Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Teenage daughter downloaded virus from internet.

Started by Lauriek44 , Nov 23 2014 06:54 PM

  • This topic is locked This topic is locked

#1
Lauriek44
Posted 23 November 2014 - 06:54 PM

Lauriek44

    Member

  • Member
  • PipPip
  • 41 posts

Hello,

My teenage daughter downloaded some kind of program that allows her to play Nintendo DS games on our PC.  Now we have hundreds of popups and the computer is terribly slow.  I would appreciate it so much if someone could help  me.

 

OTL logfile created on: 11/22/2014 8:28:28 AM - Run 8
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.43 Gb Available Physical Memory | 24.32% Memory free
4.01 Gb Paging File | 1.33 Gb Available in Paging File | 33.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 180.67 Gb Free Space | 63.75% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 0.03 Gb Free Space | 0.18% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/22 04:37:28 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BrowserAdapter.exe
PRC - [2014/11/22 04:00:32 | 000,423,152 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe
PRC - [2014/11/22 03:57:22 | 000,423,152 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe
PRC - [2014/11/22 03:37:35 | 000,123,632 | ---- | M] () -- C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe
PRC - [2014/11/21 00:36:08 | 001,791,216 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOAS.exe
PRC - [2014/11/21 00:36:08 | 001,786,608 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASPRT.exe
PRC - [2014/11/21 00:36:08 | 001,649,904 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASHelper.exe
PRC - [2014/11/13 23:31:42 | 000,228,352 | ---- | M] (NTS Co., Ltd.") -- C:\Users\martin\AppData\NTSFile\NTS.exe
PRC - [2014/11/13 08:59:03 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/11 18:46:24 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
PRC - [2014/11/10 19:14:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/11/09 19:31:42 | 000,158,864 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\STab\ProtectService.exe
PRC - [2014/11/09 19:31:34 | 000,673,424 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\STab\HPNotify.exe
PRC - [2014/11/09 19:31:32 | 000,025,232 | ---- | M] (SearchProtect) -- C:\Program Files (x86)\STab\CmdShell.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/15 13:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\martin\Downloads\OTL(1).exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/08 15:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2008/12/22 14:59:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Dell\OSD\OSDSvr.exe
PRC - [2008/11/11 10:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/22 04:37:28 | 000,098,544 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BrowserAdapter.exe
MOD - [2014/11/21 00:36:08 | 001,791,216 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOAS.exe
MOD - [2014/11/21 00:36:08 | 001,786,608 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASPRT.exe
MOD - [2014/11/21 00:36:08 | 001,649,904 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASHelper.exe
MOD - [2014/11/11 18:46:21 | 016,840,880 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll
MOD - [2014/11/10 19:14:00 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/05 19:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/19 11:12:17 | 000,656,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2014/04/09 05:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2006/12/07 21:18:00 | 000,566,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcicoms.exe -- (dlci_device)
SRV - [2014/11/22 04:00:32 | 000,423,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe -- (Util BrowseStudio)
SRV - [2014/11/22 03:57:22 | 000,423,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe -- (Update BrowseStudio)
SRV - [2014/11/22 03:37:35 | 000,123,632 | ---- | M] () [Auto | Running] -- C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe -- (MaintainerSvc4.52.864054)
SRV - [2014/11/13 23:31:42 | 000,228,352 | ---- | M] (NTS Co., Ltd.") [Auto | Running] -- C:\Users\martin\AppData\NTSFile\NTS.exe -- (Northern Themes Service)
SRV - [2014/11/11 18:46:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/10 19:14:00 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/11/09 19:31:42 | 000,158,864 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Program Files (x86)\STab\ProtectService.exe -- (IHProtect Service)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/12/22 14:59:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\OSD\OSDSvr.exe -- (FOXOSDService)
SRV - [2006/12/07 21:17:44 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlcicoms.exe -- (dlci_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/21 01:29:48 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys -- ({b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64)
DRV:64bit: - [2014/11/18 08:30:14 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys -- ({e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64)
DRV:64bit: - [2014/08/06 10:15:50 | 000,102,200 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2014/08/06 10:15:50 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2014/08/06 10:15:50 | 000,014,136 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/03/02 06:58:11 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/07/17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/28 08:31:02 | 000,015,448 | ---- | M] (Foxconn Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FxOSDdrv64.sys -- (FXOSDDRV)
DRV:64bit: - [2008/10/28 09:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34c347995
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34c347995
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34c347995
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34c347995
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34c347995
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34c347995
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{1B013B72-768D-434D-B88E-F5D73B740EF3}: "URL" = http://www.google.co...1I7ADRA_enUS400
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?t...sd&t=34c347995"
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.3.0
FF - prefs.js..extensions.enabledAddons: %7Be8294a7e-8442-4f3a-8722-cb5c3f67ed67%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "http://www.bing.com/...9DF&PC=U079&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\martin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\martin\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\[email protected] [2014/11/18 12:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/10 19:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/10 19:13:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 02:36:14 | 000,010,691 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/10 19:13:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/10 19:13:53 | 000,000,000 | ---D | M]
 
[2010/10/09 17:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Extensions
[2010/10/09 17:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/11/18 12:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions
[2014/11/18 12:02:15 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\[email protected]
[2014/11/18 10:27:46 | 000,009,095 | ---- | M] () (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}.xpi
[2014/11/10 19:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/10 19:14:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopkldoembhleihlknjnmppilpckfila\1.0.1_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/09/07 08:26:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (BrowseStudio) - {1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92} - C:\Program Files (x86)\BrowseStudio\BrowseStudiobho.dll (BrowseStudio)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\martin\AppData\Local\Apps\2.0\D18BX2HW.5VO\RR6PRP0A.8GQ\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Facebook Update] C:\Users\martin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Hardware Helper] C:\Program Files (x86)\Hardware Helper\HHLauncher.exe (PC Help Soft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAA9D188-B24E-42C3-A1AF-D4D26C25F6A0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[7510/09/28 18:00:15 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/11/21 03:45:43 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys
[2014/11/18 12:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7
[2014/11/18 12:09:22 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys
[2014/11/18 12:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseStudio
[2014/11/18 12:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IHProtectUpDate
[2014/11/18 12:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STab
[2014/11/18 12:02:22 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\v9
[2014/11/18 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\MailUpdate
[2014/11/18 12:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MailUpdate
[2014/11/16 18:53:20 | 000,000,000 | -HSD | C] -- C:\Users\martin\AppData\Local\EmieBrowserModeList
[2014/11/10 19:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/10/13 19:47:17 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\martin\AppData\Local\BcsKtYcHW.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/22 08:04:31 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/22 07:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/22 07:21:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001UA.job
[2014/11/21 16:21:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001Core.job
[2014/11/21 09:04:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/21 02:06:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/21 01:29:48 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys
[2014/11/20 17:19:39 | 000,005,884 | ---- | M] () -- C:\Users\martin\.recently-used.xbel
[2014/11/19 03:27:14 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/19 03:27:14 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/19 03:26:11 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/19 03:26:11 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/19 03:26:11 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/19 03:20:16 | 000,001,932 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
[2014/11/19 03:19:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/19 03:19:25 | 1408,684,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/18 08:30:14 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys
[2014/11/16 15:29:28 | 000,785,879 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7291.JPG
[2014/11/16 15:29:08 | 000,816,504 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7287.JPG
[2014/11/15 18:23:15 | 000,061,011 | ---- | M] () -- C:\Users\martin\Desktop\enhanced-12916-1415396260-29.jpg
[2014/11/15 18:20:53 | 000,069,215 | ---- | M] () -- C:\Users\martin\Desktop\enhanced-9587-1415568628-10.jpg
[2014/11/15 18:16:59 | 000,181,540 | ---- | M] () -- C:\Users\martin\Desktop\enhanced-buzz-20686-1415996754-19.jpg
[2014/11/15 17:51:31 | 000,984,532 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7268.JPG
[2014/11/15 17:51:29 | 000,911,649 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7267.JPG
[2014/11/13 23:45:01 | 000,055,258 | ---- | M] () -- C:\Users\martin\Desktop\9.jpg
[2014/11/13 23:44:48 | 000,020,572 | ---- | M] () -- C:\Users\martin\Desktop\7.jpg
[2014/11/13 23:44:18 | 000,016,051 | ---- | M] () -- C:\Users\martin\Desktop\8.jpg
[2014/11/13 23:40:51 | 000,019,028 | ---- | M] () -- C:\Users\martin\Desktop\full (95).jpg
[2014/11/13 23:40:40 | 000,019,391 | ---- | M] () -- C:\Users\martin\Desktop\full (94).jpg
[2014/11/13 23:39:40 | 000,082,901 | ---- | M] () -- C:\Users\martin\Desktop\full (89).jpg
[2014/11/13 23:38:57 | 000,093,463 | ---- | M] () -- C:\Users\martin\Desktop\full (88).jpg
[2014/11/13 03:34:38 | 000,305,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/10 19:05:10 | 000,070,616 | ---- | M] () -- C:\Users\martin\Desktop\edit-13226-1415056001-11.jpg
[2014/11/08 16:26:46 | 000,029,237 | ---- | M] () -- C:\Users\martin\Desktop\grid-cell-12035-1414509005-27.jpg
[2014/11/07 19:01:10 | 000,382,227 | ---- | M] () -- C:\Users\martin\Desktop\rescued-baby-turkeys.jpg
[2014/11/05 15:49:15 | 000,061,554 | ---- | M] () -- C:\Users\martin\Desktop\23598_114846285201231_52051032_n.jpg
[2014/11/02 14:51:59 | 000,051,813 | ---- | M] () -- C:\Users\martin\Desktop\Australian-Fruit-Bat.jpeg
[2014/11/02 14:51:43 | 000,160,432 | ---- | M] () -- C:\Users\martin\Desktop\bats06.jpg
[2014/11/02 14:51:16 | 000,013,912 | ---- | M] () -- C:\Users\martin\Desktop\fruit_bat_shellac (1).jpg
[2014/11/02 14:48:48 | 000,183,656 | ---- | M] () -- C:\Users\martin\Desktop\bat006.jpg
[2014/11/02 14:20:08 | 000,804,327 | ---- | M] () -- C:\Users\martin\Desktop\IMG_68386.JPG
[2014/11/02 13:49:15 | 002,634,573 | ---- | M] () -- C:\Users\martin\Desktop\IM2G_6886.JPG
[2014/10/25 12:06:50 | 000,160,132 | ---- | M] () -- C:\Users\martin\Documents\Tickets for Emerald City Comicon 2015 from ShowClix.pdf
 
========== Files Created - No Company Name ==========
 
[7510/09/28 17:14:53 | 1408,684,032 | -HS- | C] () -- C:\hiberfil.sys
[2014/11/20 17:19:39 | 000,005,884 | ---- | C] () -- C:\Users\martin\.recently-used.xbel
[2014/11/16 15:28:58 | 000,816,504 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7287.JPG
[2014/11/16 15:28:49 | 000,785,879 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7291.JPG
[2014/11/15 18:23:14 | 000,061,011 | ---- | C] () -- C:\Users\martin\Desktop\enhanced-12916-1415396260-29.jpg
[2014/11/15 18:20:53 | 000,069,215 | ---- | C] () -- C:\Users\martin\Desktop\enhanced-9587-1415568628-10.jpg
[2014/11/15 18:16:55 | 000,181,540 | ---- | C] () -- C:\Users\martin\Desktop\enhanced-buzz-20686-1415996754-19.jpg
[2014/11/15 17:51:31 | 000,984,532 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7268.JPG
[2014/11/15 17:51:28 | 000,911,649 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7267.JPG
[2014/11/13 23:45:01 | 000,055,258 | ---- | C] () -- C:\Users\martin\Desktop\9.jpg
[2014/11/13 23:44:46 | 000,020,572 | ---- | C] () -- C:\Users\martin\Desktop\7.jpg
[2014/11/13 23:44:18 | 000,016,051 | ---- | C] () -- C:\Users\martin\Desktop\8.jpg
[2014/11/13 23:40:51 | 000,019,028 | ---- | C] () -- C:\Users\martin\Desktop\full (95).jpg
[2014/11/13 23:40:39 | 000,019,391 | ---- | C] () -- C:\Users\martin\Desktop\full (94).jpg
[2014/11/13 23:39:39 | 000,082,901 | ---- | C] () -- C:\Users\martin\Desktop\full (89).jpg
[2014/11/13 23:38:57 | 000,093,463 | ---- | C] () -- C:\Users\martin\Desktop\full (88).jpg
[2014/11/10 19:05:09 | 000,070,616 | ---- | C] () -- C:\Users\martin\Desktop\edit-13226-1415056001-11.jpg
[2014/11/08 16:25:28 | 000,029,237 | ---- | C] () -- C:\Users\martin\Desktop\grid-cell-12035-1414509005-27.jpg
[2014/11/07 19:01:06 | 000,382,227 | ---- | C] () -- C:\Users\martin\Desktop\rescued-baby-turkeys.jpg
[2014/11/05 15:49:15 | 000,061,554 | ---- | C] () -- C:\Users\martin\Desktop\23598_114846285201231_52051032_n.jpg
[2014/11/02 14:51:58 | 000,051,813 | ---- | C] () -- C:\Users\martin\Desktop\Australian-Fruit-Bat.jpeg
[2014/11/02 14:51:42 | 000,160,432 | ---- | C] () -- C:\Users\martin\Desktop\bats06.jpg
[2014/11/02 14:51:15 | 000,013,912 | ---- | C] () -- C:\Users\martin\Desktop\fruit_bat_shellac (1).jpg
[2014/11/02 14:48:36 | 000,183,656 | ---- | C] () -- C:\Users\martin\Desktop\bat006.jpg
[2014/11/02 14:20:07 | 000,804,327 | ---- | C] () -- C:\Users\martin\Desktop\IMG_68386.JPG
[2014/11/02 13:49:14 | 002,634,573 | ---- | C] () -- C:\Users\martin\Desktop\IM2G_6886.JPG
[2014/10/25 12:06:47 | 000,160,132 | ---- | C] () -- C:\Users\martin\Documents\Tickets for Emerald City Comicon 2015 from ShowClix.pdf
[2014/08/22 21:23:44 | 000,893,239 | ---- | C] () -- C:\Users\martin\AppData\Local\a.zip
[2014/07/04 07:46:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/26 03:08:34 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/27 20:23:02 | 000,000,104 | ---- | C] () -- C:\Users\martin\AppData\Roaming\WB.CFG
[2013/09/15 13:19:47 | 000,003,749 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2012/12/15 17:55:26 | 000,581,642 | ---- | C] () -- C:\Users\martin\AppData\Roaming\technic-launcher.jar
[2011/12/07 17:37:22 | 000,161,744 | ---- | C] () -- C:\Program Files (x86)\u4res.dll
[2011/11/07 17:17:03 | 000,027,084 | ---- | C] () -- C:\ProgramData\xportnchk.ini
[2011/09/07 17:07:35 | 000,161,744 | ---- | C] () -- C:\Program Files (x86)\v3res.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/17 15:34:53 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\.minecraft
[2013/01/02 17:53:57 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\.techniclauncher
[2010/11/19 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Absolute Poker
[2012/09/12 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Audacity
[2013/03/14 17:33:18 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Blitware
[2014/08/22 21:17:06 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Catalina – Print Savings
[2014/08/17 12:13:58 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\ftblauncher
[2014/11/20 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\gtk-2.0
[2013/10/24 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Hardware Helper
[2013/01/02 17:53:42 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\logs
[2014/11/18 12:02:23 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\MailUpdate
[2010/10/26 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\MusicNet
[2012/02/24 12:50:37 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Riverpoint Writer
[2014/04/15 18:07:09 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Scribus
[2014/08/02 09:25:38 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Spotify
[2011/11/07 17:16:07 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\supportdotcom
[2014/06/07 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\SYSTEMAX Software Development
[2013/12/27 19:34:10 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\TuxPaint
[2012/12/10 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Unity
[2014/11/18 12:02:23 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\v9
[2011/11/28 12:42:11 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B1FBBD09

< End of report >
 


  • 0

Advertisements

#2
zep516
Posted 23 November 2014 - 07:30 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Can you post the Extra's.txt log. That log gets minimized to the task bar when you first run OTL.

If for some reason you can't find it just re-run OTL in the otl interface place a check mark in "ALL"under the registry group. This will tell OTL to recreate the Extra's log. Please post it in your next reply.

Thanks
Joe :)
  • 0

#3
Lauriek44
Posted 24 November 2014 - 08:53 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

ok, this will be slow going though.  She tried to fix it today and made it worse.  It's bad


  • 0

#4
zep516
Posted 24 November 2014 - 08:55 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
There all bad :)

Take your time and we will fix it.
  • 0

#5
Lauriek44
Posted 24 November 2014 - 09:29 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
OTL logfile created on: 11/24/2014 6:51:44 PM - Run 9
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.17 Gb Available Physical Memory | 9.91% Memory free
5.08 Gb Paging File | 1.05 Gb Available in Paging File | 20.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 179.73 Gb Free Space | 63.42% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 0.03 Gb Free Space | 0.18% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2014/11/24 16:35:40 | 000,423,152 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe
PRC - [2014/11/24 16:34:18 | 000,423,152 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe
PRC - [2014/11/24 13:58:12 | 005,225,064 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/11/24 13:58:12 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/23 01:28:14 | 001,786,608 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASPRT.exe
PRC - [2014/11/23 01:28:14 | 001,649,904 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASHelper.exe
PRC - [2014/11/23 01:28:12 | 001,791,216 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOAS.exe
PRC - [2014/11/14 13:15:26 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/13 23:31:42 | 000,228,352 | ---- | M] (NTS Co., Ltd.") -- C:\Users\martin\AppData\NTSFile\NTS.exe
PRC - [2014/11/13 08:59:03 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/12 22:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/11/09 19:31:42 | 000,158,864 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\STab\ProtectService.exe
PRC - [2014/11/09 19:31:34 | 000,673,424 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\STab\HPNotify.exe
PRC - [2014/11/09 19:31:32 | 000,025,232 | ---- | M] (SearchProtect) -- C:\Program Files (x86)\STab\CmdShell.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/15 13:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\martin\Downloads\OTL(1).exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/08 15:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2008/12/22 14:59:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Dell\OSD\OSDSvr.exe
PRC - [2008/11/11 10:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/24 14:15:44 | 000,043,008 | ---- | M] () -- c:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqkl7ta.dll
MOD - [2014/11/24 13:58:23 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/23 01:28:14 | 001,786,608 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASPRT.exe
MOD - [2014/11/23 01:28:14 | 001,649,904 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASHelper.exe
MOD - [2014/11/23 01:28:12 | 001,791,216 | ---- | M] () -- C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOAS.exe
MOD - [2014/11/14 13:15:24 | 014,910,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll
MOD - [2014/11/14 13:15:23 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\pdf.dll
MOD - [2014/11/14 13:15:19 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libglesv2.dll
MOD - [2014/11/14 13:15:17 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\libegl.dll
MOD - [2014/11/14 13:15:16 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
MOD - [2014/11/12 22:49:59 | 003,610,624 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/08/23 11:01:44 | 025,100,288 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/24 13:58:12 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/05 19:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/19 11:12:17 | 000,656,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2014/04/09 05:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2006/12/07 21:18:00 | 000,566,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcicoms.exe -- (dlci_device)
SRV - [2014/11/24 16:35:40 | 000,423,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe -- (Update BrowseStudio)
SRV - [2014/11/24 16:34:18 | 000,423,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe -- (Util BrowseStudio)
SRV - [2014/11/13 23:31:42 | 000,228,352 | ---- | M] (NTS Co., Ltd.") [Auto | Running] -- C:\Users\martin\AppData\NTSFile\NTS.exe -- (Northern Themes Service)
SRV - [2014/11/11 18:46:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/09 19:31:42 | 000,158,864 | ---- | M] (TODO: <Company name>) [Auto | Running] -- C:\Program Files (x86)\STab\ProtectService.exe -- (IHProtect Service)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/12/22 14:59:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\OSD\OSDSvr.exe -- (FOXOSDService)
SRV - [2006/12/07 21:17:44 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlcicoms.exe -- (dlci_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/24 13:59:40 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/24 13:58:28 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/11/24 13:58:28 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/24 13:58:28 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/11/24 13:58:28 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/24 13:58:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/24 13:58:27 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/24 13:58:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/24 08:30:28 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{fa03420d-05ef-4826-9373-bf3c8734921f}Gw64.sys -- ({fa03420d-05ef-4826-9373-bf3c8734921f}Gw64)
DRV:64bit: - [2014/11/21 01:29:48 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys -- ({b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64)
DRV:64bit: - [2014/11/18 08:30:14 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys -- ({e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64)
DRV:64bit: - [2014/08/06 10:15:50 | 000,102,200 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2014/08/06 10:15:50 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2014/08/06 10:15:50 | 000,014,136 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/03/02 06:58:11 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/07/17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/28 08:31:02 | 000,015,448 | ---- | M] (Foxconn Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FxOSDdrv64.sys -- (FXOSDDRV)
DRV:64bit: - [2008/10/28 09:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34c347995
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34c347995
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34c347995
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34c347995
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34c347995
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34c347995
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{1B013B72-768D-434D-B88E-F5D73B740EF3}: "URL" = http://www.google.co...1I7ADRA_enUS400
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?t...sd&t=34c347995"
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.3.0
FF - prefs.js..extensions.enabledAddons: %7Be8294a7e-8442-4f3a-8722-cb5c3f67ed67%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "http://www.bing.com/...9DF&PC=U079&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\martin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\martin\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\[email protected] [2014/11/18 12:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/24 13:58:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 02:36:14 | 000,010,691 | ---- | M] ()
 
[2010/10/09 17:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Extensions
[2010/10/09 17:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/11/18 12:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions
[2014/11/18 12:02:15 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\[email protected]
[2014/11/18 10:27:46 | 000,009,095 | ---- | M] () (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}.xpi
[2014/11/10 19:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/10 19:14:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopkldoembhleihlknjnmppilpckfila\1.0.1_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/09/07 08:26:37 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (BrowseStudio) - {1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92} - C:\Program Files (x86)\BrowseStudio\BrowseStudiobho.dll (BrowseStudio)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\martin\AppData\Local\Apps\2.0\D18BX2HW.5VO\RR6PRP0A.8GQ\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Facebook Update] C:\Users\martin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Hardware Helper] C:\Program Files (x86)\Hardware Helper\HHLauncher.exe (PC Help Soft)
O4 - Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAA9D188-B24E-42C3-A1AF-D4D26C25F6A0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:2213d02998e /wow /dir:"C:\Program Files\AVAST Software\Avast")
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[7510/09/28 18:00:15 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/11/24 14:17:02 | 000,000,000 | R--D | C] -- C:\Users\martin\Dropbox
[2014/11/24 14:15:17 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/11/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Dropbox
[2014/11/24 14:06:59 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Systweak
[2014/11/24 14:06:47 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Systweak
[2014/11/24 14:05:24 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Free PC Diagnosis
[2014/11/24 14:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PC Diagnosis
[2014/11/24 14:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\systweak
[2014/11/24 14:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PC Diagnosis
[2014/11/24 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\AVAST Software
[2014/11/24 14:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/11/24 13:58:41 | 000,436,624 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/11/24 13:58:41 | 000,116,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/11/24 13:58:40 | 000,083,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/11/24 13:58:39 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/11/24 13:58:37 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1416866380564
[2014/11/24 13:58:37 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/24 13:58:33 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/24 13:58:25 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/24 13:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/11/24 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/11/24 08:33:54 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{fa03420d-05ef-4826-9373-bf3c8734921f}Gw64.sys
[2014/11/23 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\BRT
[2014/11/21 03:45:43 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys
[2014/11/18 12:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7
[2014/11/18 12:09:22 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys
[2014/11/18 12:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseStudio
[2014/11/18 12:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IHProtectUpDate
[2014/11/18 12:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STab
[2014/11/18 12:02:22 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\v9
[2014/11/18 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\MailUpdate
[2014/11/18 12:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MailUpdate
[2014/11/16 18:53:20 | 000,000,000 | -HSD | C] -- C:\Users\martin\AppData\Local\EmieBrowserModeList
[2014/11/10 19:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/10/13 19:47:17 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\martin\AppData\Local\BcsKtYcHW.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/24 19:04:13 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/24 18:46:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/24 16:21:08 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001UA.job
[2014/11/24 16:21:06 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001Core.job
[2014/11/24 14:17:02 | 000,001,045 | ---- | M] () -- C:\Users\martin\Desktop\Dropbox.lnk
[2014/11/24 14:16:47 | 000,001,055 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/24 14:05:14 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Free PC Diagnosis.lnk
[2014/11/24 14:00:20 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/11/24 13:59:40 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/24 13:58:28 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/11/24 13:58:28 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/24 13:58:28 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/11/24 13:58:28 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/24 13:58:27 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/24 13:58:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/11/24 13:58:27 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/11/24 13:58:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/24 13:58:25 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/24 13:57:58 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys.1416866380564
[2014/11/24 09:04:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/24 08:30:28 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{fa03420d-05ef-4826-9373-bf3c8734921f}Gw64.sys
[2014/11/23 03:35:18 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/23 03:35:18 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/21 02:06:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/21 01:29:48 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys
[2014/11/20 17:19:39 | 000,005,884 | ---- | M] () -- C:\Users\martin\.recently-used.xbel
[2014/11/19 03:26:11 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/19 03:26:11 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/19 03:26:11 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/19 03:20:16 | 000,001,932 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
[2014/11/19 03:19:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/19 03:19:25 | 1408,684,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/18 08:30:14 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys
[2014/11/16 15:29:28 | 000,785,879 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7291.JPG
[2014/11/16 15:29:08 | 000,816,504 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7287.JPG
[2014/11/15 18:23:15 | 000,061,011 | ---- | M] () -- C:\Users\martin\Desktop\enhanced-12916-1415396260-29.jpg
[2014/11/15 18:20:53 | 000,069,215 | ---- | M] () -- C:\Users\martin\Desktop\enhanced-9587-1415568628-10.jpg
[2014/11/15 18:16:59 | 000,181,540 | ---- | M] () -- C:\Users\martin\Desktop\enhanced-buzz-20686-1415996754-19.jpg
[2014/11/15 17:51:31 | 000,984,532 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7268.JPG
[2014/11/15 17:51:29 | 000,911,649 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7267.JPG
[2014/11/13 23:45:01 | 000,055,258 | ---- | M] () -- C:\Users\martin\Desktop\9.jpg
[2014/11/13 23:44:48 | 000,020,572 | ---- | M] () -- C:\Users\martin\Desktop\7.jpg
[2014/11/13 23:44:18 | 000,016,051 | ---- | M] () -- C:\Users\martin\Desktop\8.jpg
[2014/11/13 23:40:51 | 000,019,028 | ---- | M] () -- C:\Users\martin\Desktop\full (95).jpg
[2014/11/13 23:40:40 | 000,019,391 | ---- | M] () -- C:\Users\martin\Desktop\full (94).jpg
[2014/11/13 23:39:40 | 000,082,901 | ---- | M] () -- C:\Users\martin\Desktop\full (89).jpg
[2014/11/13 23:38:57 | 000,093,463 | ---- | M] () -- C:\Users\martin\Desktop\full (88).jpg
[2014/11/13 03:34:38 | 000,305,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/10 19:05:10 | 000,070,616 | ---- | M] () -- C:\Users\martin\Desktop\edit-13226-1415056001-11.jpg
[2014/11/08 16:26:46 | 000,029,237 | ---- | M] () -- C:\Users\martin\Desktop\grid-cell-12035-1414509005-27.jpg
[2014/11/07 19:01:10 | 000,382,227 | ---- | M] () -- C:\Users\martin\Desktop\rescued-baby-turkeys.jpg
[2014/11/05 15:49:15 | 000,061,554 | ---- | M] () -- C:\Users\martin\Desktop\23598_114846285201231_52051032_n.jpg
[2014/11/02 14:51:59 | 000,051,813 | ---- | M] () -- C:\Users\martin\Desktop\Australian-Fruit-Bat.jpeg
[2014/11/02 14:51:43 | 000,160,432 | ---- | M] () -- C:\Users\martin\Desktop\bats06.jpg
[2014/11/02 14:51:16 | 000,013,912 | ---- | M] () -- C:\Users\martin\Desktop\fruit_bat_shellac (1).jpg
[2014/11/02 14:48:48 | 000,183,656 | ---- | M] () -- C:\Users\martin\Desktop\bat006.jpg
[2014/11/02 14:20:08 | 000,804,327 | ---- | M] () -- C:\Users\martin\Desktop\IMG_68386.JPG
[2014/11/02 13:49:15 | 002,634,573 | ---- | M] () -- C:\Users\martin\Desktop\IM2G_6886.JPG
 
========== Files Created - No Company Name ==========
 
[7510/09/28 17:14:53 | 1408,684,032 | -HS- | C] () -- C:\hiberfil.sys
[2014/11/24 14:17:02 | 000,001,045 | ---- | C] () -- C:\Users\martin\Desktop\Dropbox.lnk
[2014/11/24 14:16:47 | 000,001,055 | ---- | C] () -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/24 14:05:14 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Free PC Diagnosis.lnk
[2014/11/24 14:00:20 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/11/24 13:58:41 | 000,267,632 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/24 13:58:40 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/24 13:58:39 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/20 17:19:39 | 000,005,884 | ---- | C] () -- C:\Users\martin\.recently-used.xbel
[2014/11/16 15:28:58 | 000,816,504 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7287.JPG
[2014/11/16 15:28:49 | 000,785,879 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7291.JPG
[2014/11/15 18:23:14 | 000,061,011 | ---- | C] () -- C:\Users\martin\Desktop\enhanced-12916-1415396260-29.jpg
[2014/11/15 18:20:53 | 000,069,215 | ---- | C] () -- C:\Users\martin\Desktop\enhanced-9587-1415568628-10.jpg
[2014/11/15 18:16:55 | 000,181,540 | ---- | C] () -- C:\Users\martin\Desktop\enhanced-buzz-20686-1415996754-19.jpg
[2014/11/15 17:51:31 | 000,984,532 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7268.JPG
[2014/11/15 17:51:28 | 000,911,649 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7267.JPG
[2014/11/13 23:45:01 | 000,055,258 | ---- | C] () -- C:\Users\martin\Desktop\9.jpg
[2014/11/13 23:44:46 | 000,020,572 | ---- | C] () -- C:\Users\martin\Desktop\7.jpg
[2014/11/13 23:44:18 | 000,016,051 | ---- | C] () -- C:\Users\martin\Desktop\8.jpg
[2014/11/13 23:40:51 | 000,019,028 | ---- | C] () -- C:\Users\martin\Desktop\full (95).jpg
[2014/11/13 23:40:39 | 000,019,391 | ---- | C] () -- C:\Users\martin\Desktop\full (94).jpg
[2014/11/13 23:39:39 | 000,082,901 | ---- | C] () -- C:\Users\martin\Desktop\full (89).jpg
[2014/11/13 23:38:57 | 000,093,463 | ---- | C] () -- C:\Users\martin\Desktop\full (88).jpg
[2014/11/10 19:05:09 | 000,070,616 | ---- | C] () -- C:\Users\martin\Desktop\edit-13226-1415056001-11.jpg
[2014/11/08 16:25:28 | 000,029,237 | ---- | C] () -- C:\Users\martin\Desktop\grid-cell-12035-1414509005-27.jpg
[2014/11/07 19:01:06 | 000,382,227 | ---- | C] () -- C:\Users\martin\Desktop\rescued-baby-turkeys.jpg
[2014/11/05 15:49:15 | 000,061,554 | ---- | C] () -- C:\Users\martin\Desktop\23598_114846285201231_52051032_n.jpg
[2014/11/02 14:51:58 | 000,051,813 | ---- | C] () -- C:\Users\martin\Desktop\Australian-Fruit-Bat.jpeg
[2014/11/02 14:51:42 | 000,160,432 | ---- | C] () -- C:\Users\martin\Desktop\bats06.jpg
[2014/11/02 14:51:15 | 000,013,912 | ---- | C] () -- C:\Users\martin\Desktop\fruit_bat_shellac (1).jpg
[2014/11/02 14:48:36 | 000,183,656 | ---- | C] () -- C:\Users\martin\Desktop\bat006.jpg
[2014/11/02 14:20:07 | 000,804,327 | ---- | C] () -- C:\Users\martin\Desktop\IMG_68386.JPG
[2014/11/02 13:49:14 | 002,634,573 | ---- | C] () -- C:\Users\martin\Desktop\IM2G_6886.JPG
[2014/08/22 21:23:44 | 000,893,239 | ---- | C] () -- C:\Users\martin\AppData\Local\a.zip
[2014/07/04 07:46:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/26 03:08:34 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/27 20:23:02 | 000,000,104 | ---- | C] () -- C:\Users\martin\AppData\Roaming\WB.CFG
[2013/09/15 13:19:47 | 000,003,749 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2012/12/15 17:55:26 | 000,581,642 | ---- | C] () -- C:\Users\martin\AppData\Roaming\technic-launcher.jar
[2011/11/07 17:17:03 | 000,027,084 | ---- | C] () -- C:\ProgramData\xportnchk.ini
[2011/09/07 17:07:35 | 000,161,744 | ---- | C] () -- C:\Program Files (x86)\v3res.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/17 15:34:53 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\.minecraft
[2013/01/02 17:53:57 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\.techniclauncher
[2010/11/19 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Absolute Poker
[2012/09/12 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Audacity
[2014/11/24 14:02:07 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\AVAST Software
[2013/03/14 17:33:18 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Blitware
[2014/11/23 21:39:02 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\BRT
[2014/08/22 21:17:06 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Catalina – Print Savings
[2014/11/24 14:17:09 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Dropbox
[2014/11/24 18:44:28 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Free PC Diagnosis
[2014/08/17 12:13:58 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\ftblauncher
[2014/11/20 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\gtk-2.0
[2013/10/24 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Hardware Helper
[2013/01/02 17:53:42 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\logs
[2014/11/18 12:02:23 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\MailUpdate
[2010/10/26 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\MusicNet
[2012/02/24 12:50:37 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Riverpoint Writer
[2014/04/15 18:07:09 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Scribus
[2014/08/02 09:25:38 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Spotify
[2011/11/07 17:16:07 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\supportdotcom
[2014/06/07 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\SYSTEMAX Software Development
[2014/11/24 14:06:59 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Systweak
[2013/12/27 19:34:10 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\TuxPaint
[2012/12/10 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Unity
[2014/11/18 12:02:23 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\v9
[2011/11/28 12:42:11 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B1FBBD09
 
< End of report >

  • 0

#6
Lauriek44
Posted 24 November 2014 - 09:29 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I hope this is the right one.  MY computer has never been this bad lol


  • 0

#7
zep516
Posted 24 November 2014 - 09:35 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
Look down by the taskbar by the clock, see if the Extra's log is there it gets minimized there.

Just let me know if you can find it.
  • 0

#8
Lauriek44
Posted 24 November 2014 - 10:00 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

It's not there


  • 0

#9
zep516
Posted 24 November 2014 - 10:10 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
OK. Not to worry! Lets start removing the bad stuff using OTL.

Say "Copy", "paste" "run fix" 3 times. Then read the instructions. You're going to copy a lot of text, then you paste it into OTL and hit run fix...

Ready go,

We need to run a fix using OTL;
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV - [2014/11/22 04:00:32 | 000,423,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe -- (Util BrowseStudio)
SRV - [2014/11/22 03:57:22 | 000,423,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe -- (Update BrowseStudio)
SRV - [2014/11/22 03:37:35 | 000,123,632 | ---- | M] () [Auto | Running] -- C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe -- (MaintainerSvc4.52.864054)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34c347995
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34c347995
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34c347995
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34c347995
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.v9.com...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.v9.com...q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?t...psd&t=34c347995
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.v9.com/?t...psd&t=34c347995
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com...q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "v9"
FF - prefs.js..browser.search.selectedEngine: "v9"
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?t...sd&t=34c347995"
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
O2 - BHO: (BrowseStudio) - {1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92} - C:\Program Files (x86)\BrowseStudio\BrowseStudiobho.dll (BrowseStudio)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2) 
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
[2014/11/18 12:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseStudio
[2014/11/18 12:02:22 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\v9
[2014/11/18 12:02:10 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\MailUpdate
[2014/11/18 12:02:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MailUpdate
[2014/11/18 12:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IHProtectUpDate
[2014/11/18 12:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STab
:reg
:Files
ipconfig /flushdns /c
C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BrowserAdapter.exe
C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe
C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe
C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOAS.exe
C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASPRT.exe
C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASHelper.exe
C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe
C:\Users\martin\AppData\Roaming\MailUpdate
C:\Program Files (x86)\BrowseStudio
C:\Users\martin\AppData\Roaming\MailUpdate
C:\ProgramData\MailUpdate
C:\Users\martin\AppData\Roaming\v9
C:\Users\martin\AppData\Roaming\MailUpdate
C:\ProgramData\IHProtectUpDate
C:\Program Files (x86)\STab
C:\Program Files (x86)\STab\ProtectService.exe
C:\Program Files (x86)\STab\HPNotify.exe
C:\Program Files (x86)\STab\CmdShell.exe

:Commands

[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next relpy post the following log reports:
  • The OTL Fix log, after you run the fix and the computer reboost that log should pop up.
  • New OTL after quick scan.

  • 0

#10
Lauriek44
Posted 24 November 2014 - 11:08 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

yeah, that didn't help so much. but maybe now you can see what it is?  here are the logs.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: Unable to stop service Util BrowseStudio!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util BrowseStudio deleted successfully.
C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe moved successfully.
Error: Unable to stop service Update BrowseStudio!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Update BrowseStudio deleted successfully.
C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe moved successfully.
Service MaintainerSvc4.52.864054 stopped successfully!
Service MaintainerSvc4.52.864054 deleted successfully!
File C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
Prefs.js: "v9" removed from browser.search.defaultenginename
Prefs.js: "v9" removed from browser.search.selectedEngine
Prefs.js: "http://www.v9.com/?t....sd&t=34c347995" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/SAFFPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92}\ deleted successfully.
C:\Program Files (x86)\BrowseStudio\BrowseStudiobho.dll moved successfully.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest\ deleted successfully.
File Protocol\Handler\dssrequest - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
File Protocol\Handler\sacore - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest\ not found.
File Protocol\Handler\dssrequest - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ not found.
File Protocol\Handler\sacore - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
C:\Program Files (x86)\BrowseStudio\bin\TEMP folder moved successfully.
C:\Program Files (x86)\BrowseStudio\bin\plugins folder moved successfully.
Folder move failed. C:\Program Files (x86)\BrowseStudio\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\BrowseStudio scheduled to be moved on reboot.
C:\Users\martin\AppData\Roaming\v9\images\code folder moved successfully.
C:\Users\martin\AppData\Roaming\v9\images folder moved successfully.
C:\Users\martin\AppData\Roaming\v9 folder moved successfully.
C:\Users\martin\AppData\Roaming\MailUpdate folder moved successfully.
C:\ProgramData\MailUpdate folder moved successfully.
C:\ProgramData\IHProtectUpDate\update folder moved successfully.
C:\ProgramData\IHProtectUpDate folder moved successfully.
C:\Program Files (x86)\STab\skin\image folder moved successfully.
C:\Program Files (x86)\STab\skin folder moved successfully.
C:\Program Files (x86)\STab folder moved successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\martin\Downloads\cmd.bat deleted successfully.
C:\Users\martin\Downloads\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BrowserAdapter.exe not found.
File\Folder C:\Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe not found.
File\Folder C:\Program Files (x86)\BrowseStudio\updateBrowseStudio.exe not found.
C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOAS.exe moved successfully.
C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASPRT.exe moved successfully.
C:\Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASHelper.exe moved successfully.
File\Folder C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7\maintainer.exe not found.
File\Folder C:\Users\martin\AppData\Roaming\MailUpdate not found.
Folder move failed. C:\Program Files (x86)\BrowseStudio\bin scheduled to be moved on reboot.
Folder move failed. C:\Program Files (x86)\BrowseStudio scheduled to be moved on reboot.
File\Folder C:\Users\martin\AppData\Roaming\MailUpdate not found.
File\Folder C:\ProgramData\MailUpdate not found.
File\Folder C:\Users\martin\AppData\Roaming\v9 not found.
File\Folder C:\Users\martin\AppData\Roaming\MailUpdate not found.
File\Folder C:\ProgramData\IHProtectUpDate not found.
File\Folder C:\Program Files (x86)\STab not found.
File\Folder C:\Program Files (x86)\STab\ProtectService.exe not found.
File\Folder C:\Program Files (x86)\STab\HPNotify.exe not found.
File\Folder C:\Program Files (x86)\STab\CmdShell.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: martin
->Temp folder emptied: 544960645 bytes
->Temporary Internet Files folder emptied: 9221704 bytes
->Java cache emptied: 2871043 bytes
->FireFox cache emptied: 10093321 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99439989 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 636.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11242014_203138
 
Files\Folders moved on Reboot...
C:\Program Files (x86)\BrowseStudio\bin\plugins folder moved successfully.
C:\Program Files (x86)\BrowseStudio\bin folder moved successfully.
C:\Program Files (x86)\BrowseStudio folder moved successfully.
C:\Users\martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

OTL logfile created on: 11/24/2014 8:48:51 PM - Run 10
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\martin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.75 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 40.50% Memory free
3.50 Gb Paging File | 1.89 Gb Available in Paging File | 53.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 181.78 Gb Free Space | 64.14% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 0.03 Gb Free Space | 0.18% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/24 13:59:37 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/11/24 13:58:12 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/18 10:57:30 | 002,324,080 | ---- | M] (Systweak) -- C:\Program Files (x86)\Free PC Diagnosis\AIP.exe
PRC - [2014/11/13 23:31:42 | 000,228,352 | ---- | M] (NTS Co., Ltd.") -- C:\Users\martin\AppData\NTSFile\NTS.exe
PRC - [2014/11/13 08:59:03 | 000,230,792 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
PRC - [2014/11/12 22:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/24 19:22:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\martin\Downloads\OTL(2).exe
PRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/08 15:15:51 | 000,039,808 | ---- | M] (Wacom Technology) -- C:\Program Files\Tablet\Pen\WacomHost.exe
PRC - [2008/12/22 14:59:12 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Dell\OSD\OSDSvr.exe
PRC - [2008/11/11 10:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/11/24 20:44:37 | 000,043,008 | ---- | M] () -- c:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvnff2h.dll
MOD - [2014/11/24 13:58:23 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/18 10:57:30 | 001,531,904 | ---- | M] () -- C:\Program Files (x86)\Free PC Diagnosis\LicenceManager.dll
MOD - [2014/11/13 03:40:21 | 001,669,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\bb21380c3d4870a81038f30e1a00bcd5\Microsoft.VisualBasic.ni.dll
MOD - [2014/11/13 03:36:36 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\abecd46ce0b212dad31a9e8f9adf073f\System.EnterpriseServices.ni.dll
MOD - [2014/11/12 22:49:59 | 003,610,624 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/10/15 03:00:03 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\3063abda312516739bc808360071bad9\System.Xml.Linq.ni.dll
MOD - [2014/10/15 02:59:30 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\48187079059211b6ac3ba7201919ba33\System.Data.DataSetExtensions.ni.dll
MOD - [2014/10/15 02:58:46 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\e3641fa3359f37ad12c84183ce765093\System.Core.ni.dll
MOD - [2014/10/15 02:47:47 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f45bc0251cceb599622f55cc1c7f4aba\System.Transactions.ni.dll
MOD - [2014/10/15 02:47:45 | 006,638,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\17991bd9f5c8593aea739d6f619deffa\System.Data.ni.dll
MOD - [2014/10/15 02:47:19 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e061f6a174e85fd3a61fc1093384ed5c\System.Windows.Forms.ni.dll
MOD - [2014/10/15 02:47:13 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014/10/15 02:47:11 | 000,688,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\fc21baf1fd69ebbc21be4a9189951fc0\System.Security.ni.dll
MOD - [2014/10/15 02:47:08 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014/10/15 02:47:05 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014/10/15 02:46:43 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014/09/13 02:49:10 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014/03/20 14:49:19 | 002,952,704 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2014/03/03 21:57:21 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013/08/23 11:01:44 | 025,100,288 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2011/11/11 18:22:10 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\Free PC Diagnosis\System.Data.SQLite.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/24 13:58:12 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/05 19:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/19 11:12:17 | 000,656,664 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe -- (WTabletServiceCon)
SRV:64bit: - [2014/04/09 05:13:48 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2006/12/07 21:18:00 | 000,566,152 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlcicoms.exe -- (dlci_device)
SRV - [2014/11/13 23:31:42 | 000,228,352 | ---- | M] (NTS Co., Ltd.") [Auto | Running] -- C:\Users\martin\AppData\NTSFile\NTS.exe -- (Northern Themes Service)
SRV - [2014/11/11 18:46:24 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008/12/22 14:59:12 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\OSD\OSDSvr.exe -- (FOXOSDService)
SRV - [2006/12/07 21:17:44 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlcicoms.exe -- (dlci_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/11/24 13:59:40 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/24 13:58:28 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/11/24 13:58:28 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/24 13:58:28 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/11/24 13:58:28 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/24 13:58:27 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/24 13:58:27 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/24 13:58:27 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/24 08:30:28 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{fa03420d-05ef-4826-9373-bf3c8734921f}Gw64.sys -- ({fa03420d-05ef-4826-9373-bf3c8734921f}Gw64)
DRV:64bit: - [2014/11/21 01:29:48 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys -- ({b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64)
DRV:64bit: - [2014/11/18 08:30:14 | 000,048,784 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys -- ({e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64)
DRV:64bit: - [2014/08/06 10:15:50 | 000,102,200 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2014/08/06 10:15:50 | 000,015,160 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2014/08/06 10:15:50 | 000,014,136 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/03/02 06:58:11 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/04/29 05:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/07/17 00:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/28 08:31:02 | 000,015,448 | ---- | M] (Foxconn Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FxOSDdrv64.sys -- (FXOSDDRV)
DRV:64bit: - [2008/10/28 09:48:20 | 000,160,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IESR02
IE - HKCU\..\SearchScopes\{1B013B72-768D-434D-B88E-F5D73B740EF3}: "URL" = http://www.google.co...1I7ADRA_enUS400
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.v9.com/?t...sd&t=34c347995"
FF - prefs.js..extensions.enabledAddons: faststartff%40gmail.com:4.3.0
FF - prefs.js..extensions.enabledAddons: %7Be8294a7e-8442-4f3a-8722-cb5c3f67ed67%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1
FF - prefs.js..keyword.URL: "http://www.bing.com/...9DF&PC=U079&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.7: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\martin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\martin\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\[email protected] [2014/11/18 12:02:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/24 13:58:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014/04/04 02:36:14 | 000,010,691 | ---- | M] ()
 
[2010/10/09 17:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Extensions
[2010/10/09 17:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Extensions\[email protected]
[2014/11/18 12:02:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions
[2014/11/18 12:02:15 | 000,000,000 | ---D | M] ("Fast Start") -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\[email protected]
[2014/11/18 10:27:46 | 000,009,095 | ---- | M] () (No name found) -- C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}.xpi
[2014/11/10 19:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/10 19:14:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopkldoembhleihlknjnmppilpckfila\1.0.1_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/11/24 20:37:19 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\martin\AppData\Local\Apps\2.0\D18BX2HW.5VO\RR6PRP0A.8GQ\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Driver Detective] C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [Facebook Update] C:\Users\martin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Hardware Helper] C:\Program Files (x86)\Hardware Helper\HHLauncher.exe (PC Help Soft)
O4 - Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAA9D188-B24E-42C3-A1AF-D4D26C25F6A0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[7510/09/28 18:00:15 | 000,000,000 | ---D | C] -- C:\Windows.old
[2014/11/24 14:17:02 | 000,000,000 | R--D | C] -- C:\Users\martin\Dropbox
[2014/11/24 14:15:17 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/11/24 14:13:12 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Dropbox
[2014/11/24 14:06:59 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Systweak
[2014/11/24 14:06:47 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Local\Systweak
[2014/11/24 14:05:24 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\Free PC Diagnosis
[2014/11/24 14:05:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PC Diagnosis
[2014/11/24 14:05:02 | 000,000,000 | ---D | C] -- C:\ProgramData\systweak
[2014/11/24 14:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free PC Diagnosis
[2014/11/24 14:02:07 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\AVAST Software
[2014/11/24 14:00:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/11/24 13:58:41 | 000,436,624 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/11/24 13:58:41 | 000,116,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/11/24 13:58:40 | 000,083,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/11/24 13:58:39 | 000,093,568 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/11/24 13:58:37 | 001,050,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/24 13:58:33 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/24 13:58:25 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/24 13:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/11/24 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/11/24 08:33:54 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{fa03420d-05ef-4826-9373-bf3c8734921f}Gw64.sys
[2014/11/23 21:38:59 | 000,000,000 | ---D | C] -- C:\Users\martin\AppData\Roaming\BRT
[2014/11/21 03:45:43 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys
[2014/11/18 12:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7
[2014/11/18 12:09:22 | 000,048,784 | ---- | C] (StdLib) -- C:\Windows\SysNative\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys
[2014/11/16 18:53:20 | 000,000,000 | -HSD | C] -- C:\Users\martin\AppData\Local\EmieBrowserModeList
[2014/11/10 19:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/10/13 19:47:17 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\martin\AppData\Local\BcsKtYcHW.dll
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/24 20:50:27 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/24 20:50:27 | 000,022,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/24 20:49:54 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/24 20:49:54 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/24 20:49:54 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/24 20:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/24 20:44:13 | 000,001,932 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
[2014/11/24 20:43:19 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/11/24 20:42:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/24 20:42:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/24 20:42:07 | 1408,684,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/24 20:37:19 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/11/24 20:08:18 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/24 19:21:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001UA.job
[2014/11/24 16:21:06 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001Core.job
[2014/11/24 14:17:02 | 000,001,045 | ---- | M] () -- C:\Users\martin\Desktop\Dropbox.lnk
[2014/11/24 14:16:47 | 000,001,055 | ---- | M] () -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/24 14:05:14 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Free PC Diagnosis.lnk
[2014/11/24 14:00:20 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/11/24 13:59:40 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/24 13:58:28 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/11/24 13:58:28 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/24 13:58:28 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/11/24 13:58:28 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/24 13:58:27 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/24 13:58:27 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/11/24 13:58:27 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/11/24 13:58:27 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/24 13:58:25 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/24 08:30:28 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{fa03420d-05ef-4826-9373-bf3c8734921f}Gw64.sys
[2014/11/21 02:06:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/11/21 01:29:48 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys
[2014/11/20 17:19:39 | 000,005,884 | ---- | M] () -- C:\Users\martin\.recently-used.xbel
[2014/11/18 08:30:14 | 000,048,784 | ---- | M] (StdLib) -- C:\Windows\SysNative\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys
[2014/11/16 15:29:28 | 000,785,879 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7291.JPG
[2014/11/16 15:29:08 | 000,816,504 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7287.JPG
[2014/11/15 18:23:15 | 000,061,011 | ---- | M] () -- C:\Users\martin\Desktop\enhanced-12916-1415396260-29.jpg
[2014/11/15 18:20:53 | 000,069,215 | ---- | M] () -- C:\Users\martin\Desktop\enhanced-9587-1415568628-10.jpg
[2014/11/15 18:16:59 | 000,181,540 | ---- | M] () -- C:\Users\martin\Desktop\enhanced-buzz-20686-1415996754-19.jpg
[2014/11/15 17:51:31 | 000,984,532 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7268.JPG
[2014/11/15 17:51:29 | 000,911,649 | ---- | M] () -- C:\Users\martin\Desktop\IMG_7267.JPG
[2014/11/13 23:45:01 | 000,055,258 | ---- | M] () -- C:\Users\martin\Desktop\9.jpg
[2014/11/13 23:44:48 | 000,020,572 | ---- | M] () -- C:\Users\martin\Desktop\7.jpg
[2014/11/13 23:44:18 | 000,016,051 | ---- | M] () -- C:\Users\martin\Desktop\8.jpg
[2014/11/13 23:40:51 | 000,019,028 | ---- | M] () -- C:\Users\martin\Desktop\full (95).jpg
[2014/11/13 23:40:40 | 000,019,391 | ---- | M] () -- C:\Users\martin\Desktop\full (94).jpg
[2014/11/13 23:39:40 | 000,082,901 | ---- | M] () -- C:\Users\martin\Desktop\full (89).jpg
[2014/11/13 23:38:57 | 000,093,463 | ---- | M] () -- C:\Users\martin\Desktop\full (88).jpg
[2014/11/13 03:34:38 | 000,305,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/10 19:05:10 | 000,070,616 | ---- | M] () -- C:\Users\martin\Desktop\edit-13226-1415056001-11.jpg
[2014/11/08 16:26:46 | 000,029,237 | ---- | M] () -- C:\Users\martin\Desktop\grid-cell-12035-1414509005-27.jpg
[2014/11/07 19:01:10 | 000,382,227 | ---- | M] () -- C:\Users\martin\Desktop\rescued-baby-turkeys.jpg
[2014/11/05 15:49:15 | 000,061,554 | ---- | M] () -- C:\Users\martin\Desktop\23598_114846285201231_52051032_n.jpg
[2014/11/02 14:51:59 | 000,051,813 | ---- | M] () -- C:\Users\martin\Desktop\Australian-Fruit-Bat.jpeg
[2014/11/02 14:51:43 | 000,160,432 | ---- | M] () -- C:\Users\martin\Desktop\bats06.jpg
[2014/11/02 14:51:16 | 000,013,912 | ---- | M] () -- C:\Users\martin\Desktop\fruit_bat_shellac (1).jpg
[2014/11/02 14:48:48 | 000,183,656 | ---- | M] () -- C:\Users\martin\Desktop\bat006.jpg
[2014/11/02 14:20:08 | 000,804,327 | ---- | M] () -- C:\Users\martin\Desktop\IMG_68386.JPG
[2014/11/02 13:49:15 | 002,634,573 | ---- | M] () -- C:\Users\martin\Desktop\IM2G_6886.JPG
 
========== Files Created - No Company Name ==========
 
[7510/09/28 17:14:53 | 1408,684,032 | -HS- | C] () -- C:\hiberfil.sys
[2014/11/24 20:43:19 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/24 14:17:02 | 000,001,045 | ---- | C] () -- C:\Users\martin\Desktop\Dropbox.lnk
[2014/11/24 14:16:47 | 000,001,055 | ---- | C] () -- C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/24 14:05:14 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Free PC Diagnosis.lnk
[2014/11/24 14:00:20 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/11/24 13:58:41 | 000,267,632 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/24 13:58:40 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/24 13:58:39 | 000,029,208 | ---- | C] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/20 17:19:39 | 000,005,884 | ---- | C] () -- C:\Users\martin\.recently-used.xbel
[2014/11/16 15:28:58 | 000,816,504 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7287.JPG
[2014/11/16 15:28:49 | 000,785,879 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7291.JPG
[2014/11/15 18:23:14 | 000,061,011 | ---- | C] () -- C:\Users\martin\Desktop\enhanced-12916-1415396260-29.jpg
[2014/11/15 18:20:53 | 000,069,215 | ---- | C] () -- C:\Users\martin\Desktop\enhanced-9587-1415568628-10.jpg
[2014/11/15 18:16:55 | 000,181,540 | ---- | C] () -- C:\Users\martin\Desktop\enhanced-buzz-20686-1415996754-19.jpg
[2014/11/15 17:51:31 | 000,984,532 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7268.JPG
[2014/11/15 17:51:28 | 000,911,649 | ---- | C] () -- C:\Users\martin\Desktop\IMG_7267.JPG
[2014/11/13 23:45:01 | 000,055,258 | ---- | C] () -- C:\Users\martin\Desktop\9.jpg
[2014/11/13 23:44:46 | 000,020,572 | ---- | C] () -- C:\Users\martin\Desktop\7.jpg
[2014/11/13 23:44:18 | 000,016,051 | ---- | C] () -- C:\Users\martin\Desktop\8.jpg
[2014/11/13 23:40:51 | 000,019,028 | ---- | C] () -- C:\Users\martin\Desktop\full (95).jpg
[2014/11/13 23:40:39 | 000,019,391 | ---- | C] () -- C:\Users\martin\Desktop\full (94).jpg
[2014/11/13 23:39:39 | 000,082,901 | ---- | C] () -- C:\Users\martin\Desktop\full (89).jpg
[2014/11/13 23:38:57 | 000,093,463 | ---- | C] () -- C:\Users\martin\Desktop\full (88).jpg
[2014/11/10 19:05:09 | 000,070,616 | ---- | C] () -- C:\Users\martin\Desktop\edit-13226-1415056001-11.jpg
[2014/11/08 16:25:28 | 000,029,237 | ---- | C] () -- C:\Users\martin\Desktop\grid-cell-12035-1414509005-27.jpg
[2014/11/07 19:01:06 | 000,382,227 | ---- | C] () -- C:\Users\martin\Desktop\rescued-baby-turkeys.jpg
[2014/11/05 15:49:15 | 000,061,554 | ---- | C] () -- C:\Users\martin\Desktop\23598_114846285201231_52051032_n.jpg
[2014/11/02 14:51:58 | 000,051,813 | ---- | C] () -- C:\Users\martin\Desktop\Australian-Fruit-Bat.jpeg
[2014/11/02 14:51:42 | 000,160,432 | ---- | C] () -- C:\Users\martin\Desktop\bats06.jpg
[2014/11/02 14:51:15 | 000,013,912 | ---- | C] () -- C:\Users\martin\Desktop\fruit_bat_shellac (1).jpg
[2014/11/02 14:48:36 | 000,183,656 | ---- | C] () -- C:\Users\martin\Desktop\bat006.jpg
[2014/11/02 14:20:07 | 000,804,327 | ---- | C] () -- C:\Users\martin\Desktop\IMG_68386.JPG
[2014/11/02 13:49:14 | 002,634,573 | ---- | C] () -- C:\Users\martin\Desktop\IM2G_6886.JPG
[2014/08/22 21:23:44 | 000,893,239 | ---- | C] () -- C:\Users\martin\AppData\Local\a.zip
[2014/07/04 07:46:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/26 03:08:34 | 000,774,632 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/12/27 20:23:02 | 000,000,104 | ---- | C] () -- C:\Users\martin\AppData\Roaming\WB.CFG
[2013/09/15 13:19:47 | 000,003,749 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2012/12/15 17:55:26 | 000,581,642 | ---- | C] () -- C:\Users\martin\AppData\Roaming\technic-launcher.jar
[2011/11/07 17:17:03 | 000,027,084 | ---- | C] () -- C:\ProgramData\xportnchk.ini
[2011/09/07 17:07:35 | 000,161,744 | ---- | C] () -- C:\Program Files (x86)\v3res.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/11/17 15:34:53 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\.minecraft
[2013/01/02 17:53:57 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\.techniclauncher
[2010/11/19 19:57:22 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Absolute Poker
[2012/09/12 17:04:04 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Audacity
[2014/11/24 14:02:07 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\AVAST Software
[2013/03/14 17:33:18 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Blitware
[2014/11/23 21:39:02 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\BRT
[2014/08/22 21:17:06 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Catalina – Print Savings
[2014/11/24 20:44:44 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Dropbox
[2014/11/24 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Free PC Diagnosis
[2014/08/17 12:13:58 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\ftblauncher
[2014/11/20 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\gtk-2.0
[2013/10/24 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Hardware Helper
[2013/01/02 17:53:42 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\logs
[2010/10/26 18:19:37 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\MusicNet
[2012/02/24 12:50:37 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Riverpoint Writer
[2014/04/15 18:07:09 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Scribus
[2014/08/02 09:25:38 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Spotify
[2011/11/07 17:16:07 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\supportdotcom
[2014/06/07 15:59:04 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\SYSTEMAX Software Development
[2014/11/24 14:06:59 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Systweak
[2013/12/27 19:34:10 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\TuxPaint
[2012/12/10 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Unity
[2011/11/28 12:42:11 | 000,000,000 | ---D | M] -- C:\Users\martin\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:18750BD1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B1FBBD09
 
< End of report >
 

  • 0

Advertisements

#11
zep516
Posted 24 November 2014 - 11:37 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
OK, Good work :)

Lets run 2 more addware removal programs, the first one is adwcleaner and the second one is Junkware removal tool (JRT) On the adwCleaner tool just make sure you actually run the clean option. I'll review the OTL Log, while you do those exercises.

Detailed Instructions to follow:

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post:
    • The adwCleaner log[SN].txt where n is a number, after you run the clean option.
    • The JRT .txt log
    Thanks
    Joe :)



  • 0

#12
Lauriek44
Posted 24 November 2014 - 11:37 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I appreciate your help.  I'm old and tired. It would be awesome if wecould do this again tomorrow. :)  thank you!!! youre great!!!


  • 0

#13
zep516
Posted 25 November 2014 - 12:00 AM

zep516

    Trusted Helper

  • Malware Removal
  • 8,090 posts
See you Tomorrow...
  • 0

#14
Lauriek44
Posted 27 November 2014 - 08:30 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

S# AdwCleaner v4.102 - Report created 27/11/2014 at 18:21:27

# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : martin - MARTIN-PC
# Running from : C:\Users\martin\Downloads\adwcleaner_4.102 (3).exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : {b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64
Service Deleted : {e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64
Service Deleted : {fa03420d-05ef-4826-9373-bf3c8734921f}Gw64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Systweak
Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Folder Deleted : C:\Program Files (x86)\PC Drivers HeadQuarters
Folder Deleted : C:\Users\martin\AppData\Local\Systweak
Folder Deleted : C:\Users\martin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\Extensions\[email protected]
Folder Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
File Deleted : C:\Windows\System32\\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys
File Deleted : C:\Windows\System32\\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys
File Deleted : C:\Windows\System32\\drivers\{fa03420d-05ef-4826-9373-bf3c8734921f}Gw64.sys
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Driver Detective-RTMUpdater
Task Deleted : Driver Detective-RTMScan
Task Deleted : Driver Detective-RTMRules
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Driver Detective]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\BrowseStudio
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : HKLM\SOFTWARE\BrowseStudio
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5D6D605B-E4B7-490B-A794-9284BC3D2A8B}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowseStudio
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v
 
[oi1r8vb1.default-1406065090839\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[oi1r8vb1.default-1406065090839\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.v9.com/?type=hp&ts=1416340930&from=cor&uid=3219913727_67194_001371CA&i=psd&t=34c347995");
[oi1r8vb1.default-1406065090839\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[oi1r8vb1.default-1406065090839\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [30735 octets] - [27/04/2014 18:17:13]
AdwCleaner[R1].txt - [11330 octets] - [07/09/2014 08:58:12]
AdwCleaner[R2].txt - [6590 octets] - [27/11/2014 18:16:22]
AdwCleaner[S0].txt - [30275 octets] - [27/04/2014 18:17:48]
AdwCleaner[S1].txt - [11031 octets] - [07/09/2014 08:59:15]
AdwCleaner[S2].txt - [6373 octets] - [27/11/2014 18:21:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6433 octets] ##########
 

o sorry that I have been absent.  I've had a super busy couple of days.  Here is the log from the adwcleaner.  I'll work on the other one now.  Th

anks


  • 0

#15
Lauriek44
Posted 27 November 2014 - 09:06 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 7 Home Premium x64
Ran by martin on Thu 11/27/2014 at 18:49:30.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully stopped: [Service] couponprinterservice 
Successfully deleted: [Service] couponprinterservice 
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\martin\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage"
Successfully deleted: [File] "C:\Users\martin\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\martin\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\martin\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\martin\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage"
Successfully deleted: [File] "C:\Users\martin\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\martin\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\martin\appdata\local\pc_drivers_headquarters"
Successfully deleted: [Folder] "C:\Users\martin\appdata\local\systweak"
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{03A9770C-2640-492B-B2E2-7075838E4686}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{074E73E3-63DC-4766-8CF3-826F568582B5}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{21554F27-493F-44AC-ADB8-29973C0042B4}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{3199ADFC-D9D9-480C-9DB7-C27B75C5B001}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{5712BC4A-A7DB-4E01-9FBB-D95F8A81C0EA}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{62835E44-239C-48D5-A73F-52062A19692B}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{75B67DFA-1A72-496B-8DDF-077FC4C315E6}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{8E68B019-E8A0-4E0C-BD28-A1AE70322749}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{C15BC670-DC65-41A5-9D21-1F7904F2B4BF}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{CB4B82C8-6519-4DDA-961D-D06E8D5177DA}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{CCAB9701-6690-494B-9A40-89A0B6402D8D}
Successfully deleted: [Empty Folder] C:\Users\martin\appdata\local\{D56320FF-EA93-4011-BD20-BBF8C36994D7}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/27/2014 at 18:55:59.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Here ya' go.  It doesn't seem much better yet :(

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP