OTL logfile created on: 25.02.2013 18:15:02 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erik\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000414 | Country: Norge | Language: NOR | Date Format: dd.MM.yyyy 3.91 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 57.69% Memory free 7.81 Gb Paging File | 5.57 Gb Available in Paging File | 71.37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78.03 Gb Total Space | 3.64 Gb Free Space | 4.67% Space Free | Partition Type: NTFS Drive D: | 375.63 Gb Total Space | 375.53 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: ERIK-PC | User Name: Erik | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Erik\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\ProgramData\BetterSoft\ContinueToSave\ContinueToSave.exe () PRC - C:\Users\Erik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Users\Erik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) PRC - C:\Programfiler\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Users\Erik\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll () MOD - C:\Users\Erik\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll () MOD - C:\Users\Erik\AppData\Local\Google\Chrome\Application\25.0.1364.97\libglesv2.dll () MOD - C:\Users\Erik\AppData\Local\Google\Chrome\Application\25.0.1364.97\libegl.dll () MOD - C:\Users\Erik\AppData\Local\Google\Chrome\Application\25.0.1364.97\ffmpegsumo.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () MOD - c:\progra~2\contin~1\sprote~1.dll () MOD - c:\progra~2\simple~1\sprote~1.dll () MOD - C:\Users\Erik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvorbis_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libxml_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libtheora_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libzip_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvout_directx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libvcd_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libwaveout_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i420_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuy2_i422_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libyuvp_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libugly_resampler_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libqt4_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libskins2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libschroedinger_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libswscale_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libspeex_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscaletempo_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_rar_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libsimple_channel_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libscale_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libstream_filter_record_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libpng_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpgatofixed32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libplaylist_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmpeg_audio_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libmemcpymmxext_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblpcm_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfreetype_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibass_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfaad_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libflac_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdvdnav_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdshow_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstofloat32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblibmpeg2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_sse2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libblend_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdirect3d_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_rgb_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_sse2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libhotkeys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_sse2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_float_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdts_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_yuy2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfake_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_yuy2_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libcdg_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liblinear_resampler_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libglobalhotkeys_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi422_i420_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libgrey_yuv_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdtstospdif_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdrawable_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libconverter_fixed_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_mmx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libfloat32_mixer_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libdolby_surround_decoder_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libi420_ymga_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavcodec_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libavi_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libbandlimited_resampler_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaraw_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaout_directx_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaes3_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_bd_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tofloat32_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_directory_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_file_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\libaccess_fake_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\plugins\liba52tospdif_plugin.dll () MOD - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () MOD - C:\PROGRA~2\MICROS~2\Office14\1033\GrooveIntlResource.dll () MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (WebOptimizer) -- C:\Windows\SysNative\dmwu.exe () SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (NisSrv) -- C:\Programfiler\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- C:\Programfiler\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Web Assistant Updater) -- C:\Programfiler\Web Assistant\ExtensionUpdaterService.exe () SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (SQLWriter) -- C:\Programfiler\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programfiler\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose64) -- C:\Programfiler\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:[b]64bit:[/b] - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:[b]64bit:[/b] - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:[b]64bit:[/b] - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:[b]64bit:[/b] - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:[b]64bit:[/b] - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:[b]64bit:[/b] - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/ IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=4e259105-12d2-11e1-bba3-001e3322bdf7&q={searchTerms} IE - HKLM\..\SearchScopes\{1B24F67E-7BA9-4130-A9F9-EC8292FCAD29}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.simplespeedy.info/?l=1&q={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.simplespeedy.info/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://no.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = no IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9A CA 91 7C C2 6F CC 01 [binary data] IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=4e259105-12d2-11e1-bba3-001e3322bdf7&q={searchTerms} IE - HKCU\..\SearchScopes\{1B24F67E-7BA9-4130-A9F9-EC8292FCAD29}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{462D1843-587F-44C7-8CA1-85A5A4333D62}: "URL" = http://startsear.ch/?aff=1&q={searchTerms} IE - HKCU\..\SearchScopes\{6C25E077-83D3-4381-93AC-32C428821DD4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=27F20A7D-3DF6-48A2-BCAE-46683B6491EF&apn_sauid=0CDEF0F2-ECA9-411C-98AF-13FDE698CD4D IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.simplespeedy.info/?l=1&q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8vMkfs3v&i=26 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "http://websearch.simplespeedy.info/?l=1&q=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.order.1,S: S", "WebSearch" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://websearch.simplespeedy.info/" FF - prefs.js..extensions.enabledAddons: 4fd7446706af9@4fd7446706b32.info:1.0 FF - prefs.js..extensions.enabledAddons: ffxtlbr@incredibar.com:1.5.0 FF - prefs.js..extensions.enabledAddons: 4fd7481830056@4fd7481830077.info:5.1 FF - prefs.js..extensions.enabledAddons: {EEE6C361-6118-11DC-9C72-001320C79847}:1.9.0.0 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.9.100013 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "MyStart Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "MyStart Search" FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb139?a=6R8vMkfs3v&i=26" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=27F20A7D-3DF6-48A2-BCAE-46683B6491EF&apn_ptnrs=^TV&apn_sauid=0CDEF0F2-ECA9-411C-98AF-13FDE698CD4D&apn_dtid=^OSJ000^YY^US&&q=" FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Erik\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Erik\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Erik\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.09.14 13:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.09.14 13:47:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.09 22:05:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.13 19:09:14 | 000,000,000 | ---D | M] [2012.01.03 22:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Extensions [2013.02.19 20:43:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\ew820vcx.default\extensions [2012.06.12 14:41:56 | 000,000,000 | ---D | M] (ADDICT-THING) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\ew820vcx.default\extensions\4fd7446706af9@4fd7446706b32.info [2012.08.13 19:00:10 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\ew820vcx.default\extensions\4fd7481830056@4fd7481830077.info [2013.02.19 20:02:38 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\ew820vcx.default\extensions\5110f3de1b3fc@5110f3de1b435.com [2012.06.12 14:42:17 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\ew820vcx.default\extensions\ffxtlbr@incredibar.com [2013.02.20 22:57:11 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\ew820vcx.default\extensions\toolbar@ask.com [2013.02.19 20:43:56 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\ew820vcx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.02.20 20:52:12 | 000,000,000 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\ew820vcx.default\searchplugins\askcom.xml [2012.06.12 14:41:31 | 000,002,203 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\ew820vcx.default\searchplugins\MyStart Search.xml [2012.08.18 15:59:11 | 000,003,915 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\ew820vcx.default\searchplugins\sweetim.xml [2013.02.05 12:33:07 | 000,000,559 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\ew820vcx.default\searchplugins\WebSearch.xml [2012.09.09 22:05:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.09 22:05:15 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.17 03:08:39 | 000,001,525 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2011.12.17 02:27:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.12.17 03:08:39 | 000,001,218 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bok-NO.xml [2011.12.17 03:08:39 | 000,000,968 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qxl-NO.xml [2011.12.17 03:08:39 | 000,001,203 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\telefonkatalogen-NO.xml [2011.12.17 03:08:39 | 000,001,176 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-NO.xml [2011.12.17 03:08:39 | 000,001,192 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-NO.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://websearch.simplespeedy.info/ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbakfiemaoahablkfeogcedofcidckdg\1\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfibegahhiogbndnmmdifokbbbfaechd\1.0_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnblkohjnmajcildeecdadnomkonpdli\5.1_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbakfiemaoahablkfeogcedofcidckdg\1\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfibegahhiogbndnmmdifokbbbfaechd\1.0_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnblkohjnmajcildeecdadnomkonpdli\5.1_0\ CHR - Extension: No name found = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\Erik\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen) O2:[b]64bit:[/b] - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programfiler\Web Assistant\Extension64.dll () O2:[b]64bit:[/b] - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programfiler\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:[b]64bit:[/b] - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programfiler\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (ADDICT-THING Class) - {0EDDC9D8-B485-8975-C106-9851E2355298} - C:\ProgramData\ADDICT-THING\bhoclass.dll File not found O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programfiler\Web Assistant\Extension32.dll () O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (TheBflix Class) - {7E685A8E-D1DF-E853-28CC-9280CB89E3AC} - C:\ProgramData\TheBflix\bhoclass.dll File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (continuetosave) - {DE959DAA-92BA-0E7E-EBA3-384A38739DE0} - C:\ProgramData\continuetosave\5110f3de1b58b.dll () O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD) O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe (PC Utilities Pro) O4 - HKCU..\Run: [Facebook Update] C:\Users\Erik\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Erik\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - Startup: C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Erik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - C:\Programfiler\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8:[b]64bit:[/b] - Extra context menu item: Se&nd to OneNote - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:[b]64bit:[/b] - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programfiler\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html () O9:[b]64bit:[/b] - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programfiler\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programfiler\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programfiler\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.37.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FC7309F-F252-44AD-8C53-456440B19994}: DhcpNameServer = 192.168.37.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83A76D30-B6F7-4B3E-83C3-C580C469B11A}: DhcpNameServer = 204.11.131.2 O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programfiler\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programfiler\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\progra~2\contin~1\sprote~1.dll () O20 - AppInit_DLLs: (c:\progra~2\simple~1\sprote~1.dll) - c:\progra~2\simple~1\sprote~1.dll () O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:[b]64bit:[/b] - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programfiler\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3478b6d9-7d42-11df-b0a4-001e3322bdf7}\Shell - "" = AutoRun O33 - MountPoints2\{3478b6d9-7d42-11df-b0a4-001e3322bdf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{3478b6db-7d42-11df-b0a4-001e3322bdf7}\Shell - "" = AutoRun O33 - MountPoints2\{3478b6db-7d42-11df-b0a4-001e3322bdf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9a07faa0-ef49-11e0-ad8f-001e3322bdf7}\Shell - "" = AutoRun O33 - MountPoints2\{9a07faa0-ef49-11e0-ad8f-001e3322bdf7}\Shell\AutoRun\command - "" = F:\setup.exe O33 - MountPoints2\{9c7a1641-803c-11df-affc-001e3322bdf7}\Shell - "" = AutoRun O33 - MountPoints2\{9c7a1641-803c-11df-affc-001e3322bdf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9f0bd066-7e16-11df-903c-001e3322bdf7}\Shell - "" = AutoRun O33 - MountPoints2\{9f0bd066-7e16-11df-903c-001e3322bdf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9f0bd07c-7e16-11df-903c-001e3322bdf7}\Shell - "" = AutoRun O33 - MountPoints2\{9f0bd07c-7e16-11df-903c-001e3322bdf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a81fb2db-7cb3-11df-b39b-001e3322bdf7}\Shell - "" = AutoRun O33 - MountPoints2\{a81fb2db-7cb3-11df-b39b-001e3322bdf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ca105863-56e0-11df-923e-001e3322bdf7}\Shell - "" = AutoRun O33 - MountPoints2\{ca105863-56e0-11df-923e-001e3322bdf7}\Shell\AutoRun\command - "" = E:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013.02.20 22:01:43 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\AVG2013 [2013.02.20 22:00:04 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\TuneUp Software [2013.02.20 22:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.02.20 21:58:54 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.02.20 21:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013.02.20 21:57:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013.02.20 21:53:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.02.20 21:53:43 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Local\MFAData [2013.02.20 21:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.02.20 21:53:43 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Local\Avg2013 [2013.02.20 21:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013.02.20 21:46:51 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Local\Macromedia [2013.02.20 21:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2013.02.20 21:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2013.02.05 13:43:09 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\Foil [2013.02.05 12:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\RightClick [2013.02.05 12:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SimpleSpeedy [2013.02.05 12:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\BetterSoft [2013.02.05 12:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ContinueToSave [2013.02.05 12:32:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave [2013.02.05 12:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetosave [2013.02.05 12:09:30 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\SilverFrost [2013.02.05 12:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silverfrost [2013.02.05 12:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silverfrost [2013.02.05 12:08:32 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\FTN95 Examples [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013.02.25 18:05:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051732649-2253505763-3595444907-1000UA.job [2013.02.25 18:04:04 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.25 17:41:05 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 17:41:05 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.25 17:26:17 | 000,000,354 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterRefreshTask.job [2013.02.25 17:26:16 | 000,000,374 | -H-- | M] () -- C:\Windows\tasks\TheBflixUpdaterLogonTask.job [2013.02.25 17:26:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.25 17:26:07 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2051732649-2253505763-3595444907-1000UA.job [2013.02.25 17:26:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2051732649-2253505763-3595444907-1000Core.job [2013.02.25 17:25:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.25 10:19:03 | 000,000,984 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.25 10:19:01 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\schedule!1143840799.job [2013.02.25 10:18:44 | 3144,814,592 | -HS- | M] () -- C:\hiberfil.sys [2013.02.24 23:02:19 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051732649-2253505763-3595444907-1000Core.job [2013.02.24 11:13:43 | 000,002,362 | ---- | M] () -- C:\Users\Erik\Desktop\Google Chrome.lnk [2013.02.20 22:00:04 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.02.20 21:48:52 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.20 21:48:52 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.19 22:49:36 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.19 11:46:33 | 000,002,951 | ---- | M] () -- C:\Users\Erik\Desktop\Microsoft Excel 2010.lnk [2013.02.14 20:21:01 | 000,418,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.14 17:05:02 | 001,401,804 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.14 17:05:02 | 000,663,238 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.14 17:05:02 | 000,503,974 | ---- | M] () -- C:\Windows\SysNative\perfh014.dat [2013.02.14 17:05:02 | 000,124,552 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.14 17:05:02 | 000,095,382 | ---- | M] () -- C:\Windows\SysNative\perfc014.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013.02.20 22:00:04 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.02.20 21:48:52 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013.02.20 21:48:49 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013.02.19 11:46:33 | 000,002,951 | ---- | C] () -- C:\Users\Erik\Desktop\Microsoft Excel 2010.lnk [2013.02.05 12:32:57 | 000,000,426 | -H-- | C] () -- C:\Windows\tasks\schedule!1143840799.job [color=#E56717]========== ZeroAccess Check ==========[/color] [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013.02.20 22:01:43 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\AVG2013 [2013.02.24 23:03:10 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\BitTorrent [2010.05.03 19:28:49 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\DAEMON Tools Lite [2012.06.12 14:49:05 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Driver Pro [2013.02.25 10:19:51 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Dropbox [2013.02.05 12:09:30 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\SilverFrost [2010.06.20 12:19:07 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Sports Interactive [2012.10.20 21:57:33 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Spotify [2013.02.20 22:00:04 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\TuneUp Software [2012.05.06 16:51:48 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\uTorrent [2011.11.19 18:24:25 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\VshareComplete [2012.12.07 22:42:07 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\YourFileDownloader [color=#E56717]========== Purity Check ==========[/color] < End of report >