Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer running slow and browser not blocking popups


  • Please log in to reply

#1
Zambian

Zambian

    Member

  • Member
  • PipPip
  • 66 posts

Hi please help me to clean up my computer, I have been having problems with advertising popups so i changed from Firefox to Chrome hoping this would clear the problem, because when i clear the addons they are being reinstalled by some malware im guessing. This morning when i booted up my computer Microsoft Essentials would not switch on so i went to Windows help and was directed to some program that claimed to repair windows Vista and also cleared all problems such as viruses, it was a scam, but i did run the program and it identified a number of issues which could be fixed at a price, that was when i uninstalled that program. I no longer use my computer as much as i used to because i find it more conveniant on a tablet so i do not know where i could have picked up some nasties but they may have been hiding away for some time, pity they don't die of old age.

 

 

 

 

 

 

 

 

 

Here are my OTL logsOTL logfile created on: 23/02/2015 10:54:28 AM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Davie\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
 
3.25 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 53.41% Memory free
6.71 Gb Paging File | 5.31 Gb Available in Paging File | 79.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 410.46 Gb Total Space | 254.50 Gb Free Space | 62.00% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.16 Gb Free Space | 47.75% Space Free | Partition Type: NTFS
Drive F: | 40.23 Gb Total Space | 40.10 Gb Free Space | 99.68% Space Free | Partition Type: NTFS
 
Computer Name: DAVIE-PC | User Name: Davie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/02/23 10:53:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Davie\Downloads\OTL.exe
PRC - [2015/02/11 09:12:26 | 042,555,824 | ---- | M] (Dropbox, Inc.) -- C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2015/02/08 12:48:41 | 000,283,432 | ---- | M] (Dell) -- C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
PRC - [2015/02/08 12:02:41 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
PRC - [2015/02/04 17:02:55 | 000,843,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2015/01/14 18:04:24 | 006,079,848 | ---- | M] (Reimage®) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe
PRC - [2015/01/14 18:04:00 | 005,609,312 | ---- | M] (Reimage®) -- C:\Program Files\Reimage\Reimage Protector\ReiSystem.exe
PRC - [2014/12/29 23:13:54 | 004,686,336 | ---- | M] () -- C:\Windows\rcore.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/11/22 02:41:50 | 005,282,584 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2014/10/27 19:00:00 | 000,565,616 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2014/09/29 21:00:28 | 000,623,064 | ---- | M] () -- C:\Program Files\Universal Updater\UpdaterService.exe
PRC - [2014/09/24 01:55:38 | 000,404,992 | ---- | M] () -- C:\Program Files\Universal Updater\CrashMon.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/08/13 15:13:56 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2010/05/20 15:27:24 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/04/11 14:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/13 16:33:10 | 001,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/01/21 10:23:32 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Mail\WinMail.exe
PRC - [2007/11/21 10:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2015/02/23 10:29:03 | 000,043,008 | ---- | M] () -- c:\Users\Davie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpadn91b.dll
MOD - [2015/02/11 05:00:30 | 000,750,080 | ---- | M] () -- C:\Users\Davie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2015/02/11 05:00:30 | 000,047,616 | ---- | M] () -- C:\Users\Davie\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2015/02/11 05:00:28 | 000,865,280 | ---- | M] () -- C:\Users\Davie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2015/02/11 05:00:28 | 000,200,704 | ---- | M] () -- C:\Users\Davie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2015/02/04 17:02:51 | 009,170,760 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
MOD - [2014/10/17 03:21:07 | 000,223,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\7c1c70a15ac0d8b5995d970def1d0502\VistaBridgeLibrary.ni.dll
MOD - [2014/10/17 03:21:06 | 001,523,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\14116a6a4a64068b7a119582663c2406\DellDock.ni.exe
MOD - [2014/10/17 03:21:05 | 000,061,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\43fec4c1db6ed0acd35eceb392340e4e\MyDock.Util.ni.dll
MOD - [2014/10/17 03:21:03 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\738c8aa4347b36988f555005a63cb9a0\System.Management.ni.dll
MOD - [2014/10/17 03:20:56 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a98a13deac020eca5e7dcb5ebb2b7414\System.Configuration.ni.dll
MOD - [2014/10/17 03:19:31 | 005,465,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a224433c0fb9281862f36823e86822fc\System.Xml.ni.dll
MOD - [2014/10/17 03:19:17 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f32d5986039f142f6e4f412de7c8901c\System.Windows.Forms.ni.dll
MOD - [2014/10/17 03:19:09 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\65897bde93bce2462330f19ef677477d\System.Drawing.ni.dll
MOD - [2014/10/17 03:18:14 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cf2c94955471d68d3708b1fbf613ae46\System.ni.dll
MOD - [2014/09/24 01:55:38 | 000,404,992 | ---- | M] () -- C:\Program Files\Universal Updater\CrashMon.exe
MOD - [2014/09/11 20:55:22 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll
MOD - [2008/06/13 19:34:14 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (sprtsvc_dellsupportcenter)
SRV - [2015/01/14 18:04:24 | 006,079,848 | ---- | M] (Reimage®) [Auto | Running] -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe -- (ReimageRealTimeProtector)
SRV - [2015/01/09 15:51:15 | 002,726,256 | ---- | M] (Small Island Development) [Auto | Stopped] -- C:\ProgramData\gOjBPpYFxS\bVPMWByRarU.exe -- (bVPMWByRarU)
SRV - [2015/01/06 12:52:30 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/29 23:13:54 | 004,686,336 | ---- | M] () [Auto | Running] -- C:\Windows\rcore.exe -- (rcores)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/09/29 21:00:28 | 000,623,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Universal Updater\UpdaterService.exe -- (UniversalUpdater)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/08/13 15:13:56 | 000,142,648 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/05/20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [Disabled | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/04/28 16:56:28 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 10:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\wpnfd_1_10_0_6.sys -- (wpnfd_1_10_0_6)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\Salus.sys -- (Salus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\mwiwnza4ndyyymr.sys -- (mwiwnza4ndyyymr)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\5886.tmp -- (MEMSWEEP2)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ioTablet.sys -- (ioTablet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ioFakDrv.sys -- (ioFakDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\FsUsbExDisk.SYS -- (FsUsbExDisk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Davie\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\cherimoya.sys -- (cherimoya)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Davie\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/10/01 19:54:10 | 000,040,344 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stdriverx86.sys -- (stdriver)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/06/07 15:59:54 | 000,010,632 | ---- | M] (KYE System Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ioTblMap.sys -- (ioTblMap)
DRV - [2010/12/15 15:11:46 | 000,010,624 | ---- | M] (KYE System Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ioFakMap.sys -- (ioFakMap)
DRV - [2010/10/27 18:38:21 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/07/21 16:52:14 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/21 15:03:18 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/05/20 15:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/06/10 07:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/13 19:34:12 | 003,592,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/03/06 19:44:48 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2008/01/21 10:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/19 02:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/08/05 08:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAAU
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tikotin.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {85A60A59-D3D8-468F-B598-FB4393789EF4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{85A60A59-D3D8-468F-B598-FB4393789EF4}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{95C6E439-9E8B-4858-A934-6ECF83A76EB0}: "URL" = http://search.yahoo....petb&type=10473
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.selectedEngine: "istartsurf"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: youtubedownloader%40trafficterminal.com:1.0.1
FF - prefs.js..extensions.enabledAddons: b6e4f54065ff48dd97db30ca%40c9b45f807bf54a45a4669e51c.com:0.95.38
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BF883488-0379-470e-8BF2-C5D1F3828428}: C:\Program Files\Shop For Rewards\Firefox
 
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions
[2010/02/08 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Extensions\[email protected]
[2015/02/23 09:42:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions
[2015/02/23 09:42:04 | 000,000,000 | ---D | M] (023e9ca063f347b1bcb29badf9d9ef28) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}
[2014/06/18 16:50:58 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(2)
[2015/01/01 14:13:22 | 000,000,000 | ---D | M] ("MediaPlayersvideos  1.1") -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]
[2015/01/09 15:52:31 | 000,000,000 | ---D | M] ("HQ Cinema Video 1.8V08.01") -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]
[2015/02/23 09:27:39 | 000,000,000 | ---D | M] (captiondownloaderhiephmcom) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]
[2015/02/08 10:52:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]\extensionData
[2015/02/08 10:52:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]\extensionData\plugins
[2015/02/08 10:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]\extensionData\userCode
[2015/01/09 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]\extensionData
[2015/01/09 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]\extensionData\plugins
[2015/01/09 15:52:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]\extensionData\userCode
[2014/10/21 07:29:38 | 000,009,491 | ---- | M] () (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]
[2014/12/05 19:25:27 | 000,046,596 | ---- | M] () (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]
[2014/10/04 15:24:59 | 000,008,719 | ---- | M] () (No name found) -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\extensions\[email protected]
[2014/10/08 15:27:56 | 000,003,116 | ---- | M] () -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\searchplugins\bing.xml
[2014/10/08 15:30:13 | 000,003,027 | ---- | M] () -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\searchplugins\google.xml
[2014/12/05 15:37:19 | 000,022,869 | ---- | M] () -- C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\searchplugins\Web Search.xml
[2015/01/09 15:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2015/01/09 15:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2015/02/08 12:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2015/01/09 15:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009/09/02 23:03:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2012/09/09 18:54:41 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {11111111-1111-1111-1111-110611791113} - No CLSID value found.
O2 - BHO: (HQ Cinema Video 1.8V08.01) - {11111111-1111-1111-1111-110611901161} - C:\Program Files\HQ Cinema Video 1.8V08.01\HQ Cinema Video 1.8V08.01-bho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [CrashMon] C:\Program Files\Universal Updater\CrashMon.exe ()
O4 - HKLM..\Run: [gmsd_au_38]  File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [DellSystemDetect] C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe (Dell)
O4 - HKCU..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.31.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C310A4B4-D2D0-4B83-B141-9D0887C7C045}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Davie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Davie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 05:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{12a86870-243e-11e4-af4c-00219b028d60}\Shell - "" = AutoRun
O33 - MountPoints2\{12a86870-243e-11e4-af4c-00219b028d60}\Shell\AutoRun\command - "" = K:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/02/23 09:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Reimage Protector
[2015/02/23 09:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2015/02/23 09:37:27 | 000,000,000 | ---D | C] -- C:\Windows\Temp49189D3D-F36E-6298-86B0-6AD8E0F4F57D-Signatures
[2015/02/23 09:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014
[2015/02/23 09:29:59 | 000,000,000 | ---D | C] -- C:\1dde1cb4387c5846477e94eeeafd
[2015/02/09 09:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2015/02/08 12:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/02/08 11:47:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\vmm32
[2015/02/08 11:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\59b4cf200005341
[2015/02/08 11:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\salesale
[2015/02/08 10:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Shop For Rewards
[2015/01/09 15:51:28 | 001,966,560 | ---- | C] (Enter) -- C:\Users\Davie\AppData\Roaming\VTAP.exe
 
========== Files - Modified Within 30 Days ==========
 
[2015/02/23 10:50:59 | 000,001,754 | ---- | M] () -- C:\Windows\tasks\bef5cdef-084b-4d92-858d-f3a550014277-10_user.job
[2015/02/23 10:27:05 | 000,001,334 | ---- | M] () -- C:\Windows\tasks\VTAP.job
[2015/02/23 10:26:58 | 000,004,490 | ---- | M] () -- C:\Windows\tasks\dcb6c580-3f3d-4813-a245-3d943d65eb5d-4.job
[2015/02/23 10:26:58 | 000,004,480 | ---- | M] () -- C:\Windows\tasks\bef5cdef-084b-4d92-858d-f3a550014277-4.job
[2015/02/23 10:26:58 | 000,003,470 | ---- | M] () -- C:\Windows\tasks\dcb6c580-3f3d-4813-a245-3d943d65eb5d-1.job
[2015/02/23 10:26:58 | 000,003,450 | ---- | M] () -- C:\Windows\tasks\bef5cdef-084b-4d92-858d-f3a550014277-1.job
[2015/02/23 10:26:58 | 000,002,442 | ---- | M] () -- C:\Windows\tasks\dcb6c580-3f3d-4813-a245-3d943d65eb5d-5_user.job
[2015/02/23 10:26:58 | 000,002,442 | ---- | M] () -- C:\Windows\tasks\dcb6c580-3f3d-4813-a245-3d943d65eb5d-5.job
[2015/02/23 10:26:58 | 000,002,432 | ---- | M] () -- C:\Windows\tasks\bef5cdef-084b-4d92-858d-f3a550014277-5_user.job
[2015/02/23 10:26:58 | 000,002,432 | ---- | M] () -- C:\Windows\tasks\bef5cdef-084b-4d92-858d-f3a550014277-5.job
[2015/02/23 10:26:58 | 000,002,106 | ---- | M] () -- C:\Windows\tasks\dcb6c580-3f3d-4813-a245-3d943d65eb5d-2.job
[2015/02/23 10:26:58 | 000,002,096 | ---- | M] () -- C:\Windows\tasks\bef5cdef-084b-4d92-858d-f3a550014277-2.job
[2015/02/23 10:26:58 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/23 10:26:58 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2015/02/23 10:20:59 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2015/02/23 10:16:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/02/23 10:16:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/02/23 10:16:16 | 000,315,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2015/02/23 10:16:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/23 09:58:32 | 000,000,165 | ---- | M] () -- C:\Windows\Reimage.ini
[2015/02/23 09:46:00 | 000,002,113 | ---- | M] () -- C:\Windows\epplauncher.mif
[2015/02/23 09:32:27 | 000,001,127 | ---- | M] () -- C:\Users\Davie\Desktop\Watchtower Library 2014 - English.lnk
[2015/02/16 09:39:27 | 000,001,039 | ---- | M] () -- C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2015/02/16 09:39:02 | 000,000,921 | ---- | M] () -- C:\Users\Davie\Desktop\Dropbox.lnk
[2015/02/09 08:52:35 | 000,647,404 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/02/09 08:52:35 | 000,124,404 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/02/08 12:07:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/08 12:04:10 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2015/02/23 09:54:54 | 000,000,165 | ---- | C] () -- C:\Windows\Reimage.ini
[2015/02/23 09:32:27 | 000,001,127 | ---- | C] () -- C:\Users\Davie\Desktop\Watchtower Library 2014 - English.lnk
[2015/02/08 12:04:10 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/02/08 11:48:01 | 000,001,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell ResourceCD.lnk
[2015/01/13 17:56:16 | 000,002,038 | ---- | C] () -- C:\Windows\patsearch.bin
[2015/01/13 17:56:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2015/01/09 15:51:37 | 004,686,336 | ---- | C] () -- C:\Windows\rcore.exe
[2014/10/14 07:57:25 | 000,000,150 | ---- | C] () -- C:\Windows\ODBC.INI
[2014/10/14 07:55:12 | 000,000,100 | ---- | C] () -- C:\Windows\hipro.ini
[2014/10/14 07:55:11 | 000,000,587 | ---- | C] () -- C:\Windows\connexx.ini
[2014/10/14 07:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\tg10.ini
[2014/10/14 07:54:52 | 000,000,857 | ---- | C] () -- C:\Windows\unity.ini
[2014/10/14 07:54:52 | 000,000,040 | ---- | C] () -- C:\Windows\cdctrl.ini
[2014/10/14 07:53:57 | 000,000,055 | R--- | C] () -- C:\Windows\sat.ini
[2014/10/14 07:51:52 | 000,000,315 | ---- | C] () -- C:\Windows\UIpref.ini
[2014/10/08 15:27:36 | 000,004,560 | ---- | C] () -- C:\Windows\System32\LavasoftTcpService.ini
[2014/10/08 15:27:36 | 000,002,416 | ---- | C] () -- C:\Windows\System32\LavasoftTcpServiceOff.ini
[2014/09/01 16:18:44 | 000,002,086 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\QAKOG
[2014/09/01 16:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\VTAP
[2014/09/01 16:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\LSHLRGPF
[2014/01/20 12:30:35 | 000,000,041 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\mbam.context.scan
[2013/11/29 16:24:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/29 16:24:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/29 16:24:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/29 16:24:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/29 16:24:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/11 12:15:44 | 000,013,824 | ---- | C] () -- C:\Program Files\1033.MST
[2012/09/17 13:33:44 | 000,000,288 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\.backup.dm
[2012/09/05 17:11:29 | 000,001,503 | ---- | C] () -- C:\Users\Davie\AppData\Local\recently-used.xbel
[2012/04/18 13:56:30 | 000,000,552 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d8caps.dat
[2010/02/10 17:23:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/24 16:17:41 | 000,000,140 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\wklnhst.dat
[2009/06/07 14:46:06 | 000,008,248 | ---- | C] () -- C:\Users\Davie\AppData\Local\en.ini
[2008/10/15 16:08:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008/10/12 13:48:59 | 000,026,340 | ---- | C] () -- C:\Users\Davie\AppData\Roaming\UserTile.png
[2008/09/26 11:56:49 | 000,006,836 | ---- | C] () -- C:\Users\Davie\AppData\Local\d3d9caps.dat
[2008/09/25 20:09:50 | 000,045,568 | ---- | C] () -- C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 20:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 21:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 14:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 14:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/07/04 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\20000Leagues
[2011/06/18 11:57:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Absolutist
[2013/06/16 11:11:52 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Anicesoft
[2012/01/25 14:57:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Apowersoft
[2010/11/15 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Artogon
[2013/12/24 13:18:47 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Ashampoo
[2014/12/05 16:00:33 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Awesome Duplicate Photo Finder
[2014/12/05 16:00:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Azureus
[2013/06/16 12:49:27 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\calibre
[2014/12/05 16:00:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Clickteam
[2013/08/09 17:52:42 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\DominiGames
[2015/02/23 10:29:18 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Dropbox
[2010/09/08 16:52:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\EleFun Games
[2011/01/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ElementalsTheMagicKey
[2011/04/09 13:01:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eluvo
[2008/09/29 12:23:10 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Eyeblaster
[2014/12/05 16:00:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\FreeBurner
[2014/12/05 16:00:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\GameHouse
[2010/12/28 12:55:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\HitPoint Studios
[2013/07/13 16:52:21 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\iPumper
[2011/04/18 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Meridian93
[2011/04/09 09:40:54 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Myme
[2013/09/16 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Mystery of Mortlake Mansion
[2010/04/01 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\MysteryStudio
[2012/03/08 17:19:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Natural Threat.Ominous Shores
[2014/02/14 12:03:53 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\naviextras
[2010/12/22 18:49:40 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\NCH Swift Sound
[2012/10/24 14:34:33 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OOo-dev
[2009/08/18 14:39:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\OpenOffice.org
[2013/06/19 08:25:21 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Oracle
[2015/02/08 12:38:11 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PCDr
[2008/10/12 13:48:59 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PeerNetworking
[2011/07/04 09:36:17 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\PlayFirst
[2011/01/15 20:30:29 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Raptr
[2014/12/05 16:00:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\RobinsonCrusoeOM
[2014/02/18 13:23:37 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Samsung
[2012/09/17 13:34:42 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SanDisk SecureAccess
[2013/09/18 14:24:42 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\ShamanGS
[2011/06/18 10:30:34 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Silverback Productions
[2013/09/23 12:34:14 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SMIGames
[2014/12/05 16:00:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop
[2012/01/26 15:13:02 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\SpinTop Games
[2011/01/11 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Template
[2014/12/05 16:00:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\TOMI3
[2009/10/26 14:23:51 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Uniblue
[2013/12/09 14:08:19 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\VampireSaga
[2010/12/27 18:23:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Watchtower
[2008/09/28 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Webshots
[2011/11/25 15:20:03 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Windows Live Writer
[2014/11/01 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\WinZip
[2014/08/29 16:17:36 | 000,000,000 | ---D | M] -- C:\Users\Davie\AppData\Roaming\Wondershare
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:621BEE66
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:5A9AF3C7
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:57DC3B52
@Alternate Data Stream - 781 bytes -> C:\Users\Davie\Documents\Alinta Feb. 2014.eml:OECustomProperty
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:4D8FCBEF
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:C0A1A8AA
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:55422315
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:ABE30DDB
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:77A023CE
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:EF1813D7
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:D751C674
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:A53FFC56
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0441DB7A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:6C1A9365
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D5BF78B4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:157D4840
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:83E716F0
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:872B86AD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:2F4A0A6B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:F216755A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C7F04040
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B6C77675
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:8DFE5191
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:444169A0
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:FFFCB9A9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:3E69E337
 
< End of report >

Edited by Zambian, 23 February 2015 - 12:05 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,028 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
     
     
     
    Copy the text in the code box:
     
    DRIVES
    nnetsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe
    %APPDATA%\*.
    /md5start
    rsvpsp.dll
    pnrpnsp.dll 
    nwprovau.dll
    nlaapi.dll
    napinsp.dll
    mswsock.dll
    winrnr.dll
    wshelper.dll
    services.exe
    atapi.sys
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    csrss.exe
    PrintIsolationHost.exe
    consrv.dll
    user32.dll
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %ProgramFiles%\WINDOWS NT\*.* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.
     
    Ron

    • 0

    #3
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Hello RKinner, thanks for your reply, I downloaded and ran ADWCleaner,  JRT,  and FRST, yesterday and followed the directions. but knowing i would need to run them again i deleted those logs. When i received your reply i reran first ADWCleaner and nothing was found, yesterday there were about 5 items which i removed, There was no log. I then ran JRT and here is the log

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows Vista ™ Home Premium x86
    Ran by Davie on Tue 24/02/2015 at 14:40:53.62
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 24/02/2015 at 14:42:52.05
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
    The computer is running much faster , even starts quicker, and no more popups, sorry i went ahead without you knowing and maybe wasting your time, but thanks anyway, I would not have been able to do anything without your tutorial.

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    It would be best to run the FRST scan anyway.  You have a lot of scheduled tasks that I don't recognize.  If they are still active the infection can come back to life.


    • 0

    #5
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Hello again, here are the FRST logs

     

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
    Ran by Davie (administrator) on DAVIE-PC on 25-02-2015 10:00:11
    Running from C:\Users\Davie\Downloads
    Loaded Profiles: Davie (Available profiles: Davie)
    Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Windows\vVX1000.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Google) C:\Program Files\Google\Google Talk\googletalk.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (Dell) C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Dropbox, Inc.) C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
    HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
    HKLM\...\Run: [NPSStartup] => [X]
    HKLM\...\Run: [gmsd_au_38] => [X]
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3289088 2007-11-21] (Google)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-22] (Piriform Ltd)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [DellSystemDetect] => C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-08] (Dell)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\MountPoints2: {12a86870-243e-11e4-af4c-00219b028d60} - K:\Startme.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartSHS6DBs.lnk
    ShortcutTarget: StartSHS6DBs.lnk -> C:\unity\u6app\StartSHSDBs.exe (SHS)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
    Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-30905629-1660685971-3630012643-1000 -> {95C6E439-9E8B-4858-A934-6ECF83A76EB0} URL = http://search.yahoo....petb&type=10473
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
    BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll (Google)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: MediaPlayersvideos  1.1 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-01-01]
    FF Extension: captiondownloaderhiephmcom - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-02-23]
    FF Extension: 023e9ca063f347b1bcb29badf9d9ef28 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} [2015-02-23]
    FF Extension: Flash and Video Download - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(2) [2014-06-18]
    FF Extension: No Flash - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]
    FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-12-05]
    FF Extension: Youtube downloader master - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-09]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-09]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-10]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
    CHR Extension: (Google Docs) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
    CHR Extension: (Google Drive) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08]
    CHR Extension: (YouTube) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
    CHR Extension: (Google Search) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
    CHR Extension: (Google Sheets) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
    CHR Extension: (Google Wallet) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
    CHR Extension: (Gmail) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
    S4 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd) [File not signed]
    S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
    S2 gupdate1c9a11782fb64e7; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-11-01] (Google Inc.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
    S4 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
    S2 sprtsvc_dellsupportcenter; No ImagePath
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 ioFakMap; C:\Windows\System32\DRIVERS\ioFakMap.sys [10624 2010-12-15] (KYE System Corp.)
    S3 ioTblMap; C:\Windows\System32\DRIVERS\ioTblMap.sys [10632 2011-06-07] (KYE System Corp.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
    R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-21] () [File not signed]
    R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-10-27] () [File not signed]
    R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [40344 2012-10-01] ()
    R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\Davie\AppData\Local\Temp\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\Davie\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
    S3 ioFakDrv; system32\DRIVERS\ioFakDrv.sys [X]
    S3 ioTablet; system32\DRIVERS\ioTablet.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 MEMSWEEP2; \??\C:\Windows\system32\5886.tmp [X]
    S1 mwiwnza4ndyyymr; system32\drivers\mwiwnza4ndyyymr.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-25 10:00 - 2015-02-25 10:00 - 00020846 _____ () C:\Users\Davie\Downloads\FRST.txt
    2015-02-24 14:42 - 2015-02-24 14:42 - 00000642 _____ () C:\Users\Davie\Desktop\JRT.txt
    2015-02-24 14:42 - 2015-01-23 11:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-24 14:42 - 2015-01-23 10:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-23 13:16 - 2015-02-25 10:00 - 00000000 ____D () C:\FRST
    2015-02-23 13:03 - 2015-02-23 13:03 - 01126912 _____ (Farbar) C:\Users\Davie\Downloads\FRST.exe
    2015-02-23 13:02 - 2015-02-23 13:03 - 01388274 _____ (Thisisu) C:\Users\Davie\Downloads\JRT.exe
    2015-02-23 12:59 - 2015-02-23 13:00 - 02126848 _____ () C:\Users\Davie\Downloads\AdwCleaner.exe
    2015-02-23 10:53 - 2015-02-23 10:53 - 00602112 _____ (OldTimer Tools) C:\Users\Davie\Downloads\OTL.exe
    2015-02-23 09:47 - 2014-11-26 10:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-23 09:46 - 2015-01-15 12:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-23 09:46 - 2015-01-13 09:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-23 09:46 - 2015-01-09 08:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-23 09:42 - 2015-01-14 09:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-23 09:42 - 2015-01-14 09:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-02-23 09:42 - 2015-01-14 09:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-23 09:42 - 2015-01-14 09:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-23 09:42 - 2015-01-14 09:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-23 09:42 - 2015-01-14 09:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-23 09:42 - 2015-01-14 09:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-23 09:42 - 2015-01-14 09:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-02-23 09:42 - 2015-01-14 09:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-02-23 09:37 - 2015-02-23 09:37 - 00000000 ____D () C:\Windows\Temp49189D3D-F36E-6298-86B0-6AD8E0F4F57D-Signatures
    2015-02-23 09:34 - 2014-12-08 09:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-23 09:32 - 2015-02-23 09:32 - 00001127 _____ () C:\Users\Davie\Desktop\Watchtower Library 2014 - English.lnk
    2015-02-23 09:32 - 2015-02-23 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014
    2015-02-23 09:29 - 2015-02-23 09:30 - 00000000 ____D () C:\1dde1cb4387c5846477e94eeeafd
    2015-02-09 09:48 - 2015-02-09 09:48 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-02-08 12:58 - 2014-12-19 08:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-02-08 12:53 - 2014-12-06 11:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-02-08 12:53 - 2014-12-06 11:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-02-08 12:53 - 2014-12-06 11:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-02-08 12:53 - 2014-12-06 11:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-02-08 12:46 - 2015-02-08 12:46 - 00417064 _____ () C:\Users\Davie\Downloads\DellSystemDetect.exe
    2015-02-08 12:04 - 2015-02-08 12:04 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-08 12:04 - 2015-02-08 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-02-08 12:00 - 2015-02-08 12:00 - 00880208 _____ (Google Inc.) C:\Users\Davie\Downloads\ChromeSetup.exe
    2015-02-08 11:48 - 2015-02-08 11:48 - 00001269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell ResourceCD.lnk
    2015-02-08 11:47 - 2015-02-08 11:47 - 00000000 ____D () C:\Windows\system32\vmm32
    2015-02-08 11:14 - 2015-02-08 11:14 - 00000000 ____D () C:\ProgramData\59b4cf200005341
    2015-02-08 11:11 - 2015-02-08 11:11 - 00000000 ____D () C:\ProgramData\salesale
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-25 09:59 - 2012-03-10 10:28 - 02057715 _____ () C:\Windows\WindowsUpdate.log
    2015-02-25 09:58 - 2013-06-03 15:44 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
    2015-02-25 09:57 - 2014-10-08 13:43 - 00000000 ___RD () C:\Users\Davie\Dropbox
    2015-02-25 09:57 - 2013-10-11 19:54 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Skype
    2015-02-25 09:57 - 2013-06-27 12:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Dropbox
    2015-02-25 09:55 - 2009-06-27 16:32 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-25 09:55 - 2008-08-01 17:19 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
    2015-02-25 09:55 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-25 09:55 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-25 09:55 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-24 15:37 - 2006-11-02 21:01 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-24 14:38 - 2013-11-29 15:36 - 00000000 ____D () C:\AdwCleaner
    2015-02-24 14:28 - 2013-06-03 15:44 - 00000000 ____D () C:\ProgramData\Google Updater
    2015-02-23 14:16 - 2012-05-01 18:08 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-23 14:16 - 2011-01-26 19:40 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-23 14:16 - 2011-01-26 19:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-23 13:44 - 2014-12-05 15:33 - 00000000 ____D () C:\ProgramData\gOjBPpYFxS
    2015-02-23 13:41 - 2013-08-01 18:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-23 12:19 - 2011-06-01 21:14 - 00000000 ____D () C:\Users\Davie\dwhelper
    2015-02-23 12:18 - 2012-11-29 12:51 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\vlc
    2015-02-23 10:16 - 2006-11-02 20:47 - 00315880 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-23 10:00 - 2013-08-10 10:28 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-23 09:49 - 2011-09-25 14:14 - 00000000 ____D () C:\Program Files\Watchtower
    2015-02-23 09:47 - 2006-11-02 18:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-02-16 09:39 - 2014-10-08 13:43 - 00000921 _____ () C:\Users\Davie\Desktop\Dropbox.lnk
    2015-02-16 09:39 - 2014-10-08 13:27 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-02-09 09:53 - 2009-10-26 14:48 - 00000000 ____D () C:\Users\Davie\AppData\Local\Deployment
    2015-02-09 09:52 - 2013-11-18 16:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    2015-02-09 09:49 - 2013-11-29 10:55 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-09 09:49 - 2008-08-01 17:17 - 00000000 ____D () C:\Program Files\Java
    2015-02-09 09:47 - 2014-10-26 18:09 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-02-09 09:47 - 2014-10-26 18:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-02-09 08:52 - 2006-11-02 18:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-09 08:48 - 2015-01-09 15:54 - 00000000 ___HD () C:\Users\Public\Temp
    2015-02-08 12:43 - 2013-05-22 18:45 - 00000000 ____D () C:\Program Files\My Dell
    2015-02-08 12:18 - 2015-01-09 15:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-02-08 12:07 - 2009-06-27 16:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-08 12:03 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Google
    2015-02-08 11:47 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Dell
     
    ==================== Files in the root of some directories =======
     
    2013-06-11 12:15 - 2013-06-11 12:13 - 0013824 _____ () C:\Program Files\1033.MST
    2012-09-17 13:33 - 2012-09-17 13:33 - 0000288 _____ () C:\Users\Davie\AppData\Roaming\.backup.dm
    2014-09-01 16:18 - 2014-09-01 16:18 - 0001248 _____ () C:\Users\Davie\AppData\Roaming\LSHLRGPF
    2014-01-20 12:30 - 2014-01-20 12:30 - 0000041 _____ () C:\Users\Davie\AppData\Roaming\mbam.context.scan
    2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\Davie\AppData\Roaming\QAKOG
    2008-10-12 13:48 - 2008-10-12 13:48 - 0026340 _____ () C:\Users\Davie\AppData\Roaming\UserTile.png
    2009-09-24 16:17 - 2014-03-14 11:46 - 0000140 _____ () C:\Users\Davie\AppData\Roaming\wklnhst.dat
    2012-04-18 13:56 - 2012-04-18 13:56 - 0000552 _____ () C:\Users\Davie\AppData\Local\d3d8caps.dat
    2008-09-26 11:56 - 2012-04-18 13:56 - 0006836 _____ () C:\Users\Davie\AppData\Local\d3d9caps.dat
    2008-09-25 20:09 - 2014-10-17 21:49 - 0045568 _____ () C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2009-06-07 14:46 - 2009-06-07 14:46 - 0008248 _____ () C:\Users\Davie\AppData\Local\en.ini
    2012-09-05 17:11 - 2012-09-05 17:11 - 0001503 _____ () C:\Users\Davie\AppData\Local\recently-used.xbel
    2010-02-10 17:23 - 2010-02-10 17:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2008-10-15 16:08 - 2010-10-27 18:40 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
     
    Some content of TEMP:
    ====================
    C:\Users\Davie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpand24g.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-02-25 10:00
     
    ==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-02-2015
    Ran by Davie at 2015-02-25 10:00:53
    Running from C:\Users\Davie\Downloads
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
    AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
    Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
    ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0512.1132 - )
    Brother MFL-Pro Suite DCP-J315W (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
    Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
    ccc-core-static (Version: 2008.0512.1133.18639 - ATI) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    CONNEXX 6.5.4 (HKLM\...\{EDDF7146-1083-41CD-8D64-4D0612776D24}) (Version: 6.5.4 - Siemens Audiologische Technik GmbH)
    D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
    Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
    Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
    Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
    Dell Driver Download Manager (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\309a46b1dc89b774) (Version: 1.1.0.0 - Dell Inc.)
    Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
    Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
    Dell System Detect - 1  (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    Dropbox (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
    EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
    Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
    Google Earth (HKLM\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
    Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
    Google Talk (remove only) (HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
    Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
    Google Updater (HKLM\...\Google Updater) (Version: 2.4.1508.6312 - Google Inc.)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    LINE (HKLM\...\LINE) (Version: 3.5.2.42 - LINE Corporation)
    MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
    Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Expression Encoder 4 (HKLM\...\Encoder_4.0.3205.0) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 Screen Capture Codec (HKLM\...\{F9EC30D1-F688-4708-9850-CB5120074AAA}) (Version: 4.0.3205.0 - Microsoft Corporation)
    Microsoft Flight Simulator X Demo (HKLM\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)
    Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
    Microsoft LifeCam (HKLM\...\{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}) (Version: 3.22.270.0 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
    Naviextras Toolbox (HKLM\...\Naviextras Toolbox) (Version: 3.18.3.412849 - NNG Llc.)
    Naviextras Toolbox Prerequesities (HKLM\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OOo-dev 3.4 (HKLM\...\{1153700F-C007-4EC7-B04A-7C14D1E6E3DD}) (Version: 3.4.9583 - OpenOffice.org)
    PaperPort (HKLM\...\{A17EABB6-D0C6-44E5-820C-72DC7F495064}) (Version: 9.02.0823 - ScanSoft, Inc.)
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
    Realtek Ethernet Network Card Diagnostic tool for Windows Vista (HKLM\...\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}) (Version: 1.00 - Realtek)
    Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
    Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
    Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    SHS6 Common (HKLM\...\{7EA9F56C-DF0E-4937-BEC1-5267A61B3216}) (Version: 1.0 - Siemens Audiologische Technik GmbH)
    SHS6 Fitting (HKLM\...\{829154BB-A671-44E1-8103-28310E9BCD59}) (Version: 1.0 - Siemens Audiologische Technik GmbH)
    SIFIT (HKLM\...\{C82C3BB6-34D2-4CE3-B700-35A0C748203F}) (Version: 6.10.3.1096 - Siemens)
    Skins (Version: 2008.0512.1133.18639 - ATI) Hidden
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
    Sophos Anti-Rootkit 1.5.20 (HKLM\...\Sophos-AntiRootkit) (Version: 1.5.20 - Sophos Plc)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
    Watchtower Library 2014 - English (HKLM\...\{DB6F2EEA-CEEA-4096-8BD7-ABF100A90820}) (Version: 16.0 - Watchtower Bible and Tract Society of Pennsylvania, Inc.)
    Webshots Desktop (HKLM\...\Webshots Desktop) (Version:  - )
    Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E4}) (Version: 19.0.11293 - WinZip Computing, S.L. )
    XviD 1.1 final uninstall (HKLM\...\XviD_is1) (Version: 1.1 - XviD team (Koepi))
     
    ==================== Custom CLSID (selected items): ==========================
     
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
     
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Davie\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-30905629-1660685971-3630012643-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
     
    ==================== Restore Points  =========================
     
    14-10-2014 08:09:42 LavasoftWeCompanion
     
    ==================== Hosts content: ==========================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2006-11-02 18:23 - 2012-09-09 18:54 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1       localhost
    ::1       localhost
     
    ==================== Scheduled Tasks (whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
     
    Task: {0312CF9D-1717-4060-A541-3DFC8F9C511B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
    Task: {082A3490-8583-42FC-BA0F-D7C64C129FDD} - System32\Tasks\NCH Software\SoundTapReminder => C:\Program Files\NCH Software\SoundTap\SoundTap.exe
    Task: {1135BB68-D0B1-4B75-9817-6C5DC7F375B8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {13C7C762-BD79-45D9-A6EC-FBC2C6EF5EC1} - \NCH Swift Sound\switchSevenDays No Task File <==== ATTENTION
    Task: {159FB3A4-2583-4DDA-895C-49053F2D7B34} - \PCDEventLauncherTask No Task File <==== ATTENTION
    Task: {162F96C3-6A3D-47FC-A841-4EB4DDC66A62} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {16CEABF0-3579-493C-BAA0-782241B5781C} - System32\Tasks\{20AB9268-F0EB-4C22-9824-52FCB8E53F4A} => pcalua.exe -a E:\Install.exe -d E:\
    Task: {1A01BC66-ACE8-4EC4-AF2B-484BC686BE1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
    Task: {30346CC6-E909-47CB-8439-4E93245F0A5C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-06] (Adobe Systems Incorporated)
    Task: {3E80ED18-A603-49E0-8F63-1863070EBEA9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000UA => C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-20] (Facebook Inc.)
    Task: {43988667-0A76-474B-A024-041C76E912A5} - System32\Tasks\{A5C06A36-B431-46FF-80C4-E69B802BB2E3} => pcalua.exe -a C:\Users\Davie\Downloads\sar_15_sfx(1).exe -d C:\Users\Davie\Downloads
    Task: {482DFB24-54E0-4D8C-A8B9-38FFB7FB4613} - System32\Tasks\{4586A9F7-8D49-4011-8084-D52116E170F7} => pcalua.exe -a C:\Users\Davie\Downloads\UWC-1.6.6-setup.exe -d C:\Users\Davie\Downloads
    Task: {4C091783-B543-4FA0-A68D-423683CF0669} - System32\Tasks\{81B352EC-FEDA-4052-907C-11F251365623} => pcalua.exe -a "C:\Program Files\vghd\uninstall.exe"
    Task: {5EAF2AA1-CFE1-4A5D-9CD5-8EEDD92FE32A} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Davie => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
    Task: {648D1896-4029-4A3F-9F4C-572BC7BEF210} - System32\Tasks\{67136D08-7A91-4DFE-B7B3-3C424B54710B} => pcalua.exe -a C:\Users\Davie\Documents\EOSDemoInstaller-1.0.556e\EOSDemoInstaller-1.0.556e.exe -d C:\Users\Davie\Documents\EOSDemoInstaller-1.0.556e
    Task: {68303AE2-A8BA-446E-8818-1131643CCA35} - System32\Tasks\{5A894DF6-971E-4012-937E-867340820B50} => pcalua.exe -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe -c /M{B98A34C0-A6A2-4087-B272-557C1C6D0A07}
    Task: {6F3E3A57-9C56-4619-893B-2A6EEAC21C48} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-22] (Piriform Ltd)
    Task: {7DB29D85-BE62-4292-9BF1-E87DF4405383} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
    Task: {81F0A997-6226-446A-9214-30354B107C25} - System32\Tasks\{27EFB552-D6D8-4D1B-BF0B-6437C9ADF7DD} => pcalua.exe -a "C:\Program Files\GameHouse\The Rise of Atlantis\GDFUninstall.exe" -d "C:\Program Files\GameHouse\The Rise of Atlantis"
    Task: {8373807F-98CB-4B09-85E7-AD14798212E1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
    Task: {8FCFC650-8A05-42A0-9974-6978B9D11AC6} - System32\Tasks\{D913099B-469A-4779-A7DE-1AE0C2ADC6AE} => pcalua.exe -a C:\DELL\E-Center\UninstallTB.exe -d C:\Windows\system32
    Task: {992FEA72-5302-4BE2-B35E-B417A23AE557} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000Core => C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-20] (Facebook Inc.)
    Task: {99315673-E85E-4C73-A0B3-CA5DBA179345} - System32\Tasks\{9AEE2A97-A7DC-49C0-871E-76639E99EF06} => pcalua.exe -a C:\Users\Davie\Documents\I519-106.EXE -d C:\Users\Davie\Documents
    Task: {A32288CB-C3F2-44C1-9ACC-22F933EAE8C3} - System32\Tasks\{6107023B-40B7-4271-96BB-1F283BC5B5F9} => pcalua.exe -a "C:\Users\Davie\AppData\Roaming\Google\Google Talk\uninstall.exe"
    Task: {C3A4CBB5-F05C-4C5B-B122-041EAB8AECD6} - System32\Tasks\{04111AD4-F525-4CF7-8019-6D339CDCA81F} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
    Task: {D2F12AD7-076E-4A61-8925-8E8B64D5658A} - System32\Tasks\RtlNICDiagVistaStart => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe [2008-03-06] (Realtek)
    Task: {E714106D-3CF1-4A04-8F20-2284D92C2A09} - System32\Tasks\{73D211A9-C77E-4245-9D51-9E3F1EF57902} => pcalua.exe -a C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\Uninstaller.exe -c uninstall
    Task: {F589D1AB-5214-4408-A2D4-7CF67BFBCDBF} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe
    Task: {F98976C3-603D-4AB8-A6D2-A89EECBEB7B4} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000Core.job => C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000UA.job => C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\RtlNICDiagVistaStart.job => C:\Program Files\Realtek\RTNICDiag\RTNICDiag.exe
    Task: C:\Windows\Tasks\User_Feed_Synchronization-{482C88B6-77D7-485C-AA97-80C9C2BCAB5A}.job => C:\Windows\system32\msfeedssync.exe
     
    ==================== Loaded Modules (whitelisted) ==============
     
    2008-08-02 08:59 - 2008-06-13 19:34 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
    2015-02-11 05:00 - 2015-02-11 05:00 - 00750080 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-25 09:57 - 2015-02-25 09:57 - 00043008 _____ () c:\users\davie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpand24g.dll
    2015-02-11 05:00 - 2015-02-11 05:00 - 00047616 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\libEGL.dll
    2015-02-11 05:00 - 2015-02-11 05:00 - 00865280 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2015-02-11 05:00 - 2015-02-11 05:00 - 00200704 _____ () C:\Users\Davie\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2014-10-17 03:21 - 2014-10-17 03:21 - 00223744 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\7c1c70a15ac0d8b5995d970def1d0502\VistaBridgeLibrary.ni.dll
     
    ==================== Alternate Data Streams (whitelisted) =========
     
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
     
    AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A
    AlternateDataStreams: C:\ProgramData\TEMP:0D31DA45
    AlternateDataStreams: C:\ProgramData\TEMP:157D4840
    AlternateDataStreams: C:\ProgramData\TEMP:2F4A0A6B
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:3E69E337
    AlternateDataStreams: C:\ProgramData\TEMP:444169A0
    AlternateDataStreams: C:\ProgramData\TEMP:4D8FCBEF
    AlternateDataStreams: C:\ProgramData\TEMP:5311B0B8
    AlternateDataStreams: C:\ProgramData\TEMP:55422315
    AlternateDataStreams: C:\ProgramData\TEMP:57DC3B52
    AlternateDataStreams: C:\ProgramData\TEMP:5A9AF3C7
    AlternateDataStreams: C:\ProgramData\TEMP:621BEE66
    AlternateDataStreams: C:\ProgramData\TEMP:6C1A9365
    AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
    AlternateDataStreams: C:\ProgramData\TEMP:83E716F0
    AlternateDataStreams: C:\ProgramData\TEMP:8668AB36
    AlternateDataStreams: C:\ProgramData\TEMP:872B86AD
    AlternateDataStreams: C:\ProgramData\TEMP:89A5891E
    AlternateDataStreams: C:\ProgramData\TEMP:8DFE5191
    AlternateDataStreams: C:\ProgramData\TEMP:A53FFC56
    AlternateDataStreams: C:\ProgramData\TEMP:ABE30DDB
    AlternateDataStreams: C:\ProgramData\TEMP:B6C77675
    AlternateDataStreams: C:\ProgramData\TEMP:C0A1A8AA
    AlternateDataStreams: C:\ProgramData\TEMP:C7F04040
    AlternateDataStreams: C:\ProgramData\TEMP:D5BF78B4
    AlternateDataStreams: C:\ProgramData\TEMP:D751C674
    AlternateDataStreams: C:\ProgramData\TEMP:EF1813D7
    AlternateDataStreams: C:\ProgramData\TEMP:F216755A
    AlternateDataStreams: C:\ProgramData\TEMP:FFFCB9A9
    AlternateDataStreams: C:\Users\Davie\Documents\Alinta Feb. 2014.eml:OECustomProperty
     
    ==================== Safe Mode (whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
     
    ==================== EXE Association (whitelisted) ===============
     
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Davie\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
    DNS Servers: 192.168.0.1
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
    (Currently there is no automatic fix for this section.)
     
    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: Ati External Event Utility => 2
    MSCONFIG\Services: Brother XP spl Service => 2
    MSCONFIG\Services: BrYNSvc => 3
    MSCONFIG\Services: NAUpdate => 2
    MSCONFIG\Services: SftService => 2
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Davie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk => C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Aimersoft Helper Compact.exe => C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: autodetect => C:\Windows\system32\SupportAppXL\AutoDect.exe
    MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
    MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    MSCONFIG\startupreg: BrStsMon00 => C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
    MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    MSCONFIG\startupreg: Exetender => "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    MSCONFIG\startupreg: Facebook Update => "C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: FileHippo.com => "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
    MSCONFIG\startupreg: IndexSearch => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
    MSCONFIG\startupreg: LifeCam => "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    MSCONFIG\startupreg: Malwarebytes Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    MSCONFIG\startupreg: msnmsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSCONFIG\startupreg: NeroCheck => C:\Windows\system32\NeroCheck.exe
    MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    MSCONFIG\startupreg: PaperPort PTD => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-30905629-1660685971-3630012643-500 - Administrator - Disabled)
    Davie (S-1-5-21-30905629-1660685971-3630012643-1000 - Administrator - Enabled) => C:\Users\Davie
    Guest (S-1-5-21-30905629-1660685971-3630012643-501 - Limited - Enabled)
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (02/25/2015 09:55:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
     
    System errors:
    =============
    Error: (02/25/2015 10:01:16 AM) (Source: volsnap) (EventID: 20) (User: )
    Description: The shadow copies of volume C: were aborted because of a failed free space computation.
     
    Error: (02/25/2015 09:55:56 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: mwiwnza4ndyyymr
     
    Error: (02/25/2015 09:55:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: SupportSoft Sprocket Service (dellsupportcenter)%%3
     
    Error: (02/25/2015 09:55:14 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
    Description: 2147942402
     
     
    Microsoft Office Sessions:
    =========================
    Error: (02/25/2015 09:55:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
     
     
    CodeIntegrity Errors:
    ===================================
      Date: 2014-07-16 09:07:24.226
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-15 18:23:15.719
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-14 18:05:51.194
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-14 18:05:50.972
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-14 18:05:50.746
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-14 18:05:50.516
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-14 16:23:12.685
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-14 16:23:12.457
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-14 16:23:12.230
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
      Date: 2014-07-14 16:23:12.001
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz
    Percentage of memory in use: 51%
    Total physical RAM: 3325.27 MB
    Available physical RAM: 1598.06 MB
    Total Pagefile: 6843.53 MB
    Available Pagefile: 5260.49 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1913.55 MB
     
    ==================== Drives ================================
     
    Drive c: (OS) (Fixed) (Total:410.46 GB) (Free:323.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.16 GB) NTFS
    Drive f: (RECOVERY) (Fixed) (Total:40.23 GB) (Free:40.1 GB) NTFS
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 60000000)
    Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=410.5 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=40.2 GB) - (Type=07 NTFS)
     
    ==================== End Of Log ============================

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP
    Download the attached fixlist.txt to the same location as FRST
    Run FRST and press Fix
    A fix log will be generated please post that.  Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
     
     
     
     
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Are you still seeing popups?
     

     

     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

    • 0

    #7
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    sorry if i am a bit slow, but where is the fixlist.txt that i am to download?   OK  dummy has found it. lol


    Edited by Zambian, 24 February 2015 - 11:55 PM.

    • 0

    #8
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    here is the fix log,

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-02-2015
    Ran by Davie at 2015-02-25 13:56:51 Run:1
    Running from C:\Users\Davie\Downloads
    Loaded Profiles: Davie (Available profiles: Davie)
    Boot Mode: Normal
     
    ==============================================
     
    Content of fixlist:
    *****************
    HKLM\...\Run: [NPSStartup] => [X]
    HKLM\...\Run: [gmsd_au_38] => [X]
    C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-08] (Dell)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\MountPoints2: {12a86870-243e-11e4-af4c-00219b028d60} - K:\Startme.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartSHS6DBs.lnk
    ShortcutTarget: StartSHS6DBs.lnk -> C:\unity\u6app\StartSHSDBs.exe (SHS)
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-30905629-1660685971-3630012643-1000 -> {95C6E439-9E8B-4858-A934-6ECF83A76EB0} URL = http://search.yahoo....petb&type=10473
    BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-09]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-01-09]
    S2 sprtsvc_dellsupportcenter; No ImagePath
    S3 catchme; \??\C:\Users\Davie\AppData\Local\Temp\catchme.sys [X]
    S3 cpuz134; \??\C:\Users\Davie\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
    S3 FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [X]
    S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
    S3 ioFakDrv; system32\DRIVERS\ioFakDrv.sys [X]
    S3 ioTablet; system32\DRIVERS\ioTablet.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 massfilter; system32\drivers\massfilter.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 MEMSWEEP2; \??\C:\Windows\system32\5886.tmp [X]
    S1 mwiwnza4ndyyymr; system32\drivers\mwiwnza4ndyyymr.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
    S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
    S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
    2015-02-23 13:44 - 2014-12-05 15:33 - 00000000 ____D () C:\ProgramData\gOjBPpYFxS
    Task: {13C7C762-BD79-45D9-A6EC-FBC2C6EF5EC1} - \NCH Swift Sound\switchSevenDays No Task File <==== ATTENTION
    Task: {159FB3A4-2583-4DDA-895C-49053F2D7B34} - \PCDEventLauncherTask No Task File <==== ATTENTION
    Task: {162F96C3-6A3D-47FC-A841-4EB4DDC66A62} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {16CEABF0-3579-493C-BAA0-782241B5781C} - System32\Tasks\{20AB9268-F0EB-4C22-9824-52FCB8E53F4A} => pcalua.exe -a E:\Install.exe -d E:\
    Task: {3E80ED18-A603-49E0-8F63-1863070EBEA9} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000UA => C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-20] (Facebook Inc.)
    Task: {4C091783-B543-4FA0-A68D-423683CF0669} - System32\Tasks\{81B352EC-FEDA-4052-907C-11F251365623} => pcalua.exe -a "C:\Program Files\vghd\uninstall.exe"
    Task: {F98976C3-603D-4AB8-A6D2-A89EECBEB7B4} - \PCDoctorBackgroundMonitorTask No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000Core.job => C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000UA.job => C:\Users\Davie\AppData\Local\Facebook\Update\FacebookUpdate.exe
    AlternateDataStreams: C:\ProgramData\TEMP:0441DB7A
    AlternateDataStreams: C:\ProgramData\TEMP:0D31DA45
    AlternateDataStreams: C:\ProgramData\TEMP:157D4840
    AlternateDataStreams: C:\ProgramData\TEMP:2F4A0A6B
    AlternateDataStreams: C:\ProgramData\TEMP:373E1720
    AlternateDataStreams: C:\ProgramData\TEMP:3E69E337
    AlternateDataStreams: C:\ProgramData\TEMP:444169A0
    AlternateDataStreams: C:\ProgramData\TEMP:4D8FCBEF
    AlternateDataStreams: C:\ProgramData\TEMP:5311B0B8
    AlternateDataStreams: C:\ProgramData\TEMP:55422315
    AlternateDataStreams: C:\ProgramData\TEMP:57DC3B52
    AlternateDataStreams: C:\ProgramData\TEMP:5A9AF3C7
    AlternateDataStreams: C:\ProgramData\TEMP:621BEE66
    AlternateDataStreams: C:\ProgramData\TEMP:6C1A9365
    AlternateDataStreams: C:\ProgramData\TEMP:77A023CE
    AlternateDataStreams: C:\ProgramData\TEMP:83E716F0
    AlternateDataStreams: C:\ProgramData\TEMP:8668AB36
    AlternateDataStreams: C:\ProgramData\TEMP:872B86AD
    AlternateDataStreams: C:\ProgramData\TEMP:89A5891E
    AlternateDataStreams: C:\ProgramData\TEMP:8DFE5191
    AlternateDataStreams: C:\ProgramData\TEMP:A53FFC56
    AlternateDataStreams: C:\ProgramData\TEMP:ABE30DDB
    AlternateDataStreams: C:\ProgramData\TEMP:B6C77675
    AlternateDataStreams: C:\ProgramData\TEMP:C0A1A8AA
    AlternateDataStreams: C:\ProgramData\TEMP:C7F04040
    AlternateDataStreams: C:\ProgramData\TEMP:D5BF78B4
    AlternateDataStreams: C:\ProgramData\TEMP:D751C674
    AlternateDataStreams: C:\ProgramData\TEMP:EF1813D7
    AlternateDataStreams: C:\ProgramData\TEMP:F216755A
    AlternateDataStreams: C:\ProgramData\TEMP:FFFCB9A9
     
     
     
     
    *****************
     
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value deleted successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_au_38 => value deleted successfully.
    "C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-08] (Dell)" => File/Directory not found.
    "HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{12a86870-243e-11e4-af4c-00219b028d60}" => Key deleted successfully.
    HKCR\CLSID\{12a86870-243e-11e4-af4c-00219b028d60} => Key not found. 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartSHS6DBs.lnk => Moved successfully.
    C:\unity\u6app\StartSHSDBs.exe => Moved successfully.
    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-30905629-1660685971-3630012643-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95C6E439-9E8B-4858-A934-6ECF83A76EB0}" => Key deleted successfully.
    HKCR\CLSID\{95C6E439-9E8B-4858-A934-6ECF83A76EB0} => Key not found. 
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => Key deleted successfully.
    "HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => Key deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
    C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} => Moved successfully.
    sprtsvc_dellsupportcenter => Service deleted successfully.
    catchme => Service deleted successfully.
    cpuz134 => Service deleted successfully.
    FsUsbExDisk => Service deleted successfully.
    IntcAzAudAddService => Service deleted successfully.
    ioFakDrv => Service deleted successfully.
    ioTablet => Service deleted successfully.
    IpInIp => Service deleted successfully.
    massfilter => Service deleted successfully.
    MBAMSwissArmy => Service deleted successfully.
    MEMSWEEP2 => Service deleted successfully.
    mwiwnza4ndyyymr => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    ZTEusbmdm6k => Service deleted successfully.
    ZTEusbnmea => Service deleted successfully.
    ZTEusbser6k => Service deleted successfully.
    C:\ProgramData\gOjBPpYFxS => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13C7C762-BD79-45D9-A6EC-FBC2C6EF5EC1}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C7C762-BD79-45D9-A6EC-FBC2C6EF5EC1}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Swift Sound\switchSevenDays" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{159FB3A4-2583-4DDA-895C-49053F2D7B34}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{159FB3A4-2583-4DDA-895C-49053F2D7B34}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{162F96C3-6A3D-47FC-A841-4EB4DDC66A62}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{162F96C3-6A3D-47FC-A841-4EB4DDC66A62}" => Key deleted successfully.
    C:\Windows\System32\Tasks\SystemToolsDailyTest => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16CEABF0-3579-493C-BAA0-782241B5781C}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16CEABF0-3579-493C-BAA0-782241B5781C}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{20AB9268-F0EB-4C22-9824-52FCB8E53F4A} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{20AB9268-F0EB-4C22-9824-52FCB8E53F4A}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E80ED18-A603-49E0-8F63-1863070EBEA9}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E80ED18-A603-49E0-8F63-1863070EBEA9}" => Key deleted successfully.
    C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000UA => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000UA" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C091783-B543-4FA0-A68D-423683CF0669}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C091783-B543-4FA0-A68D-423683CF0669}" => Key deleted successfully.
    C:\Windows\System32\Tasks\{81B352EC-FEDA-4052-907C-11F251365623} => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{81B352EC-FEDA-4052-907C-11F251365623}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F98976C3-603D-4AB8-A6D2-A89EECBEB7B4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F98976C3-603D-4AB8-A6D2-A89EECBEB7B4}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000Core.job => Moved successfully.
    C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-30905629-1660685971-3630012643-1000UA.job => Moved successfully.
    C:\ProgramData\TEMP => ":0441DB7A" ADS removed successfully.
    C:\ProgramData\TEMP => ":0D31DA45" ADS removed successfully.
    C:\ProgramData\TEMP => ":157D4840" ADS removed successfully.
    C:\ProgramData\TEMP => ":2F4A0A6B" ADS removed successfully.
    C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.
    C:\ProgramData\TEMP => ":3E69E337" ADS removed successfully.
    C:\ProgramData\TEMP => ":444169A0" ADS removed successfully.
    C:\ProgramData\TEMP => ":4D8FCBEF" ADS removed successfully.
    C:\ProgramData\TEMP => ":5311B0B8" ADS removed successfully.
    C:\ProgramData\TEMP => ":55422315" ADS removed successfully.
    C:\ProgramData\TEMP => ":57DC3B52" ADS removed successfully.
    C:\ProgramData\TEMP => ":5A9AF3C7" ADS removed successfully.
    C:\ProgramData\TEMP => ":621BEE66" ADS removed successfully.
    C:\ProgramData\TEMP => ":6C1A9365" ADS removed successfully.
    C:\ProgramData\TEMP => ":77A023CE" ADS removed successfully.
    C:\ProgramData\TEMP => ":83E716F0" ADS removed successfully.
    C:\ProgramData\TEMP => ":8668AB36" ADS removed successfully.
    C:\ProgramData\TEMP => ":872B86AD" ADS removed successfully.
    C:\ProgramData\TEMP => ":89A5891E" ADS removed successfully.
    C:\ProgramData\TEMP => ":8DFE5191" ADS removed successfully.
    C:\ProgramData\TEMP => ":A53FFC56" ADS removed successfully.
    C:\ProgramData\TEMP => ":ABE30DDB" ADS removed successfully.
    C:\ProgramData\TEMP => ":B6C77675" ADS removed successfully.
    C:\ProgramData\TEMP => ":C0A1A8AA" ADS removed successfully.
    C:\ProgramData\TEMP => ":C7F04040" ADS removed successfully.
    C:\ProgramData\TEMP => ":D5BF78B4" ADS removed successfully.
    C:\ProgramData\TEMP => ":D751C674" ADS removed successfully.
    C:\ProgramData\TEMP => ":EF1813D7" ADS removed successfully.
    C:\ProgramData\TEMP => ":F216755A" ADS removed successfully.
    C:\ProgramData\TEMP => ":FFFCB9A9" ADS removed successfully.
     
     
    The system needed a reboot. 
     
    ==== End of Fixlog 13:56:53 ====
     
    FRST logs
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
    Ran by Davie (administrator) on DAVIE-PC on 25-02-2015 14:07:52
    Running from C:\Users\Davie\Downloads
    Loaded Profiles: Davie (Available profiles: Davie)
    Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Windows\vVX1000.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Google) C:\Program Files\Google\Google Talk\googletalk.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (Dell) C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
    (Dropbox, Inc.) C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
    HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3289088 2007-11-21] (Google)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-22] (Piriform Ltd)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [DellSystemDetect] => C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-08] (Dell)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
    Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll (Google)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: MediaPlayersvideos  1.1 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-01-01]
    FF Extension: captiondownloaderhiephmcom - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-02-23]
    FF Extension: 023e9ca063f347b1bcb29badf9d9ef28 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} [2015-02-23]
    FF Extension: Flash and Video Download - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(2) [2014-06-18]
    FF Extension: No Flash - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]
    FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-12-05]
    FF Extension: Youtube downloader master - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-10]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
    CHR Extension: (Google Docs) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
    CHR Extension: (Google Drive) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08]
    CHR Extension: (YouTube) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
    CHR Extension: (Google Search) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
    CHR Extension: (Google Sheets) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
    CHR Extension: (Google Wallet) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
    CHR Extension: (Gmail) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
    S4 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd) [File not signed]
    S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
    S2 gupdate1c9a11782fb64e7; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-11-01] (Google Inc.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
    S4 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 ioFakMap; C:\Windows\System32\DRIVERS\ioFakMap.sys [10624 2010-12-15] (KYE System Corp.)
    S3 ioTblMap; C:\Windows\System32\DRIVERS\ioTblMap.sys [10632 2011-06-07] (KYE System Corp.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
    R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-21] () [File not signed]
    R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-10-27] () [File not signed]
    R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [40344 2012-10-01] ()
    R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-25 10:00 - 2015-02-25 14:08 - 00018762 _____ () C:\Users\Davie\Downloads\FRST.txt
    2015-02-25 10:00 - 2015-02-25 10:01 - 00035528 _____ () C:\Users\Davie\Downloads\Addition.txt
    2015-02-24 14:42 - 2015-02-24 14:42 - 00000642 _____ () C:\Users\Davie\Desktop\JRT.txt
    2015-02-24 14:42 - 2015-01-23 11:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-24 14:42 - 2015-01-23 10:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-23 13:16 - 2015-02-25 14:07 - 00000000 ____D () C:\FRST
    2015-02-23 13:03 - 2015-02-23 13:03 - 01126912 _____ (Farbar) C:\Users\Davie\Downloads\FRST.exe
    2015-02-23 13:02 - 2015-02-23 13:03 - 01388274 _____ (Thisisu) C:\Users\Davie\Downloads\JRT.exe
    2015-02-23 12:59 - 2015-02-23 13:00 - 02126848 _____ () C:\Users\Davie\Downloads\AdwCleaner.exe
    2015-02-23 10:53 - 2015-02-23 10:53 - 00602112 _____ (OldTimer Tools) C:\Users\Davie\Downloads\OTL.exe
    2015-02-23 09:47 - 2014-11-26 10:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-23 09:46 - 2015-01-15 12:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-23 09:46 - 2015-01-13 09:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-23 09:46 - 2015-01-09 08:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-23 09:42 - 2015-01-14 09:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-23 09:42 - 2015-01-14 09:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-02-23 09:42 - 2015-01-14 09:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-23 09:42 - 2015-01-14 09:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-23 09:42 - 2015-01-14 09:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-23 09:42 - 2015-01-14 09:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-23 09:42 - 2015-01-14 09:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-23 09:42 - 2015-01-14 09:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-02-23 09:42 - 2015-01-14 09:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-02-23 09:37 - 2015-02-23 09:37 - 00000000 ____D () C:\Windows\Temp49189D3D-F36E-6298-86B0-6AD8E0F4F57D-Signatures
    2015-02-23 09:34 - 2014-12-08 09:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-23 09:32 - 2015-02-23 09:32 - 00001127 _____ () C:\Users\Davie\Desktop\Watchtower Library 2014 - English.lnk
    2015-02-23 09:32 - 2015-02-23 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014
    2015-02-23 09:29 - 2015-02-23 09:30 - 00000000 ____D () C:\1dde1cb4387c5846477e94eeeafd
    2015-02-09 09:48 - 2015-02-09 09:48 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-02-08 12:58 - 2014-12-19 08:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-02-08 12:53 - 2014-12-06 11:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-02-08 12:53 - 2014-12-06 11:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-02-08 12:53 - 2014-12-06 11:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-02-08 12:53 - 2014-12-06 11:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-02-08 12:46 - 2015-02-08 12:46 - 00417064 _____ () C:\Users\Davie\Downloads\DellSystemDetect.exe
    2015-02-08 12:04 - 2015-02-08 12:04 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-08 12:04 - 2015-02-08 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-02-08 12:00 - 2015-02-08 12:00 - 00880208 _____ (Google Inc.) C:\Users\Davie\Downloads\ChromeSetup.exe
    2015-02-08 11:48 - 2015-02-08 11:48 - 00001269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell ResourceCD.lnk
    2015-02-08 11:47 - 2015-02-08 11:47 - 00000000 ____D () C:\Windows\system32\vmm32
    2015-02-08 11:14 - 2015-02-08 11:14 - 00000000 ____D () C:\ProgramData\59b4cf200005341
    2015-02-08 11:11 - 2015-02-08 11:11 - 00000000 ____D () C:\ProgramData\salesale
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-25 14:03 - 2012-03-10 10:28 - 02082459 _____ () C:\Windows\WindowsUpdate.log
    2015-02-25 14:02 - 2013-06-03 15:44 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
    2015-02-25 14:01 - 2013-10-11 19:54 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Skype
    2015-02-25 14:00 - 2015-01-13 17:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-02-25 14:00 - 2014-10-08 13:43 - 00000000 ___RD () C:\Users\Davie\Dropbox
    2015-02-25 14:00 - 2013-06-27 12:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Dropbox
    2015-02-25 13:58 - 2009-06-27 16:32 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-25 13:58 - 2008-08-01 17:19 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
    2015-02-25 13:58 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-25 13:58 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-25 13:58 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-25 13:57 - 2006-11-02 21:01 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-25 13:56 - 2006-11-02 19:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-02-24 14:38 - 2013-11-29 15:36 - 00000000 ____D () C:\AdwCleaner
    2015-02-24 14:28 - 2013-06-03 15:44 - 00000000 ____D () C:\ProgramData\Google Updater
    2015-02-23 14:16 - 2012-05-01 18:08 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-23 14:16 - 2011-01-26 19:40 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-23 14:16 - 2011-01-26 19:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-23 13:41 - 2013-08-01 18:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-23 12:19 - 2011-06-01 21:14 - 00000000 ____D () C:\Users\Davie\dwhelper
    2015-02-23 12:18 - 2012-11-29 12:51 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\vlc
    2015-02-23 10:16 - 2006-11-02 20:47 - 00315880 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-23 10:00 - 2013-08-10 10:28 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-23 09:49 - 2011-09-25 14:14 - 00000000 ____D () C:\Program Files\Watchtower
    2015-02-23 09:47 - 2006-11-02 18:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-02-16 09:39 - 2014-10-08 13:43 - 00000921 _____ () C:\Users\Davie\Desktop\Dropbox.lnk
    2015-02-16 09:39 - 2014-10-08 13:27 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-02-09 09:53 - 2009-10-26 14:48 - 00000000 ____D () C:\Users\Davie\AppData\Local\Deployment
    2015-02-09 09:52 - 2013-11-18 16:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    2015-02-09 09:49 - 2013-11-29 10:55 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-09 09:49 - 2008-08-01 17:17 - 00000000 ____D () C:\Program Files\Java
    2015-02-09 09:47 - 2014-10-26 18:09 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-02-09 09:47 - 2014-10-26 18:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-02-09 08:52 - 2006-11-02 18:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-09 08:48 - 2015-01-09 15:54 - 00000000 ___HD () C:\Users\Public\Temp
    2015-02-08 12:43 - 2013-05-22 18:45 - 00000000 ____D () C:\Program Files\My Dell
    2015-02-08 12:18 - 2015-01-09 15:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-02-08 12:07 - 2009-06-27 16:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-08 12:03 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Google
    2015-02-08 11:47 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Dell
     
    ==================== Files in the root of some directories =======
     
    2013-06-11 12:15 - 2013-06-11 12:13 - 0013824 _____ () C:\Program Files\1033.MST
    2012-09-17 13:33 - 2012-09-17 13:33 - 0000288 _____ () C:\Users\Davie\AppData\Roaming\.backup.dm
    2014-09-01 16:18 - 2014-09-01 16:18 - 0001248 _____ () C:\Users\Davie\AppData\Roaming\LSHLRGPF
    2014-01-20 12:30 - 2014-01-20 12:30 - 0000041 _____ () C:\Users\Davie\AppData\Roaming\mbam.context.scan
    2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\Davie\AppData\Roaming\QAKOG
    2008-10-12 13:48 - 2008-10-12 13:48 - 0026340 _____ () C:\Users\Davie\AppData\Roaming\UserTile.png
    2009-09-24 16:17 - 2014-03-14 11:46 - 0000140 _____ () C:\Users\Davie\AppData\Roaming\wklnhst.dat
    2012-04-18 13:56 - 2012-04-18 13:56 - 0000552 _____ () C:\Users\Davie\AppData\Local\d3d8caps.dat
    2008-09-26 11:56 - 2012-04-18 13:56 - 0006836 _____ () C:\Users\Davie\AppData\Local\d3d9caps.dat
    2008-09-25 20:09 - 2014-10-17 21:49 - 0045568 _____ () C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2009-06-07 14:46 - 2009-06-07 14:46 - 0008248 _____ () C:\Users\Davie\AppData\Local\en.ini
    2012-09-05 17:11 - 2012-09-05 17:11 - 0001503 _____ () C:\Users\Davie\AppData\Local\recently-used.xbel
    2010-02-10 17:23 - 2010-02-10 17:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2008-10-15 16:08 - 2010-10-27 18:40 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
     
    Some content of TEMP:
    ====================
    C:\Users\Davie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphrfwa6.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-02-25 14:05
     
    ==================== End Of Log ============================
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-02-2015
    Ran by Davie (administrator) on DAVIE-PC on 25-02-2015 14:07:52
    Running from C:\Users\Davie\Downloads
    Loaded Profiles: Davie (Available profiles: Davie)
    Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    (Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Microsoft Corporation) C:\Windows\vVX1000.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Google) C:\Program Files\Google\Google Talk\googletalk.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (Dell) C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE
    (Dropbox, Inc.) C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    (Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\mobsync.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
    HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3289088 2007-11-21] (Google)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-22] (Piriform Ltd)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\...\Run: [DellSystemDetect] => C:\Users\Davie\AppData\Local\Apps\2.0\L1YMPGED.XGQ\1G05GZ07.40T\dell..tion_e30b47f5d4a30e9e_0005.000e_4ab3a7332dd76702\DellSystemDetect.exe [283432 2015-02-08] (Dell)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
    Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
    ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Davie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Davie\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=au&ibd=1080802
    HKU\S-1-5-21-30905629-1660685971-3630012643-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
    BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406
    FF Homepage: about:home
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @pack.google.com/Google Updater;version=13 -> C:\Program Files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll (Google)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: MediaPlayersvideos  1.1 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-01-01]
    FF Extension: captiondownloaderhiephmcom - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2015-02-23]
    FF Extension: 023e9ca063f347b1bcb29badf9d9ef28 - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28} [2015-02-23]
    FF Extension: Flash and Video Download - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}(2) [2014-06-18]
    FF Extension: No Flash - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]
    FF Extension: Youtube and more - Easy Video Downloader - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-12-05]
    FF Extension: Youtube downloader master - C:\Users\Davie\AppData\Roaming\Mozilla\Firefox\Profiles\ai0obw7f.default-1385730795406\Extensions\[email protected] [2014-10-04]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-10]
     
    Chrome: 
    =======
    CHR Profile: C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
    CHR Extension: (Google Docs) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
    CHR Extension: (Google Drive) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08]
    CHR Extension: (YouTube) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
    CHR Extension: (Google Search) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
    CHR Extension: (Google Sheets) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
    CHR Extension: (Google Wallet) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
    CHR Extension: (Gmail) - C:\Users\Davie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
     
    ========================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-13] (SUPERAntiSpyware.com)
    S4 Brother XP spl Service; C:\Windows\system32\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd) [File not signed]
    S4 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
    R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-04-28] (Stardock Corporation)
    S2 gupdate1c9a11782fb64e7; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-11-01] (Google Inc.)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
    S4 SftService; C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE [1692480 2011-08-18] (SoftThinks SAS)
    R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    S3 ioFakMap; C:\Windows\System32\DRIVERS\ioFakMap.sys [10624 2010-12-15] (KYE System Corp.)
    S3 ioTblMap; C:\Windows\System32\DRIVERS\ioTblMap.sys [10632 2011-06-07] (KYE System Corp.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
    R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2008-03-06] (Windows ® Codename Longhorn DDK provider)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-05-21] () [File not signed]
    R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2010-10-27] () [File not signed]
    R3 stdriver; C:\Windows\System32\DRIVERS\stdriverx86.sys [40344 2012-10-01] ()
    R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-25 10:00 - 2015-02-25 14:08 - 00018762 _____ () C:\Users\Davie\Downloads\FRST.txt
    2015-02-25 10:00 - 2015-02-25 10:01 - 00035528 _____ () C:\Users\Davie\Downloads\Addition.txt
    2015-02-24 14:42 - 2015-02-24 14:42 - 00000642 _____ () C:\Users\Davie\Desktop\JRT.txt
    2015-02-24 14:42 - 2015-01-23 11:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-02-24 14:42 - 2015-01-23 10:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-02-23 13:16 - 2015-02-25 14:07 - 00000000 ____D () C:\FRST
    2015-02-23 13:03 - 2015-02-23 13:03 - 01126912 _____ (Farbar) C:\Users\Davie\Downloads\FRST.exe
    2015-02-23 13:02 - 2015-02-23 13:03 - 01388274 _____ (Thisisu) C:\Users\Davie\Downloads\JRT.exe
    2015-02-23 12:59 - 2015-02-23 13:00 - 02126848 _____ () C:\Users\Davie\Downloads\AdwCleaner.exe
    2015-02-23 10:53 - 2015-02-23 10:53 - 00602112 _____ (OldTimer Tools) C:\Users\Davie\Downloads\OTL.exe
    2015-02-23 09:47 - 2014-11-26 10:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2015-02-23 09:46 - 2015-01-15 12:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-02-23 09:46 - 2015-01-13 09:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-02-23 09:46 - 2015-01-09 08:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-02-23 09:42 - 2015-01-14 09:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-02-23 09:42 - 2015-01-14 09:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-02-23 09:42 - 2015-01-14 09:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-02-23 09:42 - 2015-01-14 09:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-02-23 09:42 - 2015-01-14 09:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-02-23 09:42 - 2015-01-14 09:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-02-23 09:42 - 2015-01-14 09:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-02-23 09:42 - 2015-01-14 09:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-02-23 09:42 - 2015-01-14 09:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-02-23 09:42 - 2015-01-14 09:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-02-23 09:42 - 2015-01-14 09:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2015-02-23 09:37 - 2015-02-23 09:37 - 00000000 ____D () C:\Windows\Temp49189D3D-F36E-6298-86B0-6AD8E0F4F57D-Signatures
    2015-02-23 09:34 - 2014-12-08 09:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
    2015-02-23 09:32 - 2015-02-23 09:32 - 00001127 _____ () C:\Users\Davie\Desktop\Watchtower Library 2014 - English.lnk
    2015-02-23 09:32 - 2015-02-23 09:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2014
    2015-02-23 09:29 - 2015-02-23 09:30 - 00000000 ____D () C:\1dde1cb4387c5846477e94eeeafd
    2015-02-09 09:48 - 2015-02-09 09:48 - 00000000 ____D () C:\Program Files\Common Files\Java
    2015-02-08 12:58 - 2014-12-19 08:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-02-08 12:53 - 2014-12-06 11:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-02-08 12:53 - 2014-12-06 11:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-02-08 12:53 - 2014-12-06 11:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2015-02-08 12:53 - 2014-12-06 11:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2015-02-08 12:46 - 2015-02-08 12:46 - 00417064 _____ () C:\Users\Davie\Downloads\DellSystemDetect.exe
    2015-02-08 12:04 - 2015-02-08 12:04 - 00001973 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-02-08 12:04 - 2015-02-08 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-02-08 12:00 - 2015-02-08 12:00 - 00880208 _____ (Google Inc.) C:\Users\Davie\Downloads\ChromeSetup.exe
    2015-02-08 11:48 - 2015-02-08 11:48 - 00001269 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell ResourceCD.lnk
    2015-02-08 11:47 - 2015-02-08 11:47 - 00000000 ____D () C:\Windows\system32\vmm32
    2015-02-08 11:14 - 2015-02-08 11:14 - 00000000 ____D () C:\ProgramData\59b4cf200005341
    2015-02-08 11:11 - 2015-02-08 11:11 - 00000000 ____D () C:\ProgramData\salesale
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2015-02-25 14:03 - 2012-03-10 10:28 - 02082459 _____ () C:\Windows\WindowsUpdate.log
    2015-02-25 14:02 - 2013-06-03 15:44 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job
    2015-02-25 14:01 - 2013-10-11 19:54 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Skype
    2015-02-25 14:00 - 2015-01-13 17:56 - 00000008 __RSH () C:\ProgramData\ntuser.pol
    2015-02-25 14:00 - 2014-10-08 13:43 - 00000000 ___RD () C:\Users\Davie\Dropbox
    2015-02-25 14:00 - 2013-06-27 12:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Dropbox
    2015-02-25 13:58 - 2009-06-27 16:32 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-25 13:58 - 2008-08-01 17:19 - 00000276 _____ () C:\Windows\Tasks\RtlNICDiagVistaStart.job
    2015-02-25 13:58 - 2006-11-02 21:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-25 13:58 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-25 13:58 - 2006-11-02 20:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-25 13:57 - 2006-11-02 21:01 - 00032638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-02-25 13:56 - 2006-11-02 19:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2015-02-24 14:38 - 2013-11-29 15:36 - 00000000 ____D () C:\AdwCleaner
    2015-02-24 14:28 - 2013-06-03 15:44 - 00000000 ____D () C:\ProgramData\Google Updater
    2015-02-23 14:16 - 2012-05-01 18:08 - 00001828 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    2015-02-23 14:16 - 2011-01-26 19:40 - 00001945 _____ () C:\Windows\epplauncher.mif
    2015-02-23 14:16 - 2011-01-26 19:38 - 00000000 ____D () C:\Program Files\Microsoft Security Client
    2015-02-23 13:41 - 2013-08-01 18:37 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-02-23 12:19 - 2011-06-01 21:14 - 00000000 ____D () C:\Users\Davie\dwhelper
    2015-02-23 12:18 - 2012-11-29 12:51 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\vlc
    2015-02-23 10:16 - 2006-11-02 20:47 - 00315880 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-02-23 10:00 - 2013-08-10 10:28 - 00000000 ____D () C:\Windows\system32\MRT
    2015-02-23 09:49 - 2011-09-25 14:14 - 00000000 ____D () C:\Program Files\Watchtower
    2015-02-23 09:47 - 2006-11-02 18:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-02-16 09:39 - 2014-10-08 13:43 - 00000921 _____ () C:\Users\Davie\Desktop\Dropbox.lnk
    2015-02-16 09:39 - 2014-10-08 13:27 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-02-09 09:53 - 2009-10-26 14:48 - 00000000 ____D () C:\Users\Davie\AppData\Local\Deployment
    2015-02-09 09:52 - 2013-11-18 16:22 - 00000000 ____D () C:\Users\Davie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
    2015-02-09 09:49 - 2013-11-29 10:55 - 00000000 ____D () C:\ProgramData\Oracle
    2015-02-09 09:49 - 2008-08-01 17:17 - 00000000 ____D () C:\Program Files\Java
    2015-02-09 09:47 - 2014-10-26 18:09 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-02-09 09:47 - 2014-10-26 18:09 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-02-09 09:47 - 2014-10-26 18:09 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-02-09 08:52 - 2006-11-02 18:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-02-09 08:48 - 2015-01-09 15:54 - 00000000 ___HD () C:\Users\Public\Temp
    2015-02-08 12:43 - 2013-05-22 18:45 - 00000000 ____D () C:\Program Files\My Dell
    2015-02-08 12:18 - 2015-01-09 15:32 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-02-08 12:07 - 2009-06-27 16:32 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-08 12:03 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Google
    2015-02-08 11:47 - 2008-08-01 17:23 - 00000000 ____D () C:\Program Files\Dell
     
    ==================== Files in the root of some directories =======
     
    2013-06-11 12:15 - 2013-06-11 12:13 - 0013824 _____ () C:\Program Files\1033.MST
    2012-09-17 13:33 - 2012-09-17 13:33 - 0000288 _____ () C:\Users\Davie\AppData\Roaming\.backup.dm
    2014-09-01 16:18 - 2014-09-01 16:18 - 0001248 _____ () C:\Users\Davie\AppData\Roaming\LSHLRGPF
    2014-01-20 12:30 - 2014-01-20 12:30 - 0000041 _____ () C:\Users\Davie\AppData\Roaming\mbam.context.scan
    2014-09-01 16:18 - 2014-09-01 16:18 - 0002086 _____ () C:\Users\Davie\AppData\Roaming\QAKOG
    2008-10-12 13:48 - 2008-10-12 13:48 - 0026340 _____ () C:\Users\Davie\AppData\Roaming\UserTile.png
    2009-09-24 16:17 - 2014-03-14 11:46 - 0000140 _____ () C:\Users\Davie\AppData\Roaming\wklnhst.dat
    2012-04-18 13:56 - 2012-04-18 13:56 - 0000552 _____ () C:\Users\Davie\AppData\Local\d3d8caps.dat
    2008-09-26 11:56 - 2012-04-18 13:56 - 0006836 _____ () C:\Users\Davie\AppData\Local\d3d9caps.dat
    2008-09-25 20:09 - 2014-10-17 21:49 - 0045568 _____ () C:\Users\Davie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2009-06-07 14:46 - 2009-06-07 14:46 - 0008248 _____ () C:\Users\Davie\AppData\Local\en.ini
    2012-09-05 17:11 - 2012-09-05 17:11 - 0001503 _____ () C:\Users\Davie\AppData\Local\recently-used.xbel
    2010-02-10 17:23 - 2010-02-10 17:23 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
    2008-10-15 16:08 - 2010-10-27 18:40 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt
     
    Some content of TEMP:
    ====================
    C:\Users\Davie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphrfwa6.dll
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2015-02-25 14:05
     
    ==================== End Of Log ============================
     
    Here are the posts from VEW
    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 25/02/2015 2:37:54 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 25/02/2015 6:16:23 AM
    Type: Error Category: 403
    Event: 412 Source: Microsoft-Windows-TaskScheduler
    Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 25/02/2015 6:16:45 AM
    Type: Warning Category: 0
    Event: 75 Source: Microsoft-Windows-PrintSpooler
    The print spooler failed to regenerate the printer driver information for driver Brother DCP-115C USB Printer for environment Windows NT x86. Win32 system error code 1797 (0x705). This can occur after an operating system upgrade or because of data loss on the hard drive.
     
    Log: 'System' Date/Time: 25/02/2015 6:16:28 AM
    Type: Warning Category: 0
    Event: 73 Source: Microsoft-Windows-PrintSpooler
    The print spooler failed to verify printer driver package Brother DCP-115C USB Printer for environment Windows NT x86. Win32 system error code 2 (0x2). This can occur after an operating system upgrade or because of data loss on the hard drive. The print spooler will try to regenerate the driver information from the driver store, which is where drivers are saved before they are installed. No user action is required.
     
    Log: 'System' Date/Time: 25/02/2015 6:16:03 AM
    Type: Warning Category: 0
    Event: 1 Source: RTL8169
    Realtek PCIe GBE Family Controller is disconnected from network.
     
    Vino's Event Viewer v01c run on Windows Vista in English
    Report run at 25/02/2015 2:39:28 PM
     
    Note: All dates below are in the format dd/mm/yyyy
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 25/02/2015 6:17:05 AM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     

    • 0

    #9
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    You posted the FRST log twice and didn't post the Addition log.  Also do not see Process explorer log.

     

    The one error that we need to worry about is:

     

    Log: 'System' Date/Time: 25/02/2015 6:16:23 AM
    Type: Error Category: 403
    Event: 412 Source: Microsoft-Windows-TaskScheduler
    Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service
     
    Open the Task Scheduler by clicking Start -> Programs -> Accessories -> System Tools -> Task Scheduler
     
    Usually with this error you will get a popup saying 
    the selected task "{0}" no longer exists. to see the current task, click refresh
     
    1. Open Task Scheduler and click OK when prompted with the error. It may seem like you are receiving the same error over and over, but this is really due to the number of tasks which are broken. Make a note of the number of times you are prompted with the the selected task "{0}" error. This is the number of task files that are out of sync with the registry. (This isn't necessarily true.  Sometimes you just get one but there are many missing)
    2. Start with the first folder under Windows tasks (Task Scheduler(Local)\Task Scheduler Library\Microsoft\Windows) and select each folder in turn until you receive the the selected task "{0}" error. This folder contains files that are not in sync with the task scheduler.  (This guy assumes the task that is missing is a windows task.  It may not be so make sure you check each folder under Task Schedule Library.  For some reason the Windows\Defrag task is often the cause.  )
    3. Open Windows Explorer and navigate to the tasks file folder (C:\windows\system32\Tasks\Microsoft\Windows) and find the folder which corresponds to the folder in which you received the error.

    Note in order to see these files you may need to:

    Open the Control Panel menu and click Folder Options.
        After the new window appears select the View tab.
        Put a checkmark in the checkbox labeled Display the contents of system folders.
        Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
        Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
        Remove the checkmark from the checkbox labeled Hide protected operating system files.
        Press the Apply button and then the OK button.
    1. For some tasks you will be able to determine which files need to be deleted by comparing the list in the Task Scheduler with the list of files in Explorer. Some tasks will only have a single file in explorer, or, in one case I had 2 and the first was missing. Once Task Scheduler encounters this error it will no longer display tasks so it makes the job of getting the two in sync a little more difficult. Once you have determined which files exist in the File Folder but do not exist in the Task Scheduler folder, delete those files. (Rather than delete the files I like to move them to another location)
    2. IMPORTANT - Close and Re-open Task Scheduler. Once the error is encountered, Task Scheduler no longer displays the tasks so you need to close it and restart in order to continue your synchronization effort.
    3. Continue to select folders in Task Scheduler under Windows tasks until you encounter the error again and repeat the process of determining which file exists on the file system, but not in Task Scheduler.

    • 0

    #10
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    Hello again, well i think i have done something wrong again. 

     

    When i opened " Task Scheduler" the error message was " Google software updater" no longer exists, so i followed the prompts and pressed refresh, the same error reappeared so i again pressed refresh, I stopped counting when i had reached 50 times.  Now comes the interesting part, I went into explorer " c:\ windows\ system32\ Tasks\Microsoft\Windows. then not finding anything obvious i looked for the way to open hidden files and ended up hiding the Windows folder???. I thought no problem i will just restore, but when i went to restore there was no restore point saved.

    Sorry to test your patience but please help 


    • 0

    Advertisements


    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP
    The refresh button doesn't help.
    Just OK until the errors stop.
     
     
    To see hidden files:
     
    Open the Control Panel menu and click Folder Options.
        After the new window appears select the View tab.
        Put a checkmark in the checkbox labeled Display the contents of system folders.
        Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
        Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
        Remove the checkmark from the checkbox labeled Hide protected operating system files.
        Press the Apply button and then the OK button.
     
    System Restore won't work for Task Scheduler problems.
     
     
    Google Software updater probably lives at:
     
    c:\ windows\ system32\ Tasks\
     
    I don't think it has folder of its own.  It's certainly one you can get rid of.  It always comes back anyway.

    • 0

    #12
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    All done and there are no errors when i open Task Scheduler , no more popups by the way.


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP
    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

    • 0

    #14
    Zambian

    Zambian

      Member

    • Topic Starter
    • Member
    • PipPip
    • 66 posts

    well i did a bit of browsing this morning looking for parts for my car and the advertising popups are back, even got them when i opened Geeks to Go.  So i assume that the nasty critter is still hiding somewhere. While i was looking at different forums there was no popups but when i went to suppliers and opened their product lists then the popups seem to appear, didn't notice at first because every program seems to have advertising, but this wasn't just advertising it was popups that even tried to redirect my browser. if that is of any help. cheers.

     

     

    The popups are getting worse, and i noticed that the file from procexp.txt is not there.

     

     

    I checked the extensions in Chrome and there was something called  el cheepo, so i deleted it 


    Edited by Zambian, 26 February 2015 - 08:40 PM.

    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,028 posts
    • MVP

    Time to switch to a real anti-virus.  Download and Save:

     

    http://files.avast.c...virus_setup.exe

     

    Uninstall Microsoft Security Essentials.  Reboot.

     

    Right click on the downloaded file and Run As Admin.

     

    (Last time I did this they were offering Chrome and Google Toolbar which you can uncheck.  Won't hurt anything but we don't need them.  After the next reboot they usually offer dropbox which you can also uncheck.)

     

    Register when it asks you - they will try to talk you in to buying the full product but the free Basic version is what we want.
     
    it.  Some people object to the voice notification of updates.  To turn it off, click on the Avast ball then on Settings then on Appearance.  Then on Sounds and uncheck Automatic Updates OK.  (It will still update it just won't tell you about in a loud voice in the middle of the night.)
     
    They have also started using their info popup to try and get you to upgrade so I go into Settings, Appearance, Popups and change the first two to 1 second.  Their Browser Cleanup is not so user friendly since it wants to reset your home page and search engine to Yahoo so I go into Settings, Tools, and turn it off.
     
    If you haven't registered already then right click on the orange ball and select Registration Information and click on the link.  (They just want you name and email address).  The registration is good for 12-14 months then you will need to register again.  They will, of course, try to talk you into buying the product but you can always register again for another year free tho it may not be the default.
     
    Tonight after it has updated we want to let Avast do a full boot-time scan while you sleep.  Takes about 6 hours.
     
    How to do a boot-time scan while you sleep:
    First mute the speakers so it won't wake you up when Windows loads.  Click on the Orange ball.  Click on Scan, then Scan for Viruses and wait a couple of minutes for the page to change.  Change Quickscan to Boot-time Scan.  Click on Settings.  Where it says Heuristic Sensitivity click on the last rectangle so that all of them are  orange and it says High.  Check both boxes.  Then change When a threat is found ... to:  Move to Chest.  OK.  Now click on Start.  Close the Avast window and then reboot.  The scan will start.  It will tell you where it will save the report.  Usually it's 
    C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.  When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report.  If it found anything then open the aswBoot.txt file and copy and paste it.  If you can't find it then take a screen shot of the Detailed Report:

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP