Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
QVo6 cleaned out, but still affecting Firefox
Message
<blockquote data-quote="alexavery" data-source="post: 131893" data-attributes="member: 11079"><p>Hey there,</p><p></p><p>I only got the one txt log file pop up. Attached below:</p><p></p><p>OTL logfile created on: 8/08/2013 2:55:04 PM - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Downloads</p><p>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.10.9200.16635)</p><p>Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy</p><p> </p><p>7.71 Gb Total Physical Memory | 5.62 Gb Available Physical Memory | 72.89% Memory free</p><p>15.42 Gb Paging File | 13.02 Gb Available in Paging File | 84.45% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 90.03 Gb Total Space | 7.22 Gb Free Space | 8.02% Space Free | Partition Type: NTFS</p><p> </p><p>Computer Name: ALEX-9 | User Name: Alex | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\Alex\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Users\Alex\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)</p><p>PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)</p><p>PRC - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)</p><p>PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)</p><p>PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)</p><p>PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)</p><p>PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe (McAfee, Inc.)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung Electronics CO., LTD.)</p><p>PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()</p><p>PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)</p><p>PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)</p><p>PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)</p><p>PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)</p><p>PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._core_.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_ssl.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._controls_.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\windows._cacheinvalidation.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._windows_.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._gdi_.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._misc_.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_hashlib.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\unicodedata.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\pysqlite2._sqlite.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\pythoncom27.dll ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32com.shell.shell.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_elementtree.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\pyexpat.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._wizard.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32file.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\PyWinTypes27.dll ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32security.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32api.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_ctypes.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._html2.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_socket.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32inet.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32process.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_multiprocessing.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32pdh.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32ts.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32event.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32profile.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32crypt.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\select.pyd ()</p><p>MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll ()</p><p>MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()</p><p>MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll ()</p><p>MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\libglesv2.dll ()</p><p>MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\libegl.dll ()</p><p>MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll ()</p><p>MOD - C:\Users\Alex\AppData\Roaming\Dropbox\bin\libcef.dll ()</p><p>MOD - C:\Users\Alex\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()</p><p>MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()</p><p>MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()</p><p>MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()</p><p>MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()</p><p>MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()</p><p>MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()</p><p>MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll ()</p><p>MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)</p><p>SRV:<strong>64bit:</strong> - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)</p><p>SRV:<strong>64bit:</strong> - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()</p><p>SRV:<strong>64bit:</strong> - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)</p><p>SRV:<strong>64bit:</strong> - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)</p><p>SRV:<strong>64bit:</strong> - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)</p><p>SRV:<strong>64bit:</strong> - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)</p><p>SRV:<strong>64bit:</strong> - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)</p><p>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)</p><p>SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe (McAfee, Inc.)</p><p>SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)</p><p>SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)</p><p>SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)</p><p>SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()</p><p>SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)</p><p>SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)</p><p>SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()</p><p>SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)</p><p>SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation)</p><p>SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)</p><p>SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)</p><p>SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)</p><p>DRV:<strong>64bit:</strong> - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))</p><p>DRV:<strong>64bit:</strong> - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))</p><p>DRV:<strong>64bit:</strong> - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)</p><p>DRV:<strong>64bit:</strong> - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)</p><p>DRV:<strong>64bit:</strong> - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)</p><p>DRV:<strong>64bit:</strong> - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)</p><p>DRV:<strong>64bit:</strong> - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)</p><p>DRV:<strong>64bit:</strong> - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )</p><p>DRV:<strong>64bit:</strong> - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (rusb3xhc) -- C:\Windows\SysNative\drivers\rusb3xhc.sys (Renesas Electronics Corporation)</p><p>DRV:<strong>64bit:</strong> - (rusb3hub) -- C:\Windows\SysNative\drivers\rusb3hub.sys (Renesas Electronics Corporation)</p><p>DRV:<strong>64bit:</strong> - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)</p><p>DRV:<strong>64bit:</strong> - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)</p><p>DRV:<strong>64bit:</strong> - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)</p><p>DRV:<strong>64bit:</strong> - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)</p><p>DRV:<strong>64bit:</strong> - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)</p><p>DRV:<strong>64bit:</strong> - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:<strong>64bit:</strong> - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:<strong>64bit:</strong> - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com</p><p>IE:<strong>64bit:</strong> - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = </p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com</p><p>IE - HKLM\..\SearchScopes,DefaultScope = </p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com.ai/</p><p>IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}</p><p>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - prefs.js..browser.search.useDBForOrder: true</p><p>FF - prefs.js..browser.startup.homepage: "https://www.google.com.au/"</p><p>FF - prefs.js..extensions.enabledAddons: rankchecker%40seobook.com:1.8.24</p><p>FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0</p><p>FF - user.js - File not found</p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</p><p>FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)</p><p>FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins</p><p> </p><p>[2013/01/21 14:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions</p><p>[2013/01/21 14:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}</p><p>[2013/08/06 19:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m0rjc2hn.default-1371005629227\extensions</p><p>[2013/07/12 16:38:14 | 000,158,969 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m0rjc2hn.default-1371005629227\extensions\rankchecker@seobook.com.xpi</p><p>[2013/06/30 18:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m0rjc2hn.default-1371005629227\extensions\trtv3@trtv.com.xpi</p><p>[2013/07/09 14:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions</p><p>[2013/07/09 14:49:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll</p><p>CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll</p><p>CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll</p><p>CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll</p><p>CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll</p><p>CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npo1d.dll</p><p>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL</p><p>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL</p><p>CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll</p><p>CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll</p><p>CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll</p><p>CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll</p><p>CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll</p><p>CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll</p><p>CHR - Extension: Google Drive = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\</p><p>CHR - Extension: Pocket Website = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap\1.0.2_0\</p><p> </p><p>O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O2:<strong>64bit:</strong> - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation)</p><p>O2:<strong>64bit:</strong> - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\x64\ScriptHost.dll File not found</p><p>O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation)</p><p>O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)</p><p>O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation)</p><p>O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.</p><p>O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)</p><p>O4 - HKCU..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe File not found</p><p>O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)</p><p>O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0</p><p>O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)</p><p>O13<strong>64bit:</strong> - gopher Prefix: missing</p><p>O13 - gopher Prefix: missing</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.189.54.17 139.130.204.47</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15E33553-5FF6-4B26-81D5-1380458F6564}: DhcpNameServer = 192.189.54.17 139.130.204.47</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF85CDE5-0370-4A77-8528-7D58EA2CBC6D}: DhcpNameServer = 192.168.42.129</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863CF00-A947-4FC6-A0B1-FC397696EC41}: DhcpNameServer = 192.168.42.129</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\livecall - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\ms-help - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msnim - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\skype4com - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlmailhtml - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlpg - No CLSID value found</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)</p><p>O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found</p><p>O21:<strong>64bit:</strong> - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O33 - MountPoints2\D\Shell - "" = AutoRun</p><p>O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -a</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/08/08 10:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2013/08/08 10:55:28 | 000,000,000 | ---D | C] -- C:\windows\ERUNT</p><p>[2013/08/06 19:40:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\CRE</p><p>[2013/08/06 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\uTorrent</p><p>[2013/08/06 15:48:47 | 000,000,000 | ---D | C] -- C:\windows\Sun</p><p>[2013/08/06 15:35:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Vuze Downloads</p><p>[2013/08/06 15:32:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Nico Mak Computing</p><p>[2013/08/06 15:32:16 | 000,019,840 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\windows\SysNative\roboot64.exe</p><p>[2013/08/06 15:32:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\.swt</p><p>[2013/08/06 15:31:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Azureus</p><p>[2013/08/06 15:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze</p><p>[2013/07/23 15:45:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Bike Helmets</p><p>[2013/07/19 13:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics</p><p>[2013/07/18 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Coursera-Startup</p><p>[2013/07/17 12:37:41 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe</p><p>[2013/07/17 12:37:35 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe</p><p>[2013/07/17 12:37:35 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe</p><p>[2013/07/17 12:37:35 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>[2013/07/17 12:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java</p><p>[2013/07/17 11:58:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Adrenalin</p><p>[2013/07/16 17:36:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT</p><p>[2013/07/12 14:31:05 | 000,000,000 | --SD | C] -- C:\Users\Alex\Google Drive</p><p>[2013/07/12 14:28:42 | 000,000,000 | R--D | C] -- C:\Users\Alex\Desktop\Camera Uploads</p><p>[2013/07/12 13:55:39 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll</p><p>[2013/07/12 13:55:39 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll</p><p>[2013/07/12 13:55:38 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll</p><p>[2013/07/12 13:55:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll</p><p>[2013/07/12 13:55:38 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe</p><p>[2013/07/12 13:55:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe</p><p>[2013/07/12 13:55:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll</p><p>[2013/07/12 13:55:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll</p><p>[2013/07/12 13:55:38 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe</p><p>[2013/07/12 13:55:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll</p><p>[2013/07/12 13:55:38 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll</p><p>[2013/07/12 13:55:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll</p><p>[2013/07/12 13:55:37 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll</p><p>[2013/07/12 13:55:37 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll</p><p>[2013/07/12 13:55:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll</p><p>[2013/07/11 17:13:57 | 000,000,000 | ---D | C] -- C:\249ee6d1e8d1e74976663690e3</p><p>[2013/07/11 14:43:58 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll</p><p>[2013/07/11 14:43:58 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll</p><p>[2013/07/11 14:43:57 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL</p><p>[2013/07/11 14:43:57 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL</p><p>[2013/07/11 14:42:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/08/08 14:56:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/08/08 14:50:10 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/08/08 14:50:10 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/08/08 14:48:19 | 000,782,922 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI</p><p>[2013/08/08 14:48:19 | 000,667,722 | ---- | M] () -- C:\windows\SysNative\perfh009.dat</p><p>[2013/08/08 14:48:19 | 000,126,366 | ---- | M] () -- C:\windows\SysNative\perfc009.dat</p><p>[2013/08/08 14:48:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3336758301-2159881952-1342346213-1000UA.job</p><p>[2013/08/08 14:48:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3336758301-2159881952-1342346213-1000Core.job</p><p>[2013/08/08 14:43:28 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/08/08 14:43:28 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job</p><p>[2013/08/08 14:43:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat</p><p>[2013/08/08 11:40:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/08/08 10:53:17 | 000,001,128 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk</p><p>[2013/08/08 10:53:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk</p><p>[2013/08/08 09:26:57 | 000,410,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT</p><p>[2013/08/06 14:55:52 | 001,514,225 | ---- | M] () -- C:\Users\Alex\Desktop\UCSD Building Database Driven Web Applications.pdf</p><p>[2013/08/05 16:50:48 | 000,014,424 | ---- | M] () -- C:\Users\Alex\Desktop\dollar.jpg</p><p>[2013/08/05 12:38:46 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job</p><p>[2013/07/26 13:33:44 | 000,192,371 | ---- | M] () -- C:\Users\Alex\Desktop\hawthorn v bombers jul13.pdf</p><p>[2013/07/23 12:42:18 | 000,011,527 | ---- | M] () -- C:\Users\Alex\Desktop\logos-32-nodither.gif</p><p>[2013/07/23 12:41:25 | 000,014,403 | ---- | M] () -- C:\Users\Alex\Desktop\logos.gif</p><p>[2013/07/23 12:40:08 | 000,054,967 | ---- | M] () -- C:\Users\Alex\Desktop\logos.png</p><p>[2013/07/19 15:00:01 | 000,044,877 | ---- | M] () -- C:\Users\Alex\Desktop\google_search_volume_chart.png</p><p>[2013/07/17 12:37:30 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll</p><p>[2013/07/17 12:37:30 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll</p><p>[2013/07/17 12:37:30 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe</p><p>[2013/07/17 12:37:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe</p><p>[2013/07/17 12:37:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe</p><p>[2013/07/17 12:37:30 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll</p><p>[2013/07/16 17:08:48 | 000,137,292 | ---- | M] () -- C:\Users\Alex\Desktop\Alex Avery-Bike Helmets-Proposal-16JUL2013.pdf</p><p>[2013/07/15 12:47:41 | 000,002,371 | ---- | M] () -- C:\Users\Alex\Desktop\rugsplusonlinelogo.gif</p><p>[2013/07/15 11:41:47 | 000,174,326 | ---- | M] () -- C:\Users\Alex\Desktop\MBC Bikes Logo (640x359).jpg</p><p>[2013/07/15 11:17:03 | 000,244,235 | ---- | M] () -- C:\Users\Alex\Desktop\MBC Bikes Logo.jpg</p><p>[2013/07/15 11:16:15 | 000,008,758 | ---- | M] () -- C:\Users\Alex\Desktop\bikes-trading-hours-button.jpg</p><p>[2013/07/12 17:16:12 | 000,001,264 | ---- | M] () -- C:\Users\Alex\Desktop\rank tracker2.csv</p><p>[2013/07/12 16:47:29 | 000,001,973 | ---- | M] () -- C:\Users\Alex\Desktop\rank tracker.csv</p><p>[2013/07/12 15:45:16 | 000,048,074 | ---- | M] () -- C:\Users\Alex\Desktop\google vs apple.png</p><p>[2013/07/12 15:20:02 | 000,005,969 | ---- | M] () -- C:\Users\Alex\Desktop\xteam logo.jpg</p><p>[2013/07/12 14:31:07 | 000,001,660 | ---- | M] () -- C:\Users\Alex\Desktop\Google Drive.lnk</p><p>[2013/07/12 14:25:04 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe</p><p>[2013/07/12 14:25:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>[2013/07/11 16:21:25 | 000,499,889 | ---- | M] () -- C:\Users\Alex\Desktop\3705222012-getting_real.pdf</p><p>[2013/07/10 18:00:08 | 000,788,116 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/08/06 14:55:51 | 001,514,225 | ---- | C] () -- C:\Users\Alex\Desktop\UCSD Building Database Driven Web Applications.pdf</p><p>[2013/08/05 16:50:47 | 000,014,424 | ---- | C] () -- C:\Users\Alex\Desktop\dollar.jpg</p><p>[2013/07/26 13:33:43 | 000,192,371 | ---- | C] () -- C:\Users\Alex\Desktop\hawthorn v bombers jul13.pdf</p><p>[2013/07/23 12:42:17 | 000,011,527 | ---- | C] () -- C:\Users\Alex\Desktop\logos-32-nodither.gif</p><p>[2013/07/23 12:41:23 | 000,014,403 | ---- | C] () -- C:\Users\Alex\Desktop\logos.gif</p><p>[2013/07/23 12:40:07 | 000,054,967 | ---- | C] () -- C:\Users\Alex\Desktop\logos.png</p><p>[2013/07/19 15:00:00 | 000,044,877 | ---- | C] () -- C:\Users\Alex\Desktop\google_search_volume_chart.png</p><p>[2013/07/17 13:30:19 | 000,012,943 | ---- | C] () -- C:\Users\Alex\Desktop\Alex Avery-Cover Letter-Green Hat-Head of Digital and Automation-Jan2013.pdf</p><p>[2013/07/16 17:08:53 | 000,137,292 | ---- | C] () -- C:\Users\Alex\Desktop\Alex Avery-Bike Helmets-Proposal-16JUL2013.pdf</p><p>[2013/07/15 12:41:47 | 000,002,371 | ---- | C] () -- C:\Users\Alex\Desktop\rugsplusonlinelogo.gif</p><p>[2013/07/15 11:41:46 | 000,174,326 | ---- | C] () -- C:\Users\Alex\Desktop\MBC Bikes Logo (640x359).jpg</p><p>[2013/07/15 11:17:02 | 000,244,235 | ---- | C] () -- C:\Users\Alex\Desktop\MBC Bikes Logo.jpg</p><p>[2013/07/15 11:16:14 | 000,008,758 | ---- | C] () -- C:\Users\Alex\Desktop\bikes-trading-hours-button.jpg</p><p>[2013/07/12 17:16:12 | 000,001,264 | ---- | C] () -- C:\Users\Alex\Desktop\rank tracker2.csv</p><p>[2013/07/12 16:46:25 | 000,001,973 | ---- | C] () -- C:\Users\Alex\Desktop\rank tracker.csv</p><p>[2013/07/12 15:44:15 | 000,048,074 | ---- | C] () -- C:\Users\Alex\Desktop\google vs apple.png</p><p>[2013/07/12 15:20:12 | 000,005,969 | ---- | C] () -- C:\Users\Alex\Desktop\xteam logo.jpg</p><p>[2013/07/12 14:31:07 | 000,001,660 | ---- | C] () -- C:\Users\Alex\Desktop\Google Drive.lnk</p><p>[2013/07/11 16:21:25 | 000,499,889 | ---- | C] () -- C:\Users\Alex\Desktop\3705222012-getting_real.pdf</p><p>[2013/06/12 15:47:25 | 000,030,640 | ---- | C] () -- C:\Users\Alex\AppData\Local\recently-used.xbel</p><p>[2013/06/12 12:48:09 | 000,014,370 | ---- | C] () -- C:\windows\wininit.ini</p><p>[2012/07/16 00:34:13 | 000,788,116 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI</p><p>[2012/05/10 14:29:10 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe</p><p>[2012/05/10 14:00:29 | 000,001,610 | ---- | C] () -- C:\windows\HotFixList.ini</p><p>[2012/02/06 14:42:56 | 000,734,772 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin</p><p>[2012/02/06 14:42:55 | 000,557,476 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin</p><p>[2012/02/06 14:42:53 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll</p><p>[2012/02/06 14:42:52 | 012,978,688 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll</p><p>[2012/02/02 23:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 15:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 14:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2013/08/06 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Azureus</p><p>[2013/08/08 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox</p><p>[2012/07/16 00:45:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\HandBrake</p><p>[2013/02/05 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Kingsoft</p><p>[2013/02/04 15:08:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ModelMakerTools</p><p>[2013/08/06 19:35:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nico Mak Computing</p><p>[2013/05/03 14:17:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PhotoScape</p><p>[2012/11/12 12:09:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sierra Wireless</p><p>[2013/06/12 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify</p><p>[2013/06/11 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TFP</p><p>[2013/08/06 22:04:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p> </p><p><span style="color: #E56717">========== Alternate Data Streams ==========</span></p><p> </p><p>@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" />FC5A2B2</p><p></p><p>< End of report ></p></blockquote><p></p>
[QUOTE="alexavery, post: 131893, member: 11079"] Hey there, I only got the one txt log file pop up. Attached below: OTL logfile created on: 8/08/2013 2:55:04 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alex\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 7.71 Gb Total Physical Memory | 5.62 Gb Available Physical Memory | 72.89% Memory free 15.42 Gb Paging File | 13.02 Gb Available in Paging File | 84.45% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 90.03 Gb Total Space | 7.22 Gb Free Space | 8.02% Space Free | Partition Type: NTFS Computer Name: ALEX-9 | User Name: Alex | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Alex\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Users\Alex\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google) PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) PRC - C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung Electronics CO., LTD.) PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics) PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._core_.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_ssl.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._controls_.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\windows._cacheinvalidation.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._windows_.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._gdi_.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._misc_.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_hashlib.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\unicodedata.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\pysqlite2._sqlite.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\pythoncom27.dll () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32com.shell.shell.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_elementtree.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\pyexpat.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._wizard.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32file.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\PyWinTypes27.dll () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32security.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32api.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_ctypes.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\wx._html2.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_socket.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32inet.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32process.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\_multiprocessing.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32pdh.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32ts.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32event.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32profile.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\win32crypt.pyd () MOD - C:\Users\Alex\AppData\Local\Temp\_MEI30922\select.pyd () MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll () MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll () MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\libglesv2.dll () MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\libegl.dll () MOD - C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll () MOD - C:\Users\Alex\AppData\Roaming\Dropbox\bin\libcef.dll () MOD - C:\Users\Alex\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll () MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll () MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:[b]64bit:[/b] - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV:[b]64bit:[/b] - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe () SRV:[b]64bit:[/b] - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV:[b]64bit:[/b] - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV:[b]64bit:[/b] - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV:[b]64bit:[/b] - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe (McAfee, Inc.) SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation) SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe () SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (irstrtsv) -- C:\Windows\SysWOW64\irstrtsv.exe (Intel Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:[b]64bit:[/b] - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:[b]64bit:[/b] - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:[b]64bit:[/b] - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:[b]64bit:[/b] - (ibtfltcoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation) DRV:[b]64bit:[/b] - (irstrtdv) -- C:\Windows\SysNative\drivers\irstrtdv.sys (Intel Corporation) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:[b]64bit:[/b] - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:[b]64bit:[/b] - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:[b]64bit:[/b] - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation) DRV:[b]64bit:[/b] - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (rusb3xhc) -- C:\Windows\SysNative\drivers\rusb3xhc.sys (Renesas Electronics Corporation) DRV:[b]64bit:[/b] - (rusb3hub) -- C:\Windows\SysNative\drivers\rusb3hub.sys (Renesas Electronics Corporation) DRV:[b]64bit:[/b] - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV:[b]64bit:[/b] - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation) DRV:[b]64bit:[/b] - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation) DRV:[b]64bit:[/b] - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation) DRV:[b]64bit:[/b] - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc) DRV:[b]64bit:[/b] - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com.ai/ IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.com.au/" FF - prefs.js..extensions.enabledAddons: rankchecker%40seobook.com:1.8.24 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alex\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/21 14:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions [2013/01/21 14:50:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a} [2013/08/06 19:58:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m0rjc2hn.default-1371005629227\extensions [2013/07/12 16:38:14 | 000,158,969 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m0rjc2hn.default-1371005629227\extensions\rankchecker@seobook.com.xpi [2013/06/30 18:44:04 | 000,239,491 | ---- | M] () (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\m0rjc2hn.default-1371005629227\extensions\trtv3@trtv.com.xpi [2013/07/09 14:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/07/09 14:49:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Alex\AppData\Roaming\Mozilla\plugins\npo1d.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: Pocket Website = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijgclgmgjipgefcnnnibgllfonlfdap\1.0.2_0\ O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\DLLx64\SnagItBHO64.dll (TechSmith Corporation) O2:[b]64bit:[/b] - BHO: (news.net) - {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - C:\Program Files\News.net\IE\x64\ScriptHost.dll File not found O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 9\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found. O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKCU..\Run: [News.net] C:\Program Files\News.net\BreakingNews\DesktopContainer.exe File not found O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alex\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.189.54.17 139.130.204.47 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15E33553-5FF6-4B26-81D5-1380458F6564}: DhcpNameServer = 192.189.54.17 139.130.204.47 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF85CDE5-0370-4A77-8528-7D58EA2CBC6D}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863CF00-A947-4FC6-A0B1-FC397696EC41}: DhcpNameServer = 192.168.42.129 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/08/08 10:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/08/08 10:55:28 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2013/08/06 19:40:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\CRE [2013/08/06 19:38:04 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\uTorrent [2013/08/06 15:48:47 | 000,000,000 | ---D | C] -- C:\windows\Sun [2013/08/06 15:35:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\Documents\Vuze Downloads [2013/08/06 15:32:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Nico Mak Computing [2013/08/06 15:32:16 | 000,019,840 | ---- | C] (WinZip Computing, S.L.(WinZip Computing)) -- C:\windows\SysNative\roboot64.exe [2013/08/06 15:32:13 | 000,000,000 | ---D | C] -- C:\Users\Alex\.swt [2013/08/06 15:31:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Azureus [2013/08/06 15:31:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vuze [2013/07/23 15:45:46 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Bike Helmets [2013/07/19 13:53:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics [2013/07/18 14:01:29 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Coursera-Startup [2013/07/17 12:37:41 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013/07/17 12:37:35 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013/07/17 12:37:35 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013/07/17 12:37:35 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013/07/17 12:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013/07/17 11:58:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Adrenalin [2013/07/16 17:36:44 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT [2013/07/12 14:31:05 | 000,000,000 | --SD | C] -- C:\Users\Alex\Google Drive [2013/07/12 14:28:42 | 000,000,000 | R--D | C] -- C:\Users\Alex\Desktop\Camera Uploads [2013/07/12 13:55:39 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2013/07/12 13:55:39 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2013/07/12 13:55:38 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll [2013/07/12 13:55:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll [2013/07/12 13:55:38 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe [2013/07/12 13:55:38 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe [2013/07/12 13:55:38 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll [2013/07/12 13:55:38 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll [2013/07/12 13:55:38 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe [2013/07/12 13:55:38 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll [2013/07/12 13:55:38 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll [2013/07/12 13:55:37 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2013/07/12 13:55:37 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2013/07/12 13:55:37 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2013/07/12 13:55:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2013/07/11 17:13:57 | 000,000,000 | ---D | C] -- C:\249ee6d1e8d1e74976663690e3 [2013/07/11 14:43:58 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll [2013/07/11 14:43:58 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll [2013/07/11 14:43:57 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL [2013/07/11 14:43:57 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL [2013/07/11 14:42:39 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/08/08 14:56:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/08/08 14:50:10 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/08/08 14:50:10 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/08/08 14:48:19 | 000,782,922 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/08/08 14:48:19 | 000,667,722 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/08/08 14:48:19 | 000,126,366 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/08/08 14:48:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3336758301-2159881952-1342346213-1000UA.job [2013/08/08 14:48:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3336758301-2159881952-1342346213-1000Core.job [2013/08/08 14:43:28 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/08/08 14:43:28 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2013/08/08 14:43:02 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/08/08 11:40:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/08/08 10:53:17 | 000,001,128 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/08/08 10:53:17 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/08/08 09:26:57 | 000,410,600 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/08/06 14:55:52 | 001,514,225 | ---- | M] () -- C:\Users\Alex\Desktop\UCSD Building Database Driven Web Applications.pdf [2013/08/05 16:50:48 | 000,014,424 | ---- | M] () -- C:\Users\Alex\Desktop\dollar.jpg [2013/08/05 12:38:46 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2013/07/26 13:33:44 | 000,192,371 | ---- | M] () -- C:\Users\Alex\Desktop\hawthorn v bombers jul13.pdf [2013/07/23 12:42:18 | 000,011,527 | ---- | M] () -- C:\Users\Alex\Desktop\logos-32-nodither.gif [2013/07/23 12:41:25 | 000,014,403 | ---- | M] () -- C:\Users\Alex\Desktop\logos.gif [2013/07/23 12:40:08 | 000,054,967 | ---- | M] () -- C:\Users\Alex\Desktop\logos.png [2013/07/19 15:00:01 | 000,044,877 | ---- | M] () -- C:\Users\Alex\Desktop\google_search_volume_chart.png [2013/07/17 12:37:30 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2013/07/17 12:37:30 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll [2013/07/17 12:37:30 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2013/07/17 12:37:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2013/07/17 12:37:30 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2013/07/17 12:37:30 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll [2013/07/16 17:08:48 | 000,137,292 | ---- | M] () -- C:\Users\Alex\Desktop\Alex Avery-Bike Helmets-Proposal-16JUL2013.pdf [2013/07/15 12:47:41 | 000,002,371 | ---- | M] () -- C:\Users\Alex\Desktop\rugsplusonlinelogo.gif [2013/07/15 11:41:47 | 000,174,326 | ---- | M] () -- C:\Users\Alex\Desktop\MBC Bikes Logo (640x359).jpg [2013/07/15 11:17:03 | 000,244,235 | ---- | M] () -- C:\Users\Alex\Desktop\MBC Bikes Logo.jpg [2013/07/15 11:16:15 | 000,008,758 | ---- | M] () -- C:\Users\Alex\Desktop\bikes-trading-hours-button.jpg [2013/07/12 17:16:12 | 000,001,264 | ---- | M] () -- C:\Users\Alex\Desktop\rank tracker2.csv [2013/07/12 16:47:29 | 000,001,973 | ---- | M] () -- C:\Users\Alex\Desktop\rank tracker.csv [2013/07/12 15:45:16 | 000,048,074 | ---- | M] () -- C:\Users\Alex\Desktop\google vs apple.png [2013/07/12 15:20:02 | 000,005,969 | ---- | M] () -- C:\Users\Alex\Desktop\xteam logo.jpg [2013/07/12 14:31:07 | 000,001,660 | ---- | M] () -- C:\Users\Alex\Desktop\Google Drive.lnk [2013/07/12 14:25:04 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013/07/12 14:25:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013/07/11 16:21:25 | 000,499,889 | ---- | M] () -- C:\Users\Alex\Desktop\3705222012-getting_real.pdf [2013/07/10 18:00:08 | 000,788,116 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/08/06 14:55:51 | 001,514,225 | ---- | C] () -- C:\Users\Alex\Desktop\UCSD Building Database Driven Web Applications.pdf [2013/08/05 16:50:47 | 000,014,424 | ---- | C] () -- C:\Users\Alex\Desktop\dollar.jpg [2013/07/26 13:33:43 | 000,192,371 | ---- | C] () -- C:\Users\Alex\Desktop\hawthorn v bombers jul13.pdf [2013/07/23 12:42:17 | 000,011,527 | ---- | C] () -- C:\Users\Alex\Desktop\logos-32-nodither.gif [2013/07/23 12:41:23 | 000,014,403 | ---- | C] () -- C:\Users\Alex\Desktop\logos.gif [2013/07/23 12:40:07 | 000,054,967 | ---- | C] () -- C:\Users\Alex\Desktop\logos.png [2013/07/19 15:00:00 | 000,044,877 | ---- | C] () -- C:\Users\Alex\Desktop\google_search_volume_chart.png [2013/07/17 13:30:19 | 000,012,943 | ---- | C] () -- C:\Users\Alex\Desktop\Alex Avery-Cover Letter-Green Hat-Head of Digital and Automation-Jan2013.pdf [2013/07/16 17:08:53 | 000,137,292 | ---- | C] () -- C:\Users\Alex\Desktop\Alex Avery-Bike Helmets-Proposal-16JUL2013.pdf [2013/07/15 12:41:47 | 000,002,371 | ---- | C] () -- C:\Users\Alex\Desktop\rugsplusonlinelogo.gif [2013/07/15 11:41:46 | 000,174,326 | ---- | C] () -- C:\Users\Alex\Desktop\MBC Bikes Logo (640x359).jpg [2013/07/15 11:17:02 | 000,244,235 | ---- | C] () -- C:\Users\Alex\Desktop\MBC Bikes Logo.jpg [2013/07/15 11:16:14 | 000,008,758 | ---- | C] () -- C:\Users\Alex\Desktop\bikes-trading-hours-button.jpg [2013/07/12 17:16:12 | 000,001,264 | ---- | C] () -- C:\Users\Alex\Desktop\rank tracker2.csv [2013/07/12 16:46:25 | 000,001,973 | ---- | C] () -- C:\Users\Alex\Desktop\rank tracker.csv [2013/07/12 15:44:15 | 000,048,074 | ---- | C] () -- C:\Users\Alex\Desktop\google vs apple.png [2013/07/12 15:20:12 | 000,005,969 | ---- | C] () -- C:\Users\Alex\Desktop\xteam logo.jpg [2013/07/12 14:31:07 | 000,001,660 | ---- | C] () -- C:\Users\Alex\Desktop\Google Drive.lnk [2013/07/11 16:21:25 | 000,499,889 | ---- | C] () -- C:\Users\Alex\Desktop\3705222012-getting_real.pdf [2013/06/12 15:47:25 | 000,030,640 | ---- | C] () -- C:\Users\Alex\AppData\Local\recently-used.xbel [2013/06/12 12:48:09 | 000,014,370 | ---- | C] () -- C:\windows\wininit.ini [2012/07/16 00:34:13 | 000,788,116 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/05/10 14:29:10 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2012/05/10 14:00:29 | 000,001,610 | ---- | C] () -- C:\windows\HotFixList.ini [2012/02/06 14:42:56 | 000,734,772 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin [2012/02/06 14:42:55 | 000,557,476 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin [2012/02/06 14:42:53 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/02/06 14:42:52 | 012,978,688 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll [2012/02/02 23:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 15:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 14:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 13:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013/08/06 19:36:51 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Azureus [2013/08/08 14:45:45 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Dropbox [2012/07/16 00:45:14 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\HandBrake [2013/02/05 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Kingsoft [2013/02/04 15:08:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ModelMakerTools [2013/08/06 19:35:35 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Nico Mak Computing [2013/05/03 14:17:52 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\PhotoScape [2012/11/12 12:09:10 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sierra Wireless [2013/06/12 13:13:54 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify [2013/06/11 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TFP [2013/08/06 22:04:16 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > [/QUOTE]
Insert quotes…
Verification
Post reply
Top
