Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
Trojan found
-
09-11-2013 6:17pmHi Jsa112
I found a trojan on my laptop today:
Can you please look at the OTL logs for me?
I ran malwarebytes and cleared it.
Log for Malwarebytes:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.11.09.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
mike :: MIKE-PC [administrator]
09/11/2013 13:00:29
mbam-log-2013-11-09 (13-00-29).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 699634
Time elapsed: 2 hour(s), 25 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_19703871 (Trojan.Dropper.NS) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WizeSearch.A) -> Bad: (http://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WizeSearch.A) -> Bad: (http://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Program Files (x86)\Ss.Helper\uninstall.exe (Trojan.Dropper.NS) -> Quarantined and deleted successfully.
(end)
OTL Log in next post0
Comments
-
OTL Log:
OTL logfile created on: 09/11/2013 16:56:19 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mike\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16721)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy
7.93 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 74.06% Memory free
15.85 Gb Paging File | 13.52 Gb Available in Paging File | 85.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 203.38 Gb Free Space | 43.67% Space Free | Partition Type: NTFS
Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/11/09 16:55:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Downloads\OTL.exe
PRC - [2013/10/23 17:02:04 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2013/10/22 17:20:45 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/22 17:20:38 | 000,179,088 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/23 21:15:18 | 007,342,592 | ---- | M] (Google Inc.) -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/15 14:56:46 | 001,164,328 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/09/14 02:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/09/04 15:23:44 | 001,315,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
PRC - [2013/08/15 15:43:04 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/06/27 11:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/05/22 11:59:08 | 000,868,352 | ---- | M] (Cucusoft, Inc.) -- C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe
PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/23 07:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/04/12 14:11:56 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2013/03/24 16:01:36 | 000,255,136 | ---- | M] (Cucusoft, Inc.) -- C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys
PRC - [2013/03/24 16:01:30 | 000,223,392 | ---- | M] (Cucusoft, Inc.) -- C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys
PRC - [2012/12/07 17:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/07/17 13:55:12 | 000,044,696 | ---- | M] (Cucusoft, Inc.) -- C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
PRC - [2008/11/11 10:07:00 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
========== Modules (No Company Name) ==========
MOD - [2013/10/22 17:20:49 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/10 07:45:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/10 07:45:08 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll
MOD - [2013/09/23 21:03:42 | 000,344,064 | ---- | M] () -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/09/23 21:03:22 | 000,231,936 | ---- | M] () -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/09/23 21:02:32 | 000,253,440 | ---- | M] () -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/09/23 21:01:52 | 000,117,248 | ---- | M] () -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/09/13 11:39:54 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll
MOD - [2013/08/15 17:33:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/15 16:28:18 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
MOD - [2013/08/15 16:28:17 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
MOD - [2013/08/15 16:28:16 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\764054efc88f51b54c8d7e44df26b671\System.Data.ni.dll
MOD - [2013/08/15 16:27:44 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 16:27:24 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 16:27:17 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/08/15 15:43:04 | 000,821,600 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2013/07/10 14:46:14 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/22 11:59:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Cucusoft\NetGuard\JcControl.XmlSerializers.dll
MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/04/04 01:09:40 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2013/01/10 20:01:44 | 000,026,624 | ---- | M] () -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/01/10 20:01:26 | 010,683,392 | ---- | M] () -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/01/10 20:01:24 | 001,681,408 | ---- | M] () -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/01/10 20:01:22 | 007,741,952 | ---- | M] () -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/01/10 20:01:20 | 002,248,192 | ---- | M] () -- C:\Users\mike\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/06 13:09:56 | 000,573,100 | ---- | M] () -- C:\Program Files\Cucusoft\NetGuard\SQLite3.dll
MOD - [2010/11/21 03:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/06/10 21:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/10/22 17:20:45 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/10/22 17:20:38 | 000,179,088 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/07 22:37:15 | 000,143,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/03/24 16:01:36 | 000,255,136 | ---- | M] (Cucusoft, Inc.) [Auto | Running] -- C:\Program Files\Cucusoft\NetGuard\SysMsgProxySrvc.sys -- (CS_SysMsgProxy)
SRV:64bit: - [2013/03/24 16:01:30 | 000,292,000 | ---- | M] (Cucusoft, Inc.) [Auto | Running] -- C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc64.sys -- (CS_BandwidthGuard64)
SRV:64bit: - [2013/03/24 16:01:30 | 000,223,392 | ---- | M] (Cucusoft, Inc.) [Auto | Running] -- C:\Program Files\Cucusoft\NetGuard\BandwidthGuardSrvc.sys -- (CS_BandwidthGuard)
SRV:64bit: - [2012/07/17 13:55:12 | 000,044,696 | ---- | M] (Cucusoft, Inc.) [Auto | Running] -- C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe -- (CS_AutoUpdate)
SRV:64bit: - [2011/10/26 01:01:00 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013/11/06 21:03:00 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 14:15:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/15 14:56:46 | 001,164,328 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/06/27 11:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/23 07:48:17 | 003,574,624 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/04/12 14:11:56 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012/12/07 17:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012/11/28 22:33:52 | 000,023,552 | ---- | M] (Fork Ltd.) [Auto | Stopped] -- C:\Prey\platform\windows\cronsvc.exe -- (CronService)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/11/08 17:03:40 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2013/10/22 17:20:50 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/10/22 17:20:50 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/22 17:20:50 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/22 17:20:50 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/22 17:20:50 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/22 17:20:50 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/10/22 17:20:50 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/10/22 17:20:43 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/10/22 17:20:38 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2013/09/06 13:25:40 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/05/29 10:06:34 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2013/05/29 10:06:30 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/04/15 15:55:31 | 000,065,600 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdklbf.sys -- (PSSDKLBF)
DRV:64bit: - [2013/04/15 15:55:30 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/25 22:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2012/08/23 14:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 14:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 14:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/26 02:05:12 | 010,496,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/10/26 00:22:00 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/01 14:08:04 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/30 19:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 19:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/17 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/10 13:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009/07/24 13:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ie"
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131030
FF - prefs.js..extensions.enabledAddons: youtubemp3podcaster%40jeremy.d.gregorio.com:3.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - prefs.js..keyword.URL: "http://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39&l=1&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/22 17:20:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/04/08 17:59:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/06 21:02:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/06 21:02:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/09/12 16:39:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/10/12 21:13:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/04/08 17:59:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/06 21:02:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/06 21:02:53 | 000,000,000 | ---D | M]
[2012/09/19 15:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2013/11/06 21:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions
[2013/07/30 14:54:43 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/10/31 22:19:42 | 000,000,000 | ---D | M] (WOT) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/10/23 19:07:02 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\iuuo_uoal@ztrc-nq.edu
[2013/10/23 19:04:59 | 000,000,000 | ---D | M] (DDownload keeper) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\ouidvqm@vgas.com
[2013/11/05 21:55:04 | 000,000,000 | ---D | M] (Youtube MP3 Podcaster) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\youtubemp3podcaster@jeremy.d.gregorio.com
[2013/11/06 21:32:37 | 001,338,622 | ---- | M] () (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\firefox@ghostery.com.xpi
[2013/08/09 21:12:16 | 000,229,424 | ---- | M] () (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
[2013/09/20 13:03:22 | 000,069,465 | ---- | M] () (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\mediahint@jetpack.xpi
[2013/10/22 17:01:25 | 000,041,044 | ---- | M] () (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\vdpure@link64.xpi
[2013/11/05 21:30:04 | 000,017,996 | ---- | M] () (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013/10/20 18:53:08 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/30 14:36:10 | 000,685,671 | ---- | M] () (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2013/11/06 21:02:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/06 21:03:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/10/22 17:20:52 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.ie/
CHR - Extension: Google Drive = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Adblock Plus = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: New Tab Plus(APP) = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmmfcbpgflaeiipmbhelananakfcodj\4.5.2_0\
CHR - Extension: Google Calendar = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Foxtab Speed Dial = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoecifcadmambfikillppkoafmgachp\9.2_0\
CHR - Extension: KB SSL Enforcer = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\2.0.3_0\
CHR - Extension: AdBlock = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: avast! Online Security = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: LastPass = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.21_0\
CHR - Extension: LastPass = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.5_0\
CHR - Extension: Totoro Rainy Day = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiagjknjjfockcklibjlfdojojaffff\1.15_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
CHR - Extension: Tapatalk Notifier = C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\plfhcjljnfjpfcbjpgnflfofmahljkjj\2.1_0\
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O4:64bit: - HKLM..\Run: [CucusoftNetGuard] File not found
O4:64bit: - HKLM..\Run: [Fences] C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [CucusoftNetGuard] C:\Program Files\Cucusoft\NetGuard\BandwidthGuard.exe (Cucusoft, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\mike\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk = C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
O4 - Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D351252-D8E5-451C-A7FC-23D709A74C09}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9951e185-1222-11e2-a5ac-0800270010cd}\Shell - "" = AutoRun
O33 - MountPoints2\{9951e185-1222-11e2-a5ac-0800270010cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9951e2f8-1222-11e2-a5ac-0800270010cd}\Shell - "" = AutoRun
O33 - MountPoints2\{9951e2f8-1222-11e2-a5ac-0800270010cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\Shell - "" = AutoRun
O33 - MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{f8ded8ee-0723-11e2-9353-08002700dccb}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ded8ee-0723-11e2-9353-08002700dccb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/11/06 21:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/25 20:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/25 20:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/25 20:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/25 20:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/25 20:44:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/10/25 20:44:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2013/10/25 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\mike\Documents\All Ireland Scor
[2013/10/23 20:15:24 | 000,000,000 | ---D | C] -- C:\Users\mike\Documents\Azwsoft
[2013/10/23 20:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Azwsoft
[2013/10/23 20:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AzwSoft
[2013/10/23 20:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AzwSoft
[2013/10/23 19:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ss.Helper
[2013/10/23 19:04:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DDownload keeper
[2013/10/23 18:09:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/23 18:09:31 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/23 18:09:25 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/23 18:09:25 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/23 18:09:25 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/22 17:29:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/10/22 17:29:05 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/10/22 17:28:51 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\AVAST Software
[2013/10/22 17:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/10/22 17:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/10/22 17:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/20 10:50:22 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Local\Evernote
[2013/05/03 21:01:33 | 005,071,600 | ---- | C] (PC Cleaners) -- C:\ProgramData\pclunst.exe
[2013/02/11 22:00:29 | 014,823,424 | ---- | C] (LastPass) -- C:\Program Files (x86)\Common Files\lpuninstall.exe
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/09 16:52:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2977376630-3732824772-3731456805-1001UA.job
[2013/11/09 16:17:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/09 16:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/09 15:39:34 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 15:39:34 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/09 15:30:28 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/09 15:29:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/09 15:29:54 | 2089,713,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/09 15:14:38 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
[2013/11/09 12:34:09 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/11/08 17:03:40 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2013/11/08 16:10:41 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/08 16:10:41 | 000,665,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/08 16:10:41 | 000,125,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/06 21:52:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2977376630-3732824772-3731456805-1001Core.job
[2013/11/03 14:20:49 | 000,000,970 | ---- | M] () -- C:\Users\mike\Documents\cc_20131103_142047.reg
[2013/10/25 20:51:12 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/25 20:36:17 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/10/25 18:13:02 | 000,001,730 | ---- | M] () -- C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
[2013/10/23 21:00:02 | 000,000,240 | ---- | M] () -- C:\Windows\wininit.ini
[2013/10/23 20:14:12 | 000,002,781 | ---- | M] () -- C:\Users\Public\Desktop\AzwSoft EBook DRM Removal.lnk
[2013/10/23 18:08:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/23 18:08:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/23 18:08:44 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/23 18:08:44 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/22 17:29:09 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/22 17:21:24 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/10/22 17:21:24 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/10/22 17:20:50 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/22 17:20:50 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/22 17:20:50 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/22 17:20:50 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/22 17:20:50 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/22 17:20:50 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/22 17:20:50 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/22 17:20:50 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/22 17:20:49 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/22 17:20:43 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013/10/22 17:20:38 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2013/10/22 17:09:02 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/10/22 17:03:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/20 10:49:59 | 000,000,936 | ---- | M] () -- C:\Users\mike\Desktop\Evernote.lnk
[2013/10/18 21:55:40 | 000,002,362 | ---- | M] () -- C:\Users\mike\Desktop\Google Chrome.lnk
[2013/10/14 17:41:56 | 000,270,824 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/10/14 17:41:56 | 000,131,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/03 14:20:49 | 000,000,970 | ---- | C] () -- C:\Users\mike\Documents\cc_20131103_142047.reg
[2013/10/25 20:51:12 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/23 20:14:12 | 000,002,781 | ---- | C] () -- C:\Users\Public\Desktop\AzwSoft EBook DRM Removal.lnk
[2013/10/22 17:29:09 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/10/22 17:29:09 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/10/22 17:21:24 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/10/22 17:09:02 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/10/20 10:49:59 | 000,000,936 | ---- | C] () -- C:\Users\mike\Desktop\Evernote.lnk
[2013/09/09 13:08:47 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/06/12 11:50:08 | 000,000,240 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/08 17:51:10 | 000,221,275 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013/04/08 17:51:10 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013/04/01 14:32:12 | 000,000,000 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Stardockfences_debug_snapshot.dat
[2013/04/01 14:18:19 | 000,000,843 | ---- | C] () -- C:\Users\mike\AppData\Local\recently-used.xbel
[2013/02/15 12:12:59 | 000,000,205 | ---- | C] () -- C:\Users\mike\AppData\Roaming\burnaware.ini
[2013/02/06 10:08:59 | 000,000,081 | ---- | C] () -- C:\Users\mike\AppData\Roaming\Checksum.ini
[2013/01/23 22:05:16 | 000,076,800 | ---- | C] () -- C:\Users\mike\Win32DiskImager.exe
[2013/01/16 11:27:05 | 000,765,218 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/17 16:28:31 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/09/19 16:54:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >0 -
run adwcleaner
http://www.bleepingcomputer.com/download/adwcleaner/
post its log
open OTL copy this into the box
:OTL
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=...cc=IE&unqvl=39
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.wisesearch.info/?l=...cc=IE&unqvl=39
FF - prefs.js..browser.search.defaultenginename,S: S", "WebSearch"
FF - prefs.js..browser.search.defaulturl: "http://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39&l=1&q="
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: S", "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: S", "WebSearch"
FF - prefs.js..keyword.URL: "http://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39&l=1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
O33 - MountPoints2\{9951e185-1222-11e2-a5ac-0800270010cd}\Shell - "" = AutoRun
O33 - MountPoints2\{9951e185-1222-11e2-a5ac-0800270010cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9951e2f8-1222-11e2-a5ac-0800270010cd}\Shell - "" = AutoRun
O33 - MountPoints2\{9951e2f8-1222-11e2-a5ac-0800270010cd}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\Shell - "" = AutoRun
O33 - MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{f8ded8ee-0723-11e2-9353-08002700dccb}\Shell - "" = AutoRun
O33 - MountPoints2\{f8ded8ee-0723-11e2-9353-08002700dccb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
[2013/10/23 19:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ss.Helper
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
click run fix post that log0 -
Thanks jsa. ADW Log:
# AdwCleaner v3.011 - Report created 10/11/2013 at 16:23:03
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : mike - MIKE-PC
# Running from : C:\Users\mike\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\END
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\DDownload keeper
Folder Found C:\Users\mike\AppData\Local\Bundled software uninstaller
Folder Found C:\Users\mike\AppData\Local\Temp\FoxTab
Folder Found C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\FoxTab
Folder Found C:\Users\mike\AppData\Roaming\SeeSimilar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\powerpack
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\wscontb
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\powerpack
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\wscontb
Key Found : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SProtector
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v25.0 (en-US)
[ File : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\9xly8itk.default-1375194461744\prefs.js ]
Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39&l=1&q=");
Line Found : user_pref("browser.search.order.1", "WebSearch");
Line Found : user_pref("browser.search.order.1,S", "WebSearch");
Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.crossrider.bic", "1411d62f5d3b64895dc2a66fd41c2b79");
Line Found : user_pref("keyword.URL", "hxxp://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39&l=1&q=");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v
[ File : C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4553 octets] - [10/11/2013 16:23:03]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4613 octets] ##########0 -
OTL Log after reboot:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Prefs.js: S", "WebSearch" removed from browser.search.defaultenginename,S
Prefs.js: "http://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39&l=1&q=" removed from browser.search.defaulturl
Prefs.js: "WebSearch" removed from browser.search.order.1
Prefs.js: S", "WebSearch" removed from browser.search.order.1,S
Prefs.js: S", "WebSearch" removed from browser.search.selectedEngine,S
Prefs.js: "http://websearch.wisesearch.info/?pid=377&r=2013/10/23&hid=2783289663440884274&lg=EN&cc=IE&unqvl=39&l=1&q=" removed from keyword.URL
Prefs.js: "" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9951e185-1222-11e2-a5ac-0800270010cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9951e185-1222-11e2-a5ac-0800270010cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9951e185-1222-11e2-a5ac-0800270010cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9951e185-1222-11e2-a5ac-0800270010cd}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9951e2f8-1222-11e2-a5ac-0800270010cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9951e2f8-1222-11e2-a5ac-0800270010cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9951e2f8-1222-11e2-a5ac-0800270010cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9951e2f8-1222-11e2-a5ac-0800270010cd}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e65c3c9b-6274-11e2-92af-0800270010cd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e65c3c9b-6274-11e2-92af-0800270010cd}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e65c3c9b-6274-11e2-92af-0800270010cd}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e65c3c9b-6274-11e2-92af-0800270010cd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e65c3c9b-6274-11e2-92af-0800270010cd}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ded8ee-0723-11e2-9353-08002700dccb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ded8ee-0723-11e2-9353-08002700dccb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f8ded8ee-0723-11e2-9353-08002700dccb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f8ded8ee-0723-11e2-9353-08002700dccb}\ not found.
File E:\LaunchU3.exe -a not found.
C:\Program Files (x86)\Ss.Helper folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: mike
->Temp folder emptied: 1207139 bytes
->Temporary Internet Files folder emptied: 49493 bytes
->Java cache emptied: 525837 bytes
->FireFox cache emptied: 389729080 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 760 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 267843 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 94343 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 621 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 374.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: mike
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: mike
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\mike\Downloads\cmd.bat deleted successfully.
C:\Users\mike\Downloads\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 11102013_162556
Files\Folders moved on Reboot...
File\Folder C:\Users\mike\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\fb_3096.lck not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...0 -
have adwcleaner delete what it found
then tell me how its running0 -
Advertisement
-
Thanks a million Jsa, it is really appreciated.
It seems to be running ok, but tbh I did not notice much wrong over the last week with it. I was just doing my weekly cleanup when I found the trojan. It was slow to load Firefox but I thought that was my mobile broadband connection.
Now I just have to restore all my Foxtabs0
Advertisement