Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Teenage daughter downloaded virus from internet.

Started by Lauriek44 , Nov 23 2014 06:54 PM

  • This topic is locked This topic is locked

#31
Lauriek44
Posted 29 November 2014 - 09:18 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by martin at 2014-11-29 19:13:34 Run:3
Running from C:\Users\martin\Desktop
Loaded Profile: martin (Available profiles: martin & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Extension: No Name - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\[email protected] [Not Found]
FF Extension: No Name - [email protected] [Not Found]
CHR HomePage: Default -> hxxp://www.v9.com/?type=hp&ts=1416340930&from=cor&uid=3219913727_67194_001371CA&i=psd&t=34c347995
CHR StartupUrls: Default -> "hxxp://www.v9.com/?type=hp&ts=1416340930&from=cor&uid=3219913727_67194_001371CA&i=psd&t=34c347995"
CHR Extension: (BrowseStudio) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopkldoembhleihlknjnmppilpckfila [2014-11-19]
CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx []
S2 IHProtect Service; C:\Program Files (x86)\STab\ProtectService.exe [X]
S2 TabletServicePen; C:\Windows\system32\Pen_Tablet.exe [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
2014-11-29 10:11 - 2014-11-29 10:49 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Systweak
2014-11-29 10:11 - 2014-11-29 10:49 - 00000000 ____D () C:\ProgramData\Systweak
C:\Users\martin\AppData\Roaming\Systweak
C:\ProgramData\Systweak
2014-11-27 18:52 - 2014-11-27 18:52 - 00000000 ____D () C:\Users\martin\AppData\Local\Systweak
C:\Users\martin\AppData\Local\Systweak
2014-11-27 18:14 - 2014-11-27 18:14 - 02148864 _____ () C:\Users\martin\Downloads\Unconfirmed 836055.crdownload
2014-11-27 18:14 - 2014-11-27 18:14 - 02148864 _____ () C:\Users\martin\Downloads\Unconfirmed 179295.crdownload
014-11-24 14:05 - 2014-11-29 10:49 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Free PC Diagnosis
2014-11-24 14:05 - 2014-11-24 14:05 - 00003116 _____ () C:\Windows\System32\Tasks\Free PC Diagnosis
2014-11-24 14:05 - 2014-11-24 14:05 - 00001077 _____ () C:\Users\Public\Desktop\Free PC Diagnosis.lnk
2014-11-24 14:05 - 2014-11-24 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PC Diagnosis
2014-11-24 14:04 - 2014-11-24 14:05 - 00000000 ____D () C:\Program Files (x86)\Free PC Diagnosis
2014-11-24 13:52 - 2014-11-24 13:52 - 05760280 _____ (The Phone Support ) C:\Users\martin\Downloads\FreeDiagnosis.exe
2014-11-24 13:52 - 2014-11-24 13:52 - 05760280 _____ (The Phone Support ) C:\Users\martin\Downloads\FreeDiagnosis (1).exe
C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqgknvm.dll
C:\Users\martin\AppData\Local\Temp\Quarantine.exe
C:\Users\martin\AppData\Local\Temp\sqlite3.dll
AlternateDataStreams: C:\ProgramData\TEMP:18750BD1
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09 
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\Software\Classes\.exe:  =>  <===== ATTENTION!
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\Software\Classes\exefile:  <===== ATTENTION!
 
Emptytemp:
reboot:
end
*****************
 
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKU\S-1-5-21-834785317-2334666246-2197150166-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10" => Key deleted successfully.
C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\[email protected] not found.
FF Extension: No Name - [email protected] [Not Found] not found.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopkldoembhleihlknjnmppilpckfila => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cnpkmcjgpcihgfnkcjapiaabbbplkcmf" => Key deleted successfully.
"C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx" => File/Directory not found.
IHProtect Service => Service deleted successfully.
TabletServicePen => Service deleted successfully.
wacommousefilter => Service deleted successfully.
wacomvhid => Service deleted successfully.
C:\Users\martin\AppData\Roaming\Systweak => Moved successfully.
C:\ProgramData\Systweak => Moved successfully.
"C:\Users\martin\AppData\Roaming\Systweak" => File/Directory not found.
"C:\ProgramData\Systweak" => File/Directory not found.
C:\Users\martin\AppData\Local\Systweak => Moved successfully.
"C:\Users\martin\AppData\Local\Systweak" => File/Directory not found.
C:\Users\martin\Downloads\Unconfirmed 836055.crdownload => Moved successfully.
C:\Users\martin\Downloads\Unconfirmed 179295.crdownload => Moved successfully.
014-11-24 14:05 - 2014-11-29 10:49 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Free PC Diagnosis => Error: No automatic fix found for this entry.
C:\Windows\System32\Tasks\Free PC Diagnosis => Moved successfully.
C:\Users\Public\Desktop\Free PC Diagnosis.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PC Diagnosis => Moved successfully.
C:\Program Files (x86)\Free PC Diagnosis => Moved successfully.
C:\Users\martin\Downloads\FreeDiagnosis.exe => Moved successfully.
C:\Users\martin\Downloads\FreeDiagnosis (1).exe => Moved successfully.
C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqgknvm.dll => Moved successfully.
C:\Users\martin\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\martin\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\ProgramData\TEMP => ":18750BD1" ADS removed successfully.
C:\ProgramData\TEMP => ":B1FBBD09" ADS removed successfully.
"HKU\S-1-5-21-834785317-2334666246-2197150166-1001\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-834785317-2334666246-2197150166-1001\Software\Classes\exefile" => Key deleted successfully.
EmptyTemp: => Removed 320.2 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
Here is the log

  • 0

Advertisements

#32
zep516
Posted 29 November 2014 - 09:32 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

Open FRST do a scan and post a fresh log.

How is everything going ? What's still popping up and in what browser ?

Thanks
Joe :)
  • 0

#33
Lauriek44
Posted 29 November 2014 - 10:03 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Everything is going well.  Nothing is popping up.  However, I couldn't get rid of the java update.  It kept asking me if I wanted to download some installer, so I declined.  I will post a fresh log.


  • 0

#34
Lauriek44
Posted 29 November 2014 - 10:07 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by martin at 2014-11-29 20:04:56
Running from C:\Users\martin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{63EC2120-1742-4625-AA47-C6A8AEC9C64C}) (Version: 2.2.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}) (Version: 6.0.0.59 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Comcast Desktop Software (v1.2.1) (HKLM-x32\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager - 1  (HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Driver Download Manager (HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.02.06 - Creative Technology Ltd)
Driver Robot (HKLM-x32\...\{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1) (Version:  - Blitware Technology Inc.)
Dropbox (HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Free PC Diagnosis (HKLM-x32\...\{2707F9E6-BF19-4145-8D0C-97F24A1328E4}_is1) (Version: 1.8 - The Phone Support)
Gimp 2.6.2 Debug (HKLM-x32\...\WinGimp-2.0_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hardware Helper v3.1 (HKLM-x32\...\Hardware Helper_is1) (Version: 3.1 - PC Help Soft)
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Product Improvement Study (HKLM\...\{4B3264AA-951A-4A6B-B837-125224261F12}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
iTunes (HKLM\...\{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}) (Version: 10.7.0.21 - Apple Inc.)
Java™ 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{cb41fc68-4442-4f7f-b22f-8f31c74897ac}) (Version: 11.0.51106.1 - Microsoft Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - NVIDIA Corporation)
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
OSD (HKLM-x32\...\{76CB3301-6463-4D01-8BE2-A3C99692EB31}) (Version: 1.1.3 - DELL)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pirate101 (HKLM-x32\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.0 - Dell)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Scribus 1.4.3 (64bit) (HKLM\...\Scribus 1.4.3) (Version: 1.4.3 - The Scribus Team)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SocialRibbons LP2 (HKLM-x32\...\SocialRibbons LP2) (Version:  - )
Spotify (HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tux Paint 0.9.21c (HKLM-x32\...\Tux Paint_is1) (Version:  - New Breed Software)
Unity Web Player (HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
v9 uninstall (HKLM-x32\...\v9 uninstall) (Version:  - v9)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Wizard101 (HKLM-x32\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-834785317-2334666246-2197150166-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-834785317-2334666246-2197150166-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-834785317-2334666246-2197150166-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-834785317-2334666246-2197150166-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-834785317-2334666246-2197150166-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-834785317-2334666246-2197150166-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-834785317-2334666246-2197150166-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-834785317-2334666246-2197150166-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-834785317-2334666246-2197150166-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\martin\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
19-11-2014 11:00:19 Windows Update
22-11-2014 11:31:43 Windows Update
24-11-2014 21:54:04 avast! antivirus system restore point
25-11-2014 04:32:01 OTL Restore Point - 11/24/2014 8:31:58 PM
26-11-2014 04:54:57 Windows Update
29-11-2014 17:11:56 avast! antivirus system restore point
30-11-2014 02:41:54 Removed Java 7 Update 67
30-11-2014 02:42:48 Removed Java 7 Update 67
30-11-2014 02:43:24 Removed Java™ 6 Update 18
30-11-2014 03:05:49 Removed JavaFX 2.1.1
30-11-2014 03:06:03 Removed Java 7 Update 67
30-11-2014 03:07:24 Removed Java™ 6 Update 18
30-11-2014 03:08:32 Removed Java™ 7 Update 1 (64-bit)
30-11-2014 03:08:52 Removed Java™ 7 Update 1 (64-bit)
30-11-2014 03:28:21 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2014-11-24 20:37 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1123B846-9B83-4F79-A65D-33739CD4390C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001UA => C:\Users\martin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {3A9D96B9-04E3-4AC0-B66F-AEE47AAAA769} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {40BE332E-EA6F-4FC2-8D3E-CBED7D249995} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {49BE85D2-5A77-4773-B916-411254CF1F15} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {8631078B-8128-4943-9EB7-EB0B8109C03D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {8F00A964-6824-4B21-8FDF-E60908AF71DF} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {B767C0FA-EB5E-43C4-A3CA-8F8E59C175CF} - System32\Tasks\HPCustParticipation HP Deskjet 2510 series => C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {C8B5E479-47CF-435F-B02F-0A941C465121} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-05] (Google Inc.)
Task: {DC89BA06-DEC3-458C-ADB6-DF6155A64D8A} - \Free PC Diagnosis No Task File <==== ATTENTION
Task: {EAFFA5F9-B12B-414A-8215-190466A693A7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001Core => C:\Users\martin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001Core.job => C:\Users\martin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001UA.job => C:\Users\martin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-18 03:04 - 2013-01-18 07:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-03-14 18:00 - 2008-12-22 14:59 - 00065536 _____ () C:\Program Files (x86)\DELL\OSD\OSDSvr.exe
2014-09-27 12:59 - 2014-08-19 11:12 - 01356568 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-29 19:16 - 2014-11-29 19:16 - 00043008 _____ () c:\users\martin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptlnk5f.dll
2014-11-24 14:15 - 2013-08-23 11:01 - 25100288 _____ () C:\Users\martin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-25 16:06 - 2014-11-24 22:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 16:06 - 2014-11-24 22:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-25 16:06 - 2014-11-24 22:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 16:06 - 2014-11-24 22:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OSD Utility.lnk => C:\Windows\pss\OSD Utility.lnk.CommonStartup
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-834785317-2334666246-2197150166-500 - Administrator - Disabled)
Guest (S-1-5-21-834785317-2334666246-2197150166-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-834785317-2334666246-2197150166-1002 - Limited - Enabled)
martin (S-1-5-21-834785317-2334666246-2197150166-1001 - Administrator - Enabled) => C:\Users\martin
UpdatusUser (S-1-5-21-834785317-2334666246-2197150166-1003 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/29/2014 09:08:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: winspool.drv, version: 6.1.7601.17514, time stamp: 0x4ce7ca38
Exception code: 0xc0000005
Fault offset: 0x000000000002cd80
Faulting process id: 0x69c
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3
 
 
System errors:
=============
Error: (11/29/2014 07:18:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (11/29/2014 07:18:39 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (11/29/2014 07:14:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (11/29/2014 07:13:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/29/2014 07:13:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/29/2014 07:13:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (11/29/2014 07:13:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/29/2014 07:13:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Northern Themes Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/29/2014 07:13:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/29/2014 07:13:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2012-01-21 18:13:34.782
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\dc3d.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-01-21 18:13:34.720
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\dc3d.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-12-08 10:34:53.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-12-08 10:34:53.723
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz
Percentage of memory in use: 61%
Total physical RAM: 1791.24 MB
Available physical RAM: 695.26 MB
Total Pagefile: 3582.48 MB
Available Pagefile: 1662.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:184.02 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:0.03 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 62F8F567)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by martin (administrator) on MARTIN-PC on 29-11-2014 20:03:35
Running from C:\Users\martin\Desktop
Loaded Profile: martin (Available profiles: martin & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NTS Co., Ltd.") C:\Users\martin\AppData\NTSFile\NTS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dell) C:\Users\martin\AppData\Local\Apps\2.0\D18BX2HW.5VO\RR6PRP0A.8GQ\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
(Dropbox, Inc.) C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
( ) C:\Windows\System32\dlcicoms.exe
() C:\Program Files (x86)\Dell\OSD\OSDSvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe [442536 2008-11-11] (Creative Technology Ltd.)
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\Run: [Desktop Software] => C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\Run: [Facebook Update] => C:\Users\martin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\Run: [ComcastAntispyClient] => "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\Run: [Hardware Helper] => C:\Program Files (x86)\Hardware Helper\HHLauncher.exe [133432 2013-03-05] (PC Help Soft)
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\Run: [DellSystemDetect] => C:\Users\martin\AppData\Local\Apps\2.0\D18BX2HW.5VO\RR6PRP0A.8GQ\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-07-04] (Dell)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\martin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-834785317-2334666246-2197150166-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839
FF DefaultSearchEngine: 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-834785317-2334666246-2197150166-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\martin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-834785317-2334666246-2197150166-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\martin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Extension: BrowseStudio - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\Extensions\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}.xpi [2014-11-18]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKU\S-1-5-21-834785317-2334666246-2197150166-1001\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF Extension: No Name - C:\Users\martin\AppData\Roaming\Mozilla\Firefox\Profiles\oi1r8vb1.default-1406065090839\extensions\[email protected] [Not Found]
FF Extension: No Name - [email protected] [Not Found]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-30]
CHR Extension: (Google Drive) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-04]
CHR Extension: (Google Search) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-05]
CHR Extension: (Google Wallet) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-30]
CHR Extension: (Gmail) - C:\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-05]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx []
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2013-01-01] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 dlci_device; C:\Windows\system32\dlcicoms.exe [566152 2006-12-07] ( )
R2 dlci_device; C:\Windows\SysWOW64\dlcicoms.exe [537480 2006-12-07] ( )
R2 FOXOSDService; C:\Program Files (x86)\DELL\OSD\OSDSvr.exe [65536 2008-12-22] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Northern Themes Service; C:\Users\martin\AppData\NTSFile\NTS.exe [228352 2014-11-13] (NTS Co., Ltd.") [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-03-02] (AVG Technologies)
R0 FXOSDDRV; C:\Windows\System32\DRIVERS\FxOSDdrv64.sys [15448 2008-11-28] (Foxconn Group)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2009-07-17] (NVIDIA Corporation)
U4 Umwvdadcsb; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2099-09-28 18:00 - 7510-09-28 18:00 - 00000000 ____D () C:\Windows.old
2014-11-29 20:03 - 2014-11-29 20:04 - 00019172 _____ () C:\Users\martin\Desktop\FRST.txt
2014-11-29 19:13 - 2014-11-29 19:13 - 00000000 ____D () C:\Users\martin\Desktop\FRST-OlderVersion
2014-11-29 11:33 - 2014-11-29 11:33 - 02117632 _____ (Farbar) C:\Users\martin\Downloads\FRST64 (1).exe
2014-11-29 11:26 - 2014-11-29 11:26 - 00010993 _____ () C:\Users\martin\Desktop\mal2.txt
2014-11-29 11:13 - 2014-11-29 11:13 - 00004062 _____ () C:\Users\martin\Desktop\malscan.txt
2014-11-29 07:56 - 2014-11-29 19:16 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-29 07:55 - 2014-11-29 07:55 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-29 07:55 - 2014-11-29 07:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-29 07:54 - 2014-11-29 07:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-29 07:54 - 2014-11-29 07:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-29 07:54 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-29 07:54 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-29 07:54 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-29 07:53 - 2014-11-29 07:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\martin\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-27 18:55 - 2014-11-27 18:55 - 00003307 _____ () C:\Users\martin\Desktop\JRT.txt
2014-11-27 18:38 - 2014-11-27 18:39 - 01707532 _____ (Thisisu) C:\Users\martin\Downloads\JRT (1).exe
2014-11-27 18:15 - 2014-11-27 18:16 - 02148864 _____ () C:\Users\martin\Downloads\adwcleaner_4.102 (3).exe
2014-11-24 21:38 - 2014-11-24 21:43 - 02148864 _____ () C:\Users\martin\Downloads\adwcleaner_4.102.exe
2014-11-24 20:43 - 2014-11-29 19:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-24 14:17 - 2014-11-29 19:16 - 00000000 ___RD () C:\Users\martin\Dropbox
2014-11-24 14:17 - 2014-11-24 14:17 - 00001045 _____ () C:\Users\martin\Desktop\Dropbox.lnk
2014-11-24 14:15 - 2014-11-24 14:15 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-24 14:13 - 2014-11-29 19:16 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Dropbox
2014-11-24 14:05 - 2014-11-29 10:49 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Free PC Diagnosis
2014-11-24 13:53 - 2014-11-29 10:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-11-24 13:51 - 2014-11-24 13:52 - 05006864 _____ (AVAST Software) C:\Users\martin\Downloads\avast_free_antivirus_setup_online.exe
2014-11-23 21:38 - 2014-11-23 21:39 - 00000000 ____D () C:\Users\martin\AppData\Roaming\BRT
2014-11-20 17:19 - 2014-11-20 17:19 - 00005884 _____ () C:\Users\martin\.recently-used.xbel
2014-11-18 20:01 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 20:01 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 20:01 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 20:01 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 12:39 - 2014-11-24 18:16 - 00000000 ____D () C:\ProgramData\ddc24aa9-6c5d-44d0-8c40-9bed83bb2ab7
2014-11-18 12:02 - 2014-11-18 12:02 - 00000000 ____D () C:\Users\martin\AppData\NTSFile
2014-11-18 11:58 - 2014-11-18 11:58 - 00783896 _____ ( ) C:\Users\martin\Downloads\CR_Downloader_for_desmume.exe
2014-11-16 18:53 - 2014-11-16 18:53 - 00000000 __SHD () C:\Users\martin\AppData\Local\EmieBrowserModeList
2014-11-12 04:14 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 04:14 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 04:14 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 04:14 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 04:14 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 04:14 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 04:14 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 04:14 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 04:14 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 04:14 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 04:14 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 04:14 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 04:14 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 04:14 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 04:14 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 04:14 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 04:14 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 04:14 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 04:14 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 04:14 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 04:14 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 04:14 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 04:14 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 04:14 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 04:14 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 04:14 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 04:14 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 04:14 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 04:14 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 04:14 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 04:14 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 04:14 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 04:14 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 04:14 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 04:14 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 04:14 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 04:14 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 04:14 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 04:14 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 04:14 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 04:14 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 04:14 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 04:14 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 04:14 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 04:14 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 04:14 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 04:14 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 04:14 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 04:14 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 04:14 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 04:14 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 04:14 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 04:14 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 04:14 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 04:14 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 04:14 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 04:14 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 04:14 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 04:14 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 04:14 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 04:14 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 04:14 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 04:14 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 04:14 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 04:14 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 04:14 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 04:14 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 04:14 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 04:13 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 04:13 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 04:13 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 04:13 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 04:13 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 04:13 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 04:13 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 04:13 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 04:13 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 04:13 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 04:13 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 04:13 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 04:13 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 04:13 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 04:13 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 04:13 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 04:13 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 04:13 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 04:13 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 04:13 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 04:13 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 04:13 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 04:13 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 04:13 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 04:13 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 04:13 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 04:13 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 04:13 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 04:13 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 04:13 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 04:13 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-12 04:12 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 04:12 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-10 19:13 - 2014-11-24 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 17:23 - 2014-11-08 17:23 - 00000000 ____D () C:\Users\martin\Downloads\admiration_pains
2014-11-08 17:22 - 2014-11-08 17:22 - 00000000 ____D () C:\Users\martin\Downloads\art_brewery
2014-11-08 17:20 - 2014-11-08 17:20 - 00603649 _____ () C:\Users\martin\Downloads\billy_argel_font.zip
2014-11-08 17:20 - 2014-11-08 17:20 - 00417672 _____ () C:\Users\martin\Downloads\admiration_pains.zip
2014-11-08 17:20 - 2014-11-08 17:20 - 00336098 _____ () C:\Users\martin\Downloads\art_brewery.zip
2014-11-02 14:51 - 2014-11-02 14:51 - 00051813 _____ () C:\Users\martin\Desktop\Australian-Fruit-Bat.jpeg
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-29 20:04 - 2013-10-05 10:14 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-29 20:03 - 2013-09-15 13:31 - 00000000 ____D () C:\FRST
2014-11-29 19:46 - 2011-12-08 10:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-29 19:32 - 2010-10-02 17:53 - 01440648 _____ () C:\Windows\WindowsUpdate.log
2014-11-29 19:23 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-29 19:23 - 2009-07-13 20:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-29 19:21 - 2012-03-22 18:11 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001UA.job
2014-11-29 19:16 - 2013-10-05 10:14 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-29 19:16 - 2011-04-19 21:08 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-29 19:16 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 19:16 - 2009-07-13 20:51 - 00157391 _____ () C:\Windows\setupact.log
2014-11-29 19:15 - 2010-10-02 18:42 - 01097930 _____ () C:\Windows\PFRO.log
2014-11-29 19:14 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-11-29 19:13 - 2013-09-15 13:30 - 02117632 _____ (Farbar) C:\Users\martin\Desktop\FRST64.exe
2014-11-29 17:59 - 2012-04-22 16:18 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{C00865B2-E860-4FF2-B3B2-2F2536CD29AD}
2014-11-29 16:21 - 2012-03-22 18:11 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-834785317-2334666246-2197150166-1001Core.job
2014-11-29 11:36 - 2014-09-07 10:06 - 00000000 ____D () C:\Users\martin\Downloads\FRST-OlderVersion
2014-11-29 11:00 - 2011-05-06 18:57 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-29 09:08 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Branding
2014-11-28 16:03 - 2014-04-15 18:02 - 00001033 _____ () C:\Users\Public\Desktop\Scribus 1.4.3.lnk
2014-11-27 18:21 - 2014-04-27 18:17 - 00000000 ____D () C:\AdwCleaner
2014-11-26 08:46 - 2011-12-08 10:52 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 08:46 - 2011-12-08 10:52 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 08:46 - 2011-09-30 15:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 16:07 - 2013-10-05 10:15 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-24 21:04 - 2013-09-15 13:22 - 00106410 _____ () C:\Users\martin\Downloads\OTL.Txt
2014-11-24 20:49 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 20:44 - 2011-12-08 20:09 - 00000000 ____D () C:\Users\martin\AppData\Local\CrashDumps
2014-11-24 20:35 - 2009-07-13 18:34 - 00000505 _____ () C:\Windows\win.ini
2014-11-24 14:17 - 2010-10-02 17:58 - 00000000 ____D () C:\Users\martin
2014-11-20 17:19 - 2013-01-22 21:14 - 00000000 ____D () C:\Users\martin\AppData\Roaming\gtk-2.0
2014-11-20 17:19 - 2013-01-21 13:26 - 00000000 ____D () C:\Users\martin\.gimp-2.6
2014-11-17 15:34 - 2012-12-13 15:24 - 00000000 ____D () C:\Users\martin\AppData\Roaming\.minecraft
2014-11-13 08:59 - 2013-10-05 10:14 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-13 08:59 - 2013-10-05 10:14 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-13 04:24 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-13 03:34 - 2009-07-13 20:45 - 00305872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 03:31 - 2014-05-07 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-13 03:14 - 2010-10-02 18:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-13 03:10 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 03:03 - 2010-10-05 20:38 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-08 17:27 - 2010-10-02 18:34 - 00069528 _____ () C:\Users\martin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-02 13:21 - 2010-10-07 21:21 - 00000000 ____D () C:\ProgramData\Adobe
2014-11-02 13:21 - 2010-10-02 18:19 - 00000000 ____D () C:\Users\martin\AppData\Roaming\Adobe
2014-10-30 03:25 - 2012-02-28 10:32 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\martin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptlnk5f.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-25 00:39
 
==================== End Of Log ============================

  • 0

#35
zep516
Posted 29 November 2014 - 10:23 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
OK

This should be the last scan, it's an online scan called ESET and it can take a "long" time. You can post it tomorrow. Certainly don't wait for it to finish,

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET scan results in your next reply.
  • 0

#36
Lauriek44
Posted 29 November 2014 - 10:28 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

Okie Dokie.  :)


  • 0

#37
Lauriek44
Posted 30 November 2014 - 09:37 AM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c7265979bd38c2469d5e1b1f46ea9ba7
# engine=21329
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-30 11:19:08
# local_time=2014-11-30 03:19:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 5821695 58537264 0 0
# scanned=597624
# found=154
# cleaned=0
# scan_time=23631
sh=E5AD99CE7C7362CA566156033ECB0F04F9437CA7 ft=1 fh=f45d83e01e1c8734 vn="Win32/Toolbar.Conduit.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FLV_Runner_B\FLV_Runner_BToolbarHelper.exe.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FLV_Runner_B\ldrtbFLV_.dll.vir"
sh=5EE65EA7EF92065DC846FDFF82EC7C17D4EFABA0 ft=1 fh=d5b340dbc01e62a5 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FLV_Runner_B\tbFLV_.dll.vir"
sh=8F070D36BA757747527BDF3736EFCBBE1D051B0A ft=1 fh=92aee2bc5570ebe1 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialApp.dll.vir"
sh=B67DF0C86BF6403B0AC8E1DC26A078C678EFC74C ft=1 fh=b945d4e158c45c12 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialEng.dll.vir"
sh=E869D3646D89D4514F947304703F0483029F6CAF ft=1 fh=9691cee157383ff8 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialsrv.exe.vir"
sh=3246C5908CCDBA82B39C3A0E05285299C4B2CADA ft=1 fh=f7922527b1859756 vn="a variant of Win32/Toolbar.Montiera.F potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll.vir"
sh=8F6145BD8F0880546E45BA03E013B958F7C5B7EC ft=1 fh=ec51ffcf586b9fa0 vn="a variant of Win32/Toolbar.Escort.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mysearchdial\1.8.21.0\bh\mysearchdial.dll.vir"
sh=8FFC07F4649D0C8069F0997F8C35027038A46851 ft=1 fh=1016fc79383bf32e vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcastdx.dll.vir"
sh=FC76761308626483B8D915D65C4F0420C5B83A69 ft=1 fh=c70d7a0404f5dc5d vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfin_portal\comcasttb.dll.vir"
sh=2EE0AAF575D86EF5A93B01C7EC03EBF926CA4147 ft=1 fh=d82e726e69eec8ce vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\hk64tbFLV0.dll.vir"
sh=C1C547EE61E369232A71086B14C3DA1EA0F5DFEC ft=1 fh=2f7a5f77aa61c184 vn="Win64/Toolbar.Conduit.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\hk64tbFLV2.dll.vir"
sh=D4FEA02B7EEC13FA4944AA276F160B1FCE078AB3 ft=1 fh=901bf430c96d23b4 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\hktbFLV0.dll.vir"
sh=F59FAFF6995AAE4B0EEED57F6035FE33CD92666F ft=1 fh=6dd03b204708c051 vn="Win32/Toolbar.Conduit.W potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\hktbFLV2.dll.vir"
sh=BCAA26922FC5A4BB3E9FEA7D29C525BB33D16572 ft=1 fh=e670698edca7a71b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\ldrtbFLV0.dll.vir"
sh=0426FF7F92792C8E0202A07286A02371FD4DB89C ft=1 fh=bb71dc653bc49e1b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\ldrtbFLV2.dll.vir"
sh=EB2BBCB97120C69F0E738DF9B521BCAD4CA1DCC8 ft=1 fh=5a1211cb00ea2a3d vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\ldrtbFLV_.dll.vir"
sh=31E93E104678E9814A5E5D43A73387819E6282E5 ft=1 fh=b31cd14a0801e57c vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\tbFLV0.dll.vir"
sh=CCAAB1BBEDE73F8187653E6DB58E39280C519984 ft=1 fh=a88cb9783b3399c4 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\tbFLV1.dll.vir"
sh=A54B27FD7BD7B1EC1F3101502836C620D6F11639 ft=1 fh=c01b70bae45c3c6e vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\tbFLV2.dll.vir"
sh=5EE65EA7EF92065DC846FDFF82EC7C17D4EFABA0 ft=1 fh=d5b340dbc01e62a5 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\tbFLV_.dll.vir"
sh=B5C93DA0C608B26C9487ABC49CCB643C9A15ED33 ft=1 fh=75f1c65aa8a331ed vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\LocalLow\FLV_Runner_B\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir"
sh=5FAFDC5C2F7BB903DE8A7BBBDB20D518949721B8 ft=1 fh=fb35a249052591d3 vn="a variant of Win32/DealPly.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\martin\AppData\Roaming\Mysearchdial\UpdateProc\UpdateTask.exe.vir"
sh=743DD11820CF2DEA799E513CE0FF3ACEC4810109 ft=1 fh=ccef2d1099945ada vn="a variant of Win64/BrowseFox.CG potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{b6f164a0-5e01-4c08-b4af-72276812d17d}Gw64.sys.vir"
sh=E1BC84D2BB2979ADF1C2186373466D84D9668397 ft=1 fh=c37c8a0557a185bf vn="a variant of Win64/BrowseFox.CG potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}Gw64.sys.vir"
sh=B7B7F255B8BC18F4CF678FA3715DA49DCD95C5F1 ft=1 fh=9b0811aae5f3eebf vn="a variant of Win64/BrowseFox.CG potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{fa03420d-05ef-4826-9373-bf3c8734921f}Gw64.sys.vir"
sh=A7A6725780658F7EE98437003862828A54123858 ft=1 fh=4d5640f0dd0e247e vn="Win32/Toolbar.MyWebSearch.T potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\NPu4Stub.dll"
sh=99DF98DFEF4B483889FA88162D20EE46340A5DBE ft=1 fh=e6e2c196b2ffcb6f vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4auxstb.dll"
sh=93AB50AC61F281F1B6B86D414F09F2FD85BC6826 ft=1 fh=514b2e214d776111 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4bar.dll"
sh=56CF4F2AC44C6ADD5CDCD419BA4B99D22DC7A0E3 ft=1 fh=46ed14ba69906e9f vn="Win32/Toolbar.MyWebSearch.X potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4barsvc.exe"
sh=0F78FE90AF015B0A511EDE007BD1791A341E891E ft=1 fh=d4fd6df3b7cf992d vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4brmon.exe"
sh=BAEFCB03679575349E01668C4F0938643BAAA022 ft=1 fh=45ba6b521529362d vn="a variant of Win32/Toolbar.MyWebSearch.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4datact.dll"
sh=0C88EFCFA1C77D597111125A6C031CEB47B18BA7 ft=1 fh=b856def4c7346ea3 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4dlghk.dll"
sh=2CA2EA6CF1AD1FE87C25D4AB6B1C7729E48C6390 ft=1 fh=a34a8b9082c46c86 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4feedmg.dll"
sh=9788294F2B8AB28DBAE4C73BB61A6B1200BDD89D ft=1 fh=af8ed8fd644fe8ac vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4highin.exe"
sh=9D54BAF23397E5F1444BC6471052AD234B76FBD3 ft=1 fh=2ab58862c927227b vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4hkstub.dll"
sh=DE2EB55FF05D07B38012D152642C0336D32E7809 ft=1 fh=f21a5ed988655b97 vn="a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4html.dll"
sh=53F3044159FFCF82C746898941DBE3DC2AC9A24C ft=1 fh=09fa8c8598e549f8 vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4htmlmu.dll"
sh=978867B422339E68971E56C49C66F14F2ACD745D ft=1 fh=dd289cd2c7a55037 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4httpct.dll"
sh=DC971C75FFCE77CC952FB6660A2603E09D62D4D9 ft=1 fh=ac2f97e786bfc982 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4idle.dll"
sh=92AC05FFF3AD68271062A3DCB87E12EE6B816DDB ft=1 fh=acec1e59f99ab2fd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4ieovr.dll"
sh=5AE09DF85A30864BBE5F3E6D782358C8F95CDB95 ft=1 fh=a6fc020f2a9ed637 vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4impipe.exe"
sh=556C4FCA5D890F17B7B5040A601B42452A205E29 ft=1 fh=0f2a31b21601aeb5 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4medint.exe"
sh=3EB4A6A25199E6339EC04F36189C71738DE63CE7 ft=1 fh=eafb3b5bfaf84345 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4mlbtn.dll"
sh=DFD07B722E317D1CDDAAB7D5B31BFAB57CC5E739 ft=1 fh=507b4871517a4ad4 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4msg.dll"
sh=A3FCA13DCA3F6ACF7179CE50306B3677E210F39C ft=1 fh=9520bb178b0238b6 vn="a variant of Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4Plugin.dll"
sh=C5F26031D5E0C487BFF0D60AA44603135BF60395 ft=1 fh=a846ae5344ec78c3 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4regfft.dll"
sh=65D604A070334183E5034CDEEC5838E46D705794 ft=1 fh=3d9a604351eb1640 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4regiet.dll"
sh=72E48F7F37E208A52AD975EAECAB29FC50223C27 ft=1 fh=958a563919bf5cc2 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4script.dll"
sh=857980A7B7AB77FF8E34A090CCD76B8BA628E7E4 ft=1 fh=6c9ac10ea3ee1cdd vn="a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4skin.dll"
sh=496310EE0816B49176E03226DB102FAE9AA452B4 ft=1 fh=ceffc168909c0690 vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4sknlcr.dll"
sh=F5946D49A70A64072739370E7BAD592FE4799EA1 ft=1 fh=5bc3efb780caf8fa vn="Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4skplay.exe"
sh=BE21D76E502D546B2D88093E13F07923EB59380B ft=1 fh=7424967c664ed914 vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4SrcAs.dll"
sh=585A73EB1DFA6B0B5C5FF5D76212FD8D0CEF4DF4 ft=1 fh=4b5f86942f564423 vn="a variant of Win32/Toolbar.MyWebSearch.W potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4SrchMn.exe"
sh=E401834E35441DF1CC412899E414AE3B2B8DE716 ft=1 fh=e8bc1bdf2723b0bb vn="a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4tpinst.dll"
sh=110033F4A78DCA521E8BA73F75747E4E3B6AE545 ft=1 fh=21686246ae128bdd vn="Win32/Toolbar.MyWebSearch.AA potentially unwanted application" ac=I fn="C:\FRST\Quarantine\1.bin\u4uabtn.dll"
sh=2689922B8BDB2CC88DEE4DB3424B874DC22CD1C3 ft=1 fh=847ac9f5e34ee07f vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Free PC Diagnosis\aspcom.exe"
sh=27787D2C82A0DB71F6E0B98D3DEEBD56E80DB4B4 ft=1 fh=2c6722f463d9b473 vn="a variant of MSIL/AdvancedSystemProtector.F potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Free PC Diagnosis\scandll.dll"
sh=1840FA61272181B84259639C1530AF1466CAB31C ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopkldoembhleihlknjnmppilpckfila\1.0.1_0\background.js"
sh=44AA805FD88294DD3FB44396734DED0433AD6B5D ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopkldoembhleihlknjnmppilpckfila\1.0.1_0\content.js"
sh=2DFF263A3A0B5F39DC10F089C4EB94BCFED43CC2 ft=1 fh=4047fa673d331c05 vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Program Files (x86)\Hardware Helper\HHSmartScan.exe"
sh=25A3E3DB56BCD8F6FFF024E08B04BABBF5CE0EC2 ft=1 fh=89a2cc2793c52da4 vn="a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Uninstall Fun Web Products.dll.vir"
sh=36C6FCD5BD908BD1E161D6DA128C7665EE0D0DD9 ft=1 fh=e90296eacca324e7 vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir"
sh=25A3E3DB56BCD8F6FFF024E08B04BABBF5CE0EC2 ft=1 fh=89a2cc2793c52da4 vn="a variant of Win32/Toolbar.MyWebSearch.K potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir"
sh=CFF5B1FF43F10A37EF14F3E970E74BF0108F4AD7 ft=1 fh=3dc56c06f041d957 vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir"
sh=E740917F2CDFF0F227F1A22E3F986001B8772AC6 ft=1 fh=92baf1055214ccfb vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir"
sh=60065E95C514902235501265E560A765EB564A33 ft=1 fh=da8a5a843eb1e503 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Users\martin\AppData\Local\SupportSoft\ComcastUI\martin\CACHE\5599fea7-b9d0-4c48-84c3-66d697784679.exe"
sh=1A335BCE3D8EA7159021C1828AC99DEE65DC2F8D ft=1 fh=35b9ac03c7466f94 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\martin\AppData\Roaming\Blitware\DriverRobot\updates\2.5.4.2\driverrobot_setup.exe"
sh=FC8DC57ACEBF0B345CEB30D682022C3997D1741B ft=1 fh=63c0eb49fb0dd1a8 vn="a variant of Win32/InstallCore.QV potentially unwanted application" ac=I fn="C:\Users\martin\Downloads\CR_Downloader_for_desmume.exe"
sh=C6C91A64810D7CD0ECE0EFCC0973689CAE8ED231 ft=1 fh=f64f4ef206e7a98c vn="a variant of Win32/Adware.SpeedingUpMyPC.C application" ac=I fn="C:\Users\martin\Downloads\hardware-helper-133.exe"
sh=90AC7124AD9F3E43BB8048760308F73581546C52 ft=1 fh=c1a012b9361bd0ff vn="a variant of Win32/Systweak.H potentially unwanted application" ac=I fn="C:\Users\martin\Downloads\wzdu18.exe"
sh=EEAB6AF418A1036E83496321452452112DC3DE1A ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Windows\Installer\33e5ef8.msi"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=C1531EB28936490DBB2D6851A50DFDE5FDE177D0 ft=1 fh=1b86bd35bdcb507a vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Application Data\Temp\setup.exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Application Data\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=C1531EB28936490DBB2D6851A50DFDE5FDE177D0 ft=1 fh=1b86bd35bdcb507a vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Temp\setup.exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Local\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=C8CD12B9993B6742A3DD4145743C8805548398A6 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\AppData\Roaming\Absolute Poker\DownLoadInst\mainclient.exe.gzi"
sh=C8CD12B9993B6742A3DD4145743C8805548398A6 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Application Data\Absolute Poker\DownLoadInst\mainclient.exe.gzi"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=C1531EB28936490DBB2D6851A50DFDE5FDE177D0 ft=1 fh=1b86bd35bdcb507a vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Local Settings\Temp\setup.exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Local Settings\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Local Settings\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Local Settings\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\martin\Local Settings\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=7FAEB0EB32349D06F9CE188F9683A27DF27DEB21 ft=1 fh=da5e9682da81f8f8 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Windows.old\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe"
sh=DEE1C6D7A6FFBA8932C3ADE95C53EFF7098B6970 ft=1 fh=3c03f9549243ce7e vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Windows.old\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=C1531EB28936490DBB2D6851A50DFDE5FDE177D0 ft=1 fh=1b86bd35bdcb507a vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\martin\AppData\Local\Temp\setup.exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\AppData\Local\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\AppData\Local\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\AppData\Local\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\AppData\Local\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=C8CD12B9993B6742A3DD4145743C8805548398A6 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\AppData\Roaming\Absolute Poker\DownLoadInst\mainclient.exe.gzi"
sh=C8CD12B9993B6742A3DD4145743C8805548398A6 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Themida potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\Application Data\Absolute Poker\DownLoadInst\mainclient.exe.gzi"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\Local Settings\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=C1531EB28936490DBB2D6851A50DFDE5FDE177D0 ft=1 fh=1b86bd35bdcb507a vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\Windows.old\Users\martin\Local Settings\Temp\setup.exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\Local Settings\Temporary Internet Files\Content.IE5\66SRHVCR\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\Local Settings\Temporary Internet Files\Content.IE5\OB5NX8OY\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\Local Settings\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[1].exe"
sh=63281BDF8747BB05DDD2E2DD46BCD5085EA2BEF5 ft=1 fh=63615bc34ac973d7 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="C:\Windows.old\Users\martin\Local Settings\Temporary Internet Files\Low\Content.IE5\QFZADKFK\SoftonicDownloader_for_ccleaner[2].exe"
sh=ED0BB5C058DD66D8CF7FC430901119E5FA9460E8 ft=1 fh=493186a480a7c1be vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09072014_092504\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=3009704625F497D74601071243D3260D3C026D48 ft=1 fh=29c0ddfe71de86ad vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09072014_092504\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=68E215FD9A959DD28595B0DA25EC5100EFB98253 ft=1 fh=50730cf0e69141f8 vn="a variant of Win32/ClientConnect.A potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09072014_092504\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09162013_193704\C_Users\martin\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z\Zip Opener Packages\uninstaller.exe"
sh=5449B1EA961D3BAB11C99F521BE7C58AED9D123F ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bopkldoembhleihlknjnmppilpckfila.crx"
sh=31A74D2F7F3A67BF1E09343B8E9E79B47D6D727E ft=1 fh=9f92740e34160883 vn="a variant of Win32/BrowseFox.O potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\BrowseStudiobho.dll"
sh=9537F09DAD2B71593EE5BFA9872461E3F3AE13EB ft=1 fh=4c2732880ea80f25 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\updateBrowseStudio.exe"
sh=30B14D65D1A0D87E28C7E84EB9F279C28AB267E2 ft=1 fh=5073d5ec9cb63391 vn="a variant of Win32/BrowseFox.N potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\b6f164a05e014c08b4af.dll"
sh=C534D5EE36B31B70C7B4F215883A6002D56FAE74 ft=1 fh=eef053cde8f1dbe7 vn="a variant of Win64/BrowseFox.CI potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\b6f164a05e014c08b4af64.dll"
sh=091097A81F9CA5C0C15C19DF5D7897E301AC38EB ft=1 fh=d970406c4737a803 vn="a variant of Win32/BrowseFox.R potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOAS.exe"
sh=388A4A477E8B4694FBF3F2D017D9FBAC89863AB3 ft=1 fh=2a370aa8d8c8e730 vn="a variant of Win32/BrowseFox.R potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASHelper.exe"
sh=863CBF90838EC588359F45EDD057AFFB5F689251 ft=1 fh=5112486e264f37fe vn="a variant of Win32/BrowseFox.R potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\BrowseStudio.BOASPRT.exe"
sh=5391F0B999D411B4BF5270BE64A9831CC609A7D2 ft=1 fh=eb45450c62bc388d vn="a variant of Win64/BrowseFox.B potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\BrowseStudio.BrowserAdapter64.exe"
sh=227CFCF48FDC780E3BEE2D65BC1670161F21DAA8 ft=1 fh=1f4525fe4247ee47 vn="a variant of Win32/BrowseFox.N potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\e8294a7e84424f3a8722.dll"
sh=36510B41809931F7A672CBA0B33863A8F3F96B02 ft=1 fh=63efc40bf9887e4f vn="a variant of Win64/BrowseFox.CI potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\e8294a7e84424f3a872264.dll"
sh=1F1C1BD85053711979D32E501738FA8B7F859075 ft=1 fh=2d9dcc83561d7e40 vn="a variant of Win32/BrowseFox.N potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\fa03420d05ef48269373.dll"
sh=97210C3A8733EDD441F5D2FF09E4A5D498E60E5B ft=1 fh=2abce1943e9a068a vn="a variant of Win64/BrowseFox.CI potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\fa03420d05ef4826937364.dll"
sh=53D4FE83F62B65C9B332F77288D6EE125EE6394E ft=1 fh=26f8c555e7fab542 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\utilBrowseStudio.exe"
sh=B19654A2C39F463681B979D08B2C54E5CC2B0726 ft=1 fh=e9bce43b4b8ccc86 vn="a variant of Win32/BrowseFox.M potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\{b6f164a0-5e01-4c08-b4af-72276812d17d}.dll"
sh=A8A317CCD954D91A76E37945E34293E184C885AF ft=1 fh=aff6f16e96f50e31 vn="a variant of Win64/BrowseFox.CH potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\{b6f164a0-5e01-4c08-b4af-72276812d17d}64.dll"
sh=F079AAB25F8AE9312498362AB81D273F8D9145DC ft=1 fh=3a485f6566824d04 vn="a variant of Win32/BrowseFox.M potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}.dll"
sh=BD43EE03CB1B95B49314E33DC4FD33B14E29BB2A ft=1 fh=45fda734b9247bd1 vn="a variant of Win64/BrowseFox.CH potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\{e8294a7e-8442-4f3a-8722-cb5c3f67ed67}64.dll"
sh=FDEBB4D8E8580824E97DE810DF8C7E5B0175B9B4 ft=1 fh=d5061ac14260af13 vn="a variant of Win32/BrowseFox.M potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\{fa03420d-05ef-4826-9373-bf3c8734921f}.dll"
sh=11F6BEFCFA6C94A50876CEAC1450F9FE1E5A0DCD ft=1 fh=eda1c9e917f7c998 vn="a variant of Win64/BrowseFox.CH potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\{fa03420d-05ef-4826-9373-bf3c8734921f}64.dll"
sh=9024BAAF93FBCF46A342DEF1632BF9A6640A6E13 ft=1 fh=17a7ebeee293e2ab vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.BOAS.dll"
sh=EF1D528881D9A1ABC9F77807EB393F832CAE3CE0 ft=1 fh=0325ade28bc27c4d vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.Bromon.dll"
sh=F531733B0C84E3A4B6E4DEECF4E6E6F06C8331BF ft=1 fh=5d6f695cf3734159 vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.BroStats.dll"
sh=C7C49AC2706B25416C15DD64BCBE30797DA1BF90 ft=1 fh=1d5679dafb68bdce vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.BRT.dll"
sh=78B5F7EACC3B1048D80CA567A25EA511EA3B7620 ft=1 fh=1742a418eceb0a1f vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.CompatibilityChecker.dll"
sh=0D6D796F3AD3D290B33D95DD34C45E12ABE5FCE9 ft=1 fh=971aca21dfcd250b vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.GCUpdate.dll"
sh=62AC447F69AF3B4F94523D1087E1AE23E5660158 ft=1 fh=889ef5b12eaa158b vn="a variant of MSIL/BrowseFox.G potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\11242014_203138\C_Program Files (x86)\BrowseStudio\bin\plugins\BrowseStudio.PurBrowseG.dll"

  • 0

#38
zep516
Posted 30 November 2014 - 01:45 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Nice work, you're an expert now.

Everything is already in Quarantine as ESET shows. I want you to run Malwarebytes on a weekly schedule from now on. You had a lot of adware.

How is the computer ?

Stick around and we will remove all the tools we used to do the fixing.

Joe
  • 0

#39
Lauriek44
Posted 30 November 2014 - 01:58 PM

Lauriek44

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts

I am so not an expert.  The computer seems all better.  I appreciate your help so very much!!!  Thank you


  • 0

#40
zep516
Posted 30 November 2014 - 02:00 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

Advertisements

#41
zep516
Posted 05 December 2014 - 03:33 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP