39:52 | 000,000,784 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/23 09:04:33 | 000,000,472 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Registration3.job
[2014/07/23 09:04:24 | 000,001,122 | ---- | C] () -- C:\Users\Bob\Desktop\MyTurboPC.lnk
[2014/07/23 09:04:24 | 000,000,547 | ---- | C] () -- C:\Windows\tasks\MyTurboPC_sch_3F9D6F8B-1272-11E4-AE09-4061869B0CEC.job
[2014/07/23 09:04:24 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Update3_triggeronce.job
[2014/07/23 09:04:24 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\MyTurboPC.com Update3.job
[2014/07/23 02:21:07 | 006,500,352 | ---- | C] () -- C:\Users\Bob\Desktop\Bob's Quicken Data-2014-07-23.QDF-backup
[2014/01/13 13:35:53 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/26 19:26:02 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2013/08/26 19:26:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2013/08/26 19:26:02 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2013/08/26 19:26:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2013/08/26 19:26:02 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2013/08/26 19:26:02 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2013/08/26 19:26:02 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2013/08/26 19:26:02 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2013/08/26 19:26:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2013/08/26 19:26:02 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2013/08/26 19:26:02 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2013/08/26 19:26:02 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2013/08/26 19:26:02 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2013/08/26 19:26:02 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2013/08/26 19:26:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2013/08/26 19:26:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2013/08/26 19:24:12 | 000,000,061 | ---- | C] () -- C:\Windows\PERFV37_370.ini
[2013/03/11 15:13:43 | 000,007,622 | ---- | C] () -- C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
[2012/07/17 00:00:07 | 3171,472,343 | ---- | C] () -- C:\Users\Bob\PremiereElements_10_Content_ALL_LS15.7z
[2012/07/02 11:42:32 | 000,006,144 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/23 16:21:24 | 000,001,144 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\wklnhst.dat
[2011/05/23 04:57:34 | 000,000,175 | ---- | C] () -- C:\ProgramData\LockFilePath.ini
[2010/07/15 22:02:28 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/07/11 13:30:04 | 000,037,780 | ---- | C] () -- C:\Users\Bob\AppData\Local\tmpBOB AT ROUND TOP, OAHU, HI.JPG
[2010/05/21 10:59:50 | 003,095,040 | ---- | C] () -- C:\Users\Bob\openofficeorg32.msi
[2010/05/21 10:58:20 | 000,460,088 | ---- | C] () -- C:\Users\Bob\setup.exe
[2010/05/21 10:56:06 | 135,115,913 | ---- | C] () -- C:\Users\Bob\openofficeorg1.cab
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/10/20 03:32:17 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\AVAST Software
[2013/09/02 02:22:36 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\chc
[2012/09/21 20:44:55 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/28 10:49:19 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/07/23 11:41:02 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\CoreFTP
[2014/07/23 09:04:30 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DriverCure
[2011/10/29 12:25:44 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\EbkReader
[2013/08/29 20:46:44 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Epson
[2014/07/23 11:41:02 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\FileZilla
[2012/06/27 22:29:59 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\FLV Extract
[2010/07/09 23:03:05 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\iWin
[2010/12/21 14:55:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\JonathanLeger.com
[2011/11/28 17:26:06 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\KompoZer
[2013/08/26 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Leadertech
[2014/07/23 09:04:30 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\MyTurboPC.com
[2011/05/16 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\No Company Name
[2010/07/07 14:19:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Notepad++
[2014/05/16 13:33:48 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice
[2010/07/07 13:50:12 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\OpenOffice.org
[2014/06/14 20:12:20 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Oracle
[2011/09/10 21:46:00 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2010/07/03 18:52:28 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PictureMover
[2012/06/24 09:55:15 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Template
[2010/11/02 16:23:05 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Thunderbird
[2012/05/10 12:32:13 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WildTangent
[2010/07/11 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WildTangentv1001
[2010/07/08 09:14:55 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\WinBatch
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >