Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer hangs and window pop-ups keep appearing


  • This topic is locked This topic is locked

#1
Lady_Rocker

Lady_Rocker

    Member

  • Member
  • PipPipPip
  • 168 posts
Having difficulty posting (see attached screen shot), need to attach OTL results.

Also attached is sample annoying pop-up.

Please help.. computer hangs or lags too much and has too many pop-ups! :confused:

Attached Thumbnails

  • GeeksToGo - annoying pop-up.png
  • GeeksToGo - error posting.png

Attached Files


  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Hi and :welcome:

Lets give it a try.

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [RESETHOSTS]
    [EMPTYJAVA]
    [REBOOT]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Re-scan with OTL and post its report.
  • 0

#3
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
RUN FIX RESULTS

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Narcis
->Temp folder emptied: 787666 bytes
->Temporary Internet Files folder emptied: 5942826 bytes
->Java cache emptied: 76774917 bytes
->FireFox cache emptied: 77744245 bytes
->Google Chrome cache emptied: 453058870 bytes
->Flash cache emptied: 1928851 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7271931 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 114688 bytes

Total Files Cleaned = 595.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Narcis
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05122013_062757

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#4
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
OTL RESCAN

==========================================================

OTL logfile created on: 05/12/2013 7:11:15 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Narcis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.75 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 59.67% Memory free
5.50 Gb Paging File | 3.94 Gb Available in Paging File | 71.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.70 Gb Total Space | 177.45 Gb Free Space | 39.20% Space Free | Partition Type: NTFS
Drive D: | 12.96 Gb Total Space | 1.59 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive F: | 14.94 Gb Total Space | 2.74 Gb Free Space | 18.33% Space Free | Partition Type: FAT32

Computer Name: NARCIS-HP | User Name: Narcis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/11 09:45:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Narcis\Desktop\OTL.exe
PRC - [2013/04/11 15:04:26 | 000,235,072 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/13 12:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/27 22:38:26 | 000,037,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2013/01/27 22:38:26 | 000,032,480 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2013/01/27 20:16:48 | 000,140,512 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/12/19 00:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/05 16:55:16 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/12/12 16:48:24 | 000,923,136 | ---- | M] () -- C:\Program Files (x86)\LivingEarthDesktop\Living-Earth-Desktop.exe
PRC - [2010/09/17 15:28:14 | 000,577,792 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
PRC - [2010/09/17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
PRC - [2010/06/25 15:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/06/24 05:09:36 | 000,125,552 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/14 04:08:56 | 012,542,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\45babd35f29911df78d6b41801de0075\System.Windows.Forms.ni.dll
MOD - [2013/02/14 03:29:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/02/13 12:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 12:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/12 08:38:41 | 001,089,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fc5bf1b21e39492ed15e24db53abeaa6\System.Management.ni.dll
MOD - [2013/01/12 08:38:28 | 001,661,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1a05479a95f137497a8484c8f5079d02\System.Drawing.ni.dll
MOD - [2013/01/12 08:38:19 | 005,767,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e93ffb76caad1b906a00fd8eacbd169e\System.Xml.ni.dll
MOD - [2013/01/12 08:38:13 | 001,016,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f4f86fc366beeb9f2eca14f47c30d952\System.Configuration.ni.dll
MOD - [2013/01/12 08:38:10 | 008,411,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\020b37a8be18dc91962b358781fb5a42\System.ni.dll
MOD - [2013/01/12 08:37:27 | 000,804,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\05ba9215ad8321d5518e66bcda39b4be\System.Runtime.Remoting.ni.dll
MOD - [2013/01/12 08:37:22 | 006,816,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\afc43ef40c007311c5adeb95526b383d\System.Data.ni.dll
MOD - [2013/01/12 08:36:32 | 013,124,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b492c89300a752d89c836db75b2388b2\PresentationCore.ni.dll
MOD - [2013/01/12 08:36:18 | 003,596,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9e57a18bcd9e813f6ceda9d0e237f1da\WindowsBase.ni.dll
MOD - [2013/01/10 19:36:23 | 015,450,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f725b7e9669eededf1e9e211da507f47\PresentationFramework.ni.dll
MOD - [2013/01/10 10:27:29 | 000,406,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02d89ea367bea02c38430bdceabccc25\PresentationFramework.Aero.ni.dll
MOD - [2012/11/18 12:29:50 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/12/12 16:48:24 | 000,923,136 | ---- | M] () -- C:\Program Files (x86)\LivingEarthDesktop\Living-Earth-Desktop.exe
MOD - [2011/03/10 19:33:44 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2008/09/29 17:37:44 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/05 16:55:08 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)
SRV:64bit: - [2010/05/12 16:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/20 19:30:26 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/01/27 22:38:26 | 000,037,088 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2013/01/27 20:16:48 | 000,140,512 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/12/19 13:13:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/19 00:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/05 16:55:16 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/17 22:01:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 06:18:00 | 004,092,408 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/13 03:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2010/06/24 05:09:36 | 000,125,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/06/13 11:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/17 08:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/03/19 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/01/09 21:46:02 | 000,095,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV:64bit: - [2012/11/28 14:04:05 | 000,232,488 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2012/11/28 14:04:04 | 000,069,160 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2012/11/26 16:49:11 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2012/11/26 16:49:10 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2012/11/26 16:49:10 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2012/11/26 16:49:09 | 000,306,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2012/11/26 16:49:09 | 000,118,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2012/11/26 16:49:08 | 000,094,248 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2012/11/26 16:49:07 | 000,089,640 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,204,328 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,133,160 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2012/11/09 19:01:13 | 000,123,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2012/11/09 19:01:12 | 000,167,976 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2012/11/09 19:01:12 | 000,119,848 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2012/11/07 09:00:05 | 000,058,360 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2012/10/22 12:09:23 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/13 03:01:26 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/10 19:33:51 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/13 04:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/25 15:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/05/12 16:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/12 15:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/04 08:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/11 01:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/06 14:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/06 14:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 19:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/19 14:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 13:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/01/12 09:23:08 | 000,026,112 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StMp3Recx64.sys -- (StMp3Recx64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {BCE3CAC2-EE33-4A23-8F36-EA49CC2368C9}
IE:64bit: - HKLM\..\SearchScopes\{6E034689-6DFA-43D1-9D47-9BE3CA7DEE8A}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{709367C6-7915-4EBE-B62E-5E99FF6B3158}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BCE3CAC2-EE33-4A23-8F36-EA49CC2368C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{E6C049FF-4DD2-4AFF-BAE8-3D48EDF809AB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {BCE3CAC2-EE33-4A23-8F36-EA49CC2368C9}
IE - HKLM\..\SearchScopes\{6E034689-6DFA-43D1-9D47-9BE3CA7DEE8A}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{709367C6-7915-4EBE-B62E-5E99FF6B3158}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{BCE3CAC2-EE33-4A23-8F36-EA49CC2368C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{E6C049FF-4DD2-4AFF-BAE8-3D48EDF809AB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook....//my.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pandasecurity...2BBC8517214D5BD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{01377398-83AC-4F18-98E1-5A4375DFE4DD}: "URL" = http://www.urbandict...m={searchTerms}
IE - HKCU\..\SearchScopes\{2E3B4660-7FF6-430C-A7A0-70DF108756D6}: "URL" = http://websearch.ask...B7-1C227F6749DF
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://pandasecurity...q={searchTerms}
IE - HKCU\..\SearchScopes\{41F2CB2F-957C-4924-AA32-6B9A073CF195}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{43D32FB0-5053-4891-AF80-D9590E4CD9C2}: "URL" = http://www.google.co...1I7NDKB_enGU530
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...m={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://home.allgames...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;?r?r?r?r?r?r?r?r?r?r?r?r???;??;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.co...b_ver=1.3.3&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?l=dis&o=14200"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.6
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5
FF - prefs.js..extensions.enabledAddons: [email protected]:10.3
FF - prefs.js..extensions.enabledAddons: {1519200d-6633-40c9-a9a1-d60d8d1d0479}:1.0.4
FF - prefs.js..extensions.enabledAddons: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.1
FF - prefs.js..keyword.enabled: false
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..keyword.URL: "http://websearch.ask...m013^YY^GU&&q="
FF - prefs.js..Keyword.Enabled: "true"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.startup.homepage: "http://pandasecurity...BBC850B91CE04A"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/09/16 23:15:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/09/16 23:15:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Narcis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Narcis\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Narcis\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Narcis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/02 04:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/02 04:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/22 21:51:28 | 000,000,000 | ---D | M]

[2012/06/10 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Extensions
[2012/06/10 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/12/01 06:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions
[2012/12/01 06:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/07/16 07:00:55 | 000,000,000 | ---D | M] (TotalRecipeSearch) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]_14.com
[2012/04/17 10:58:26 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2012/01/28 14:50:59 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab &amp; More) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2012/03/06 18:25:08 | 000,053,494 | ---- | M] () (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2011/08/23 19:21:22 | 000,074,961 | ---- | M] () (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2012/03/22 12:40:01 | 000,247,938 | ---- | M] () (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2011/09/14 07:29:32 | 001,547,075 | ---- | M] () (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\{1519200d-6633-40c9-a9a1-d60d8d1d0479}.xpi
[2012/10/15 12:42:20 | 000,002,001 | ---- | M] () -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\allgameshome.xml
[2012/11/03 12:06:28 | 000,002,336 | ---- | M] () -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\askcom.xml
[2012/01/17 00:23:54 | 000,002,281 | ---- | M] () -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\s-amazon.xml
[2011/03/30 22:34:55 | 000,001,679 | ---- | M] () -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\thepiratebayorg.xml
[2011/05/09 07:50:48 | 000,001,057 | ---- | M] () -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\yahoo-zugo.xml
[2012/04/27 21:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/28 14:28:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/26 15:29:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/18 03:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.facebook.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Narcis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: YouTube = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Free Smileys & Emoticons = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.7.0_0\
CHR - Extension: Full Screen Weather = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: RealDownloader = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: WeatherBug = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.4_0\
CHR - Extension: MyPermissions Cleaner = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\liiikhhbkpmpomjmdofandjmdgapiahi\0.3.9_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: iVillage = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pheipkkgfejkeajniamlabkiebejdpaa\1.7.2_0\
CHR - Extension: Gmail = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/05/12 06:31:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found.
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [GGWallpaper] C:\Program Files (x86)\LivingEarthDesktop\Living-Earth-Desktop.exe ()
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll] C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll (DivX, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Narcis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.151.64.110 202.151.64.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72CEA451-92EF-4AAC-A359-B5FE41C30D80}: DhcpNameServer = 202.151.64.110 202.151.64.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC8C1302-92B0-45C7-B2C0-BCBA09209004}: DhcpNameServer = 116.68.13.136 116.68.13.137
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/05 21:54:14 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/11 09:44:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Narcis\Desktop\OTL.exe
[2013/04/27 14:50:28 | 000,000,000 | ---D | C] -- C:\Users\Narcis\Desktop\Visio2007-ProSp1
[2013/04/27 14:49:20 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Roaming\WinRAR
[2013/04/27 14:49:20 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/04/27 14:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/04/27 14:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/04/25 14:27:17 | 000,058,360 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2013/04/20 20:16:04 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Roaming\FamilyTreeMaker
[2013/04/20 19:46:28 | 000,000,000 | ---D | C] -- C:\Users\Narcis\Documents\Family Tree Maker
[2013/04/20 19:41:18 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Local\Ancestry.com
[2013/04/20 18:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2012
[2013/04/20 18:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Family Tree Maker 2012
[2013/04/20 18:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BCL Technologies
[2013/04/20 18:57:51 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2013/04/20 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2013/04/20 18:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2013/04/20 18:54:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
[2013/04/20 14:22:27 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Local\panda4_0dn
[2013/04/20 14:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pandasecuritytb
[2013/04/20 14:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2013/04/18 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/14 21:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader

========== Files - Modified Within 30 Days ==========

[2013/05/12 07:20:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/12 06:48:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 06:48:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 06:39:22 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/12 06:38:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/12 06:38:34 | 2214,043,648 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/12 06:36:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001UA.job
[2013/05/12 06:31:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/05/12 05:36:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001Core.job
[2013/05/12 05:12:30 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001UA.job
[2013/05/11 20:54:45 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001Core.job
[2013/05/11 11:14:49 | 000,001,029 | ---- | M] () -- C:\Users\Narcis\Desktop\Dropbox.lnk
[2013/05/11 09:45:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Narcis\Desktop\OTL.exe
[2013/05/10 22:54:56 | 001,341,861 | ---- | M] () -- C:\Users\Narcis\Desktop\yigo.png
[2013/05/08 18:36:44 | 000,783,878 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/08 18:36:44 | 000,663,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/08 18:36:44 | 000,122,328 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/29 22:43:15 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNarcis.job
[2013/04/27 15:02:44 | 000,000,510 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/04/21 08:56:42 | 001,471,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/20 19:00:23 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Family Tree Maker 2012.lnk
[2013/04/19 01:15:40 | 000,012,288 | ---- | M] () -- C:\Users\Narcis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/18 23:22:21 | 000,004,096 | -H-- | M] () -- C:\Users\Narcis\AppData\Local\keyfile3.drm
[2013/04/17 12:59:24 | 000,920,637 | ---- | M] () -- C:\Users\Narcis\Desktop\CC 04-17-2013.png
[2013/04/16 12:27:12 | 000,445,898 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130504-211525.backup
[2013/04/14 21:05:44 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk

========== Files Created - No Company Name ==========

[2013/05/10 22:49:55 | 001,341,861 | ---- | C] () -- C:\Users\Narcis\Desktop\yigo.png
[2013/04/20 19:00:23 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Family Tree Maker 2012.lnk
[2013/04/17 12:59:23 | 000,920,637 | ---- | C] () -- C:\Users\Narcis\Desktop\CC 04-17-2013.png
[2012/09/30 12:35:41 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012/09/13 05:39:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/07/06 06:33:43 | 000,001,481 | ---- | C] () -- C:\Windows\wininit.ini
[2012/05/08 07:23:21 | 000,000,000 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\bibstats
[2012/03/29 10:17:56 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/02/10 00:20:33 | 000,001,063 | ---- | C] () -- C:\Users\Narcis\Music - Shortcut.lnk
[2012/01/14 15:42:21 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/07 21:12:59 | 000,038,427 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/07/22 12:03:55 | 000,012,288 | ---- | C] () -- C:\Users\Narcis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/11 11:02:40 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/05 18:06:27 | 000,004,096 | -H-- | C] () -- C:\Users\Narcis\AppData\Local\keyfile3.drm
[2011/06/05 16:14:54 | 000,001,057 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\vso_ts_preview.xml
[2011/05/17 21:57:25 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/14 20:02:33 | 000,001,854 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\GhostObjGAFix.xml
[2011/01/19 11:34:04 | 000,001,799 | ---- | C] () -- C:\Users\Narcis\ts.m3u
[2010/12/06 18:12:23 | 000,855,641 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\PandaIDProtectHelp.chm
[2010/12/04 20:22:09 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/12/03 17:13:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/12 03:24:17 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/12 03:24:17 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/03/10 19:34:06 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/07 00:17:35 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\4 Friends Games
[2011/10/12 21:48:41 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Alawar Stargaze
[2012/10/27 12:09:57 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\AlawarEntertainment
[2011/12/17 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Artifex Mundi
[2011/06/01 20:54:21 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Artogon
[2012/08/05 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Big Fish Games
[2011/03/23 22:47:52 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Blue Tea Games
[2012/01/15 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Boomzap
[2011/12/24 11:20:22 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Brabl
[2011/10/12 06:51:50 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\BrablGames
[2012/10/08 10:25:58 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Canon
[2011/12/11 03:03:28 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\casualArts
[2011/05/11 08:40:28 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\com.terrypaton.breakit4
[2011/06/18 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2011/04/14 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/03/15 20:52:47 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Dekovir
[2013/01/20 21:01:02 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Downloaded Installations
[2013/05/11 15:43:29 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Dropbox
[2012/06/04 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\EleFun Games
[2012/06/05 19:40:12 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Elephant Games
[2012/08/28 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\ERS Game Studios
[2012/06/05 23:14:38 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Faerie Solitaire
[2013/04/21 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\FamilyTreeMaker
[2012/12/29 14:23:32 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\FileOpen
[2012/06/10 16:25:16 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Flickr
[2011/08/21 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Floodlight Games
[2012/07/19 22:33:56 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Friday's games
[2011/06/14 00:54:47 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\FriendsGamesNetwork
[2012/07/30 07:16:16 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\FrostWire
[2012/06/03 22:04:41 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\GameMill Entertainment
[2011/03/01 21:24:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\GAMGO
[2011/01/08 23:44:52 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Ghost Ship Studios
[2010/12/07 22:58:35 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\gogii
[2011/10/15 11:45:22 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\ICQ
[2011/01/23 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\iJoysoft
[2012/10/29 20:38:18 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\IMVU
[2012/10/25 06:15:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\IMVUClient
[2012/02/24 07:32:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Jigsaws Galore
[2011/12/17 12:56:03 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\JLAdventCalendarLondon2011
[2012/01/14 15:42:48 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Leawo
[2013/01/19 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LegacyGames
[2011/10/13 23:17:41 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LestaStudio
[2011/03/07 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LG Electronics
[2012/06/17 17:37:20 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LittleGamesCompany
[2013/05/11 11:03:37 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LivingEarthDesktop
[2012/03/07 14:35:01 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LolClient
[2012/05/24 07:48:48 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LolClient2
[2011/04/05 20:25:29 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\margrave3_full
[2011/03/21 01:05:41 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\md studio
[2011/10/15 19:40:20 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Millennia
[2011/03/03 20:21:52 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Mystery of Mortlake Mansion
[2012/09/24 22:29:59 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\NewspaperDirect
[2012/12/29 14:23:32 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Nitro
[2013/04/18 19:33:22 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Nitro PDF
[2012/12/22 16:50:37 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\OpenCandy
[2012/07/29 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Orneon
[2010/12/05 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Panda Security
[2010/12/03 15:29:56 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\PictureMover
[2012/11/16 18:43:52 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\PlayFirst
[2011/03/01 20:23:32 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\QB9
[2011/02/27 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Red Kawa
[2012/01/08 16:22:11 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\redsn0w
[2011/05/28 22:07:15 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Registry Mechanic
[2011/05/22 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Silverback Productions
[2013/03/09 08:04:08 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\SmartDraw
[2011/06/27 07:18:28 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\SoftGrid Client
[2010/12/05 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\SurfSecret Privacy Suite
[2011/06/11 16:53:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Ten Heavens
[2012/01/14 15:44:22 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\tiger-k
[2012/03/01 19:28:17 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Top Evidence
[2011/05/09 08:22:01 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\TP
[2013/01/11 07:12:24 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\TuneUpMedia
[2012/12/14 16:55:45 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Unity
[2013/05/10 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\uTorrent
[2012/10/28 20:15:51 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\V-Games
[2011/10/28 22:42:37 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Vast Studios
[2011/06/02 21:01:21 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Vogat Interactive
[2012/01/03 18:31:48 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Vso
[2012/05/07 01:14:51 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WeatherWatcher
[2012/06/14 05:35:01 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WeatherWatcherLive
[2012/07/22 17:22:47 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WildTangent
[2010/12/10 07:31:59 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WildTangentv1002
[2010/12/04 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WinBatch
[2010/12/05 19:29:34 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/08/17 07:34:27 | 000,000,720 | ---- | M] ()(C:\Users\Narcis\AppData\Local\PMB Fik?s) -- C:\Users\Narcis\AppData\Local\PMB Fik聥s
[2011/08/17 07:34:12 | 000,000,720 | ---- | C] ()(C:\Users\Narcis\AppData\Local\PMB Fik?s) -- C:\Users\Narcis\AppData\Local\PMB Fik聥s

========== Alternate Data Streams ==========

@Alternate Data Stream - 258 bytes -> C:\ProgramData\Temp:6B709AD7
@Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 253 bytes -> C:\ProgramData\Temp:363E775E
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:F68CB1A4
@Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:5E73E1C2
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:FFD58FFB
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:E8C44CB4
@Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:0A74923C
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:8E11CC80
@Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:24FECE50
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:B0456F0C
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:A819A132
@Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:67E674B0
@Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:2211E7A0
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:B8791731
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:1C201DEB
@Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:378824DE
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:F89F2593
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:7A032A04
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:7ADB695A
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:F72306CC
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:65B8AF94
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:C0D23A2F
@Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:94B46CA2
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:9D6EAEC3
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:9BAC4211
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:7DC5D762
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:16A4620C
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:D5BF78B4
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:A0921B2C
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5A2E8BBF
@Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:61AF2B29
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:C22674B6
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2D2461E7
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:BCFEA004
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:AFB24B00
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:A4E7D25F
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:6247E766
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:BE40C8A2
@Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:3B812EE0
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:A6D89509
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:57B2B96C
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:DB16B026
@Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:E51234A9
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:D507B5A8
@Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:43860CE8
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:922DA2DB
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6EE8565A
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:48D3CC24
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:474022C7
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CBAB74CB
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8E5EA40F
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:11590865
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9720EBEF
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E402E439
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C37283B5
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4D729D61
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:13019F4B
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:B1786630
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:689AB7E9
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:19474103
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:512336B9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E87AB4E3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:99B20AD0
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1B389835
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FCBEDCFD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D999FFD5
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:697DDE2B
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:22741C1F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4A966CC2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:00811B66
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:EF38B79C
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:54380FEC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4CD3F344
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:012BC84F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:569CEE83
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:34EFF1F2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:1A15E356
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:89C2A42C
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:774C075A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8B4B9596
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:C67CB31A
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:ED9B661E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:512E1728
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2B9555D8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D48500F8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:EA701346
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

#5
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
FYI, Computer is faster and annoying pop-ups have not (yet) appeared!

Will monitor this for the next couple of days, please do not close this topic until I follow up.

THANK YOU FOR SUCH A QUICK RESPONSE!!


:thumbsup:
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
The HOSTS file was bloated. Lets scan for remnants.

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    @Alternate Data Stream - 258 bytes -> C:\ProgramData\Temp:6B709AD7
    @Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:48862C37
    @Alternate Data Stream - 253 bytes -> C:\ProgramData\Temp:363E775E
    @Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:F68CB1A4
    @Alternate Data Stream - 242 bytes -> C:\ProgramData\Temp:5E73E1C2
    @Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:FFD58FFB
    @Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:E8C44CB4
    @Alternate Data Stream - 238 bytes -> C:\ProgramData\Temp:E8B61305
    @Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:0A74923C
    @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:8E11CC80
    @Alternate Data Stream - 235 bytes -> C:\ProgramData\Temp:24FECE50
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:B0456F0C
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:A819A132
    @Alternate Data Stream - 234 bytes -> C:\ProgramData\Temp:67E674B0
    @Alternate Data Stream - 233 bytes -> C:\ProgramData\Temp:2211E7A0
    @Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:B8791731
    @Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:391535F9
    @Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:1C201DEB
    @Alternate Data Stream - 228 bytes -> C:\ProgramData\Temp:378824DE
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:F89F2593
    @Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:7A032A04
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:7ADB695A
    @Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:2AE74FF9
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:FAB64002
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:F72306CC
    @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:65B8AF94
    @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:C0D23A2F
    @Alternate Data Stream - 222 bytes -> C:\ProgramData\Temp:94B46CA2
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:9D6EAEC3
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:9BAC4211
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:7DC5D762
    @Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:16A4620C
    @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:206470A5
    @Alternate Data Stream - 219 bytes -> C:\ProgramData\Temp:D5BF78B4
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:A0921B2C
    @Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:5A2E8BBF
    @Alternate Data Stream - 216 bytes -> C:\ProgramData\Temp:61AF2B29
    @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:C22674B6
    @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:2D2461E7
    @Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:BCFEA004
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:AFB24B00
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:A4E7D25F
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:6247E766
    @Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:3086B95F
    @Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:03D08225
    @Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:BE40C8A2
    @Alternate Data Stream - 209 bytes -> C:\ProgramData\Temp:CBAF0C30
    @Alternate Data Stream - 208 bytes -> C:\ProgramData\Temp:3B812EE0
    @Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:A6D89509
    @Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:57B2B96C
    @Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:DB16B026
    @Alternate Data Stream - 197 bytes -> C:\ProgramData\Temp:E51234A9
    @Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:D507B5A8
    @Alternate Data Stream - 196 bytes -> C:\ProgramData\Temp:43860CE8
    @Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:260575F1
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:922DA2DB
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:6EE8565A
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:48D3CC24
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:474022C7
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CBAB74CB
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:8E5EA40F
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:11590865
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:9720EBEF
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:E402E439
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:C37283B5
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:4D729D61
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:13019F4B
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:B1786630
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:689AB7E9
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:19474103
    @Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:512336B9
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:E87AB4E3
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:99B20AD0
    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:1B389835
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:FCBEDCFD
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:D999FFD5
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:697DDE2B
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:2CB9631F
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:22741C1F
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4A966CC2
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:00811B66
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:EF38B79C
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5080697C
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:54380FEC
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:4CD3F344
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:012BC84F
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:569CEE83
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:34EFF1F2
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:1A15E356
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B36361EE
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:89C2A42C
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:774C075A
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:8B4B9596
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:C67CB31A
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:ED9B661E
    @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:512E1728
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:2B9555D8
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D48500F8
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:EA701346
    @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#7
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
The OTL did not request or performed a "reboot"; but, here is the log. I'm proceeding with the AdwCleaner®.

=======================

========== OTL ==========
Unable to delete ADS C:\ProgramData\Temp:6B709AD7 .
Unable to delete ADS C:\ProgramData\Temp:48862C37 .
Unable to delete ADS C:\ProgramData\Temp:363E775E .
Unable to delete ADS C:\ProgramData\Temp:F68CB1A4 .
Unable to delete ADS C:\ProgramData\Temp:5E73E1C2 .
Unable to delete ADS C:\ProgramData\Temp:FFD58FFB .
Unable to delete ADS C:\ProgramData\Temp:E8C44CB4 .
Unable to delete ADS C:\ProgramData\Temp:E8B61305 .
Unable to delete ADS C:\ProgramData\Temp:0A74923C .
Unable to delete ADS C:\ProgramData\Temp:8E11CC80 .
Unable to delete ADS C:\ProgramData\Temp:24FECE50 .
Unable to delete ADS C:\ProgramData\Temp:B0456F0C .
Unable to delete ADS C:\ProgramData\Temp:A819A132 .
Unable to delete ADS C:\ProgramData\Temp:67E674B0 .
Unable to delete ADS C:\ProgramData\Temp:2211E7A0 .
Unable to delete ADS C:\ProgramData\Temp:B8791731 .
Unable to delete ADS C:\ProgramData\Temp:391535F9 .
Unable to delete ADS C:\ProgramData\Temp:1C201DEB .
Unable to delete ADS C:\ProgramData\Temp:378824DE .
Unable to delete ADS C:\ProgramData\Temp:F89F2593 .
Unable to delete ADS C:\ProgramData\Temp:7A032A04 .
Unable to delete ADS C:\ProgramData\Temp:7ADB695A .
Unable to delete ADS C:\ProgramData\Temp:2AE74FF9 .
Unable to delete ADS C:\ProgramData\Temp:FAB64002 .
Unable to delete ADS C:\ProgramData\Temp:F72306CC .
Unable to delete ADS C:\ProgramData\Temp:65B8AF94 .
Unable to delete ADS C:\ProgramData\Temp:C0D23A2F .
Unable to delete ADS C:\ProgramData\Temp:94B46CA2 .
Unable to delete ADS C:\ProgramData\Temp:9D6EAEC3 .
Unable to delete ADS C:\ProgramData\Temp:9BAC4211 .
Unable to delete ADS C:\ProgramData\Temp:7DC5D762 .
Unable to delete ADS C:\ProgramData\Temp:16A4620C .
Unable to delete ADS C:\ProgramData\Temp:206470A5 .
Unable to delete ADS C:\ProgramData\Temp:D5BF78B4 .
Unable to delete ADS C:\ProgramData\Temp:A0921B2C .
Unable to delete ADS C:\ProgramData\Temp:5A2E8BBF .
Unable to delete ADS C:\ProgramData\Temp:61AF2B29 .
Unable to delete ADS C:\ProgramData\Temp:C22674B6 .
Unable to delete ADS C:\ProgramData\Temp:2D2461E7 .
Unable to delete ADS C:\ProgramData\Temp:BCFEA004 .
Unable to delete ADS C:\ProgramData\Temp:AFB24B00 .
Unable to delete ADS C:\ProgramData\Temp:A4E7D25F .
Unable to delete ADS C:\ProgramData\Temp:6247E766 .
Unable to delete ADS C:\ProgramData\Temp:3086B95F .
Unable to delete ADS C:\ProgramData\Temp:03D08225 .
Unable to delete ADS C:\ProgramData\Temp:BE40C8A2 .
Unable to delete ADS C:\ProgramData\Temp:CBAF0C30 .
Unable to delete ADS C:\ProgramData\Temp:3B812EE0 .
Unable to delete ADS C:\ProgramData\Temp:A6D89509 .
Unable to delete ADS C:\ProgramData\Temp:57B2B96C .
Unable to delete ADS C:\ProgramData\Temp:DB16B026 .
Unable to delete ADS C:\ProgramData\Temp:E51234A9 .
Unable to delete ADS C:\ProgramData\Temp:D507B5A8 .
Unable to delete ADS C:\ProgramData\Temp:43860CE8 .
Unable to delete ADS C:\ProgramData\Temp:260575F1 .
Unable to delete ADS C:\ProgramData\Temp:922DA2DB .
Unable to delete ADS C:\ProgramData\Temp:6EE8565A .
Unable to delete ADS C:\ProgramData\Temp:48D3CC24 .
Unable to delete ADS C:\ProgramData\Temp:474022C7 .
Unable to delete ADS C:\ProgramData\Temp:CBAB74CB .
Unable to delete ADS C:\ProgramData\Temp:8E5EA40F .
Unable to delete ADS C:\ProgramData\Temp:11590865 .
Unable to delete ADS C:\ProgramData\Temp:9720EBEF .
Unable to delete ADS C:\ProgramData\Temp:E402E439 .
Unable to delete ADS C:\ProgramData\Temp:C37283B5 .
Unable to delete ADS C:\ProgramData\Temp:4D729D61 .
Unable to delete ADS C:\ProgramData\Temp:13019F4B .
Unable to delete ADS C:\ProgramData\Temp:B1786630 .
Unable to delete ADS C:\ProgramData\Temp:689AB7E9 .
Unable to delete ADS C:\ProgramData\Temp:19474103 .
Unable to delete ADS C:\ProgramData\Temp:512336B9 .
Unable to delete ADS C:\ProgramData\Temp:E87AB4E3 .
Unable to delete ADS C:\ProgramData\Temp:99B20AD0 .
Unable to delete ADS C:\ProgramData\Temp:1B389835 .
Unable to delete ADS C:\ProgramData\Temp:FCBEDCFD .
Unable to delete ADS C:\ProgramData\Temp:D999FFD5 .
Unable to delete ADS C:\ProgramData\Temp:697DDE2B .
Unable to delete ADS C:\ProgramData\Temp:2CB9631F .
Unable to delete ADS C:\ProgramData\Temp:22741C1F .
Unable to delete ADS C:\ProgramData\Temp:4A966CC2 .
Unable to delete ADS C:\ProgramData\Temp:00811B66 .
Unable to delete ADS C:\ProgramData\Temp:EF38B79C .
Unable to delete ADS C:\ProgramData\Temp:5080697C .
Unable to delete ADS C:\ProgramData\Temp:54380FEC .
Unable to delete ADS C:\ProgramData\Temp:4CD3F344 .
Unable to delete ADS C:\ProgramData\Temp:012BC84F .
Unable to delete ADS C:\ProgramData\Temp:569CEE83 .
Unable to delete ADS C:\ProgramData\Temp:34EFF1F2 .
Unable to delete ADS C:\ProgramData\Temp:1A15E356 .
Unable to delete ADS C:\ProgramData\Temp:B36361EE .
Unable to delete ADS C:\ProgramData\Temp:89C2A42C .
Unable to delete ADS C:\ProgramData\Temp:774C075A .
Unable to delete ADS C:\ProgramData\Temp:8B4B9596 .
Unable to delete ADS C:\ProgramData\Temp:C67CB31A .
Unable to delete ADS C:\ProgramData\Temp:ED9B661E .
Unable to delete ADS C:\ProgramData\Temp:512E1728 .
Unable to delete ADS C:\ProgramData\Temp:2B9555D8 .
Unable to delete ADS C:\ProgramData\Temp:D48500F8 .
Unable to delete ADS C:\ProgramData\Temp:EA701346 .
Unable to delete ADS C:\ProgramData\Temp:D1B5B4F1 .

OTL by OldTimer - Version 3.2.69.0 log created on 05122013_151054
  • 0

#8
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
# AdwCleaner v2.300 - Logfile created 05/12/2013 at 15:15:22
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Narcis - NARCIS-HP
# Boot Mode : Normal
# Running from : C:\Users\Narcis\Documents\0 - MoM personal\06 - tech related\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\yahoo-zugo.xml
File Deleted : C:\Users\Public\Desktop\iLivid.lnk
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\FaceSmooch Smileys
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Program Files (x86)\YouTube Downloader Toolbar
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Users\Narcis\AppData\Local\APN
Folder Deleted : C:\Users\Narcis\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Narcis\AppData\Local\PackageAware
Folder Deleted : C:\Users\Narcis\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Narcis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Narcis\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Narcis\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Narcis\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]_14.com
Folder Deleted : C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\jetpack
Folder Deleted : C:\Users\Narcis\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\Smart Suggestor
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Minibar
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6B44122B-DEBA-44AB-B3DC-624DF767CB85}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6B44122B-DEBA-44AB-B3DC-624DF767CB85}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{416794AB-75FB-4EC7-B41F-835DA5476E39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9263E260-0BAA-4CD8-9E47-EFB6152C672B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FaceSmooch Smileys
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepage&toolbarid=pandasecuritytb&v=4_0&u=192515CDE68ABE0F22BBC8517214D5BD --> hxxp://www.google.com

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\prefs.js

Deleted : user_pref("SmartSuggestor.aid", "10007");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_v[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=14200");
Deleted : user_pref("extensions.SmartSuggestor.aid", "10007");
Deleted : user_pref("extensions.SmartSuggestor.showButton", false);
Deleted : user_pref("extensions.facetweak.addit.remoteInstallItems", "{ \"software\": {\"90\": {\"id\": \"90\"[...]
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("icqtoolbar.allowSendURL", false);
Deleted : user_pref("icqtoolbar.engineVerified", false);
Deleted : user_pref("icqtoolbar.geolastmodified", 1318598845);
Deleted : user_pref("icqtoolbar.hiddenElements", "itb_options");
Deleted : user_pref("icqtoolbar.history", "eileen%20holland||edward%20cayce||religions%20of%20the%20world||eil[...]
Deleted : user_pref("icqtoolbar.hpChange", true);
Deleted : user_pref("icqtoolbar.icqgeo", 671);
Deleted : user_pref("icqtoolbar.installTime", "1318598845");
Deleted : user_pref("icqtoolbar.installsource", "1");
Deleted : user_pref("icqtoolbar.newtab_state", "1");
Deleted : user_pref("icqtoolbar.numberOfSearches", 0);
Deleted : user_pref("icqtoolbar.previousFFVersion", "7.0.1");
Deleted : user_pref("icqtoolbar.skip_default_search", "no");
Deleted : user_pref("icqtoolbar.uniqueID", "131856924413185694841318598845955");
Deleted : user_pref("icqtoolbar.usageStatstTimestamp", 1319185523);
Deleted : user_pref("icqtoolbar.userHpApproved", true);
Deleted : user_pref("icqtoolbar.version", "1.3.3");
Deleted : user_pref("icqtoolbar.voucherHideClicks", 0);
Deleted : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Deleted : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Deleted : user_pref("icqtoolbar.voucherWasShown", 0);
Deleted : user_pref("icqtoolbar.xmlEnableHomePageDsGuard", true);
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14197&locale=[...]
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://home.allgameshome.com/results.php?cate[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://pandasecurity.mystart.com/?source=5b97eeb3&tbp=homepag[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3413] : urls_to_restore_on_startup = [ "hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?b[...]

*************************

AdwCleaner[S1].txt - [10006 octets] - [12/05/2013 15:15:22]

########## EOF - C:\AdwCleaner[S1].txt - [10067 octets] ##########
  • 0

#9
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
*NOTE* NO REBOOT AFTER SCAN

=================================================

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.11.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Narcis :: NARCIS-HP [administrator]

Protection: Enabled

05/12/2013 3:29:13 PM
mbam-log-2013-05-12 (15-29-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220001
Time elapsed: 7 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#10
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
I rebooted my computer to see if any of the "remedies" worked...

instead, that annoying "pop-up" appeared again (see first picture)...

So I decided to run the OTL again and right when it started, another annoying "pop-up" appeared (see second picture)...

I closed those windows up, including the OTL... then re-ran the OTL and here are the results:

============================================================================

OTL logfile created on: 05/12/2013 5:05:06 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Narcis\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yyyy

2.75 Gb Total Physical Memory | 1.74 Gb Available Physical Memory | 63.13% Memory free
5.50 Gb Paging File | 3.78 Gb Available in Paging File | 68.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.70 Gb Total Space | 186.74 Gb Free Space | 41.25% Space Free | Partition Type: NTFS
Drive D: | 12.96 Gb Total Space | 1.59 Gb Free Space | 12.28% Space Free | Partition Type: NTFS
Drive F: | 14.94 Gb Total Space | 2.74 Gb Free Space | 18.33% Space Free | Partition Type: FAT32

Computer Name: NARCIS-HP | User Name: Narcis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/11 09:45:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Narcis\Desktop\OTL.exe
PRC - [2013/04/11 15:04:26 | 000,235,072 | ---- | M] (Visicom Media Inc.) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/13 12:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/01/27 22:38:26 | 000,037,088 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2013/01/27 22:38:26 | 000,032,480 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2013/01/27 20:16:48 | 000,140,512 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/12/19 00:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/05 16:55:16 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2011/12/12 16:48:24 | 000,923,136 | ---- | M] () -- C:\Program Files (x86)\LivingEarthDesktop\Living-Earth-Desktop.exe
PRC - [2010/09/17 15:28:14 | 000,577,792 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
PRC - [2010/09/17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
PRC - [2010/06/25 15:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/06/24 05:09:36 | 000,125,552 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/14 04:08:56 | 012,542,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\45babd35f29911df78d6b41801de0075\System.Windows.Forms.ni.dll
MOD - [2013/02/14 03:29:08 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/02/13 12:38:06 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2013/02/13 12:37:16 | 001,263,952 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/01/12 08:38:41 | 001,089,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\fc5bf1b21e39492ed15e24db53abeaa6\System.Management.ni.dll
MOD - [2013/01/12 08:38:28 | 001,661,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1a05479a95f137497a8484c8f5079d02\System.Drawing.ni.dll
MOD - [2013/01/12 08:38:19 | 005,767,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e93ffb76caad1b906a00fd8eacbd169e\System.Xml.ni.dll
MOD - [2013/01/12 08:38:13 | 001,016,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f4f86fc366beeb9f2eca14f47c30d952\System.Configuration.ni.dll
MOD - [2013/01/12 08:38:10 | 008,411,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\020b37a8be18dc91962b358781fb5a42\System.ni.dll
MOD - [2013/01/12 08:37:27 | 000,804,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\05ba9215ad8321d5518e66bcda39b4be\System.Runtime.Remoting.ni.dll
MOD - [2013/01/12 08:37:22 | 006,816,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\afc43ef40c007311c5adeb95526b383d\System.Data.ni.dll
MOD - [2013/01/12 08:36:32 | 013,124,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b492c89300a752d89c836db75b2388b2\PresentationCore.ni.dll
MOD - [2013/01/12 08:36:18 | 003,596,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9e57a18bcd9e813f6ceda9d0e237f1da\WindowsBase.ni.dll
MOD - [2013/01/10 19:36:23 | 015,450,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f725b7e9669eededf1e9e211da507f47\PresentationFramework.ni.dll
MOD - [2013/01/10 10:27:29 | 000,406,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02d89ea367bea02c38430bdceabccc25\PresentationFramework.Aero.ni.dll
MOD - [2012/11/18 12:29:50 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2011/12/12 16:48:24 | 000,923,136 | ---- | M] () -- C:\Program Files (x86)\LivingEarthDesktop\Living-Earth-Desktop.exe
MOD - [2011/03/10 19:33:44 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/09/28 14:00:32 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/09/28 14:00:30 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/09/28 14:00:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
MOD - [2008/09/29 17:37:44 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/05 16:55:08 | 000,216,072 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe -- (NitroDriverReadSpool2)
SRV:64bit: - [2010/05/12 16:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/20 19:30:26 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/01/27 22:38:26 | 000,037,088 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2013/01/27 20:16:48 | 000,140,512 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/12/19 13:13:15 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/19 00:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/05 16:55:16 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/17 22:01:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/05/04 06:18:00 | 004,092,408 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/13 03:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/17 15:28:06 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2010/06/24 05:09:36 | 000,125,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2010/06/13 11:06:08 | 000,400,368 | ---- | M] (CinemaNow, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/04/17 08:34:34 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2010/03/19 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/04/19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/01/09 21:46:02 | 000,095,712 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV:64bit: - [2012/11/28 14:04:05 | 000,232,488 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2012/11/28 14:04:04 | 000,069,160 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2012/11/26 16:49:11 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2012/11/26 16:49:10 | 000,116,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2012/11/26 16:49:10 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2012/11/26 16:49:09 | 000,306,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2012/11/26 16:49:09 | 000,118,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2012/11/26 16:49:08 | 000,094,248 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2012/11/26 16:49:07 | 000,114,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2012/11/26 16:49:07 | 000,089,640 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,204,328 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2012/11/09 19:01:13 | 000,133,160 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2012/11/09 19:01:13 | 000,123,944 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2012/11/09 19:01:12 | 000,167,976 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2012/11/09 19:01:12 | 000,119,848 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2012/11/07 09:00:05 | 000,058,360 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2012/10/22 12:09:23 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/13 03:01:26 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/10 19:33:51 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/13 04:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/06/25 15:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/05/12 16:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/12 15:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/05/04 08:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/11 01:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/06 14:04:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/02/06 14:04:04 | 000,070,712 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/12/22 19:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/19 14:33:34 | 000,852,256 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 13:08:24 | 000,017,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OSDACPI.SYS -- (ACPIService)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/01/12 09:23:08 | 000,026,112 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StMp3Recx64.sys -- (StMp3Recx64)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6E034689-6DFA-43D1-9D47-9BE3CA7DEE8A}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{709367C6-7915-4EBE-B62E-5E99FF6B3158}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{BCE3CAC2-EE33-4A23-8F36-EA49CC2368C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{E6C049FF-4DD2-4AFF-BAE8-3D48EDF809AB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.allgameshome.com/
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6E034689-6DFA-43D1-9D47-9BE3CA7DEE8A}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{709367C6-7915-4EBE-B62E-5E99FF6B3158}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{BCE3CAC2-EE33-4A23-8F36-EA49CC2368C9}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{E6C049FF-4DD2-4AFF-BAE8-3D48EDF809AB}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook....//my.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{01377398-83AC-4F18-98E1-5A4375DFE4DD}: "URL" = http://www.urbandict...m={searchTerms}
IE - HKCU\..\SearchScopes\{2E3B4660-7FF6-430C-A7A0-70DF108756D6}: "URL" = http://websearch.ask...B7-1C227F6749DF
IE - HKCU\..\SearchScopes\{41F2CB2F-957C-4924-AA32-6B9A073CF195}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{43D32FB0-5053-4891-AF80-D9590E4CD9C2}: "URL" = http://www.google.co...1I7NDKB_enGU530
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;?r?r?r?r?r?r?r?r?r?r?r?r???;??;<local>

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.6
FF - prefs.js..extensions.enabledAddons: [email protected]:2.5
FF - prefs.js..extensions.enabledAddons: [email protected]:10.3
FF - prefs.js..extensions.enabledAddons: {1519200d-6633-40c9-a9a1-d60d8d1d0479}:1.0.4
FF - prefs.js..extensions.enabledAddons: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.1
FF - prefs.js..keyword.enabled: false
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..Keyword.Enabled: "true"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/09/16 23:15:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2012/09/16 23:15:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Narcis\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Narcis\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Narcis\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Narcis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/02 04:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/02 04:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/22 21:51:28 | 000,000,000 | ---D | M]

[2012/06/10 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Extensions
[2012/06/10 16:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/05/12 15:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions
[2012/12/01 06:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/04/17 10:58:26 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2012/01/28 14:50:59 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab &amp; More) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2012/03/06 18:25:08 | 000,053,494 | ---- | M] () (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2011/08/23 19:21:22 | 000,074,961 | ---- | M] () (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2012/03/22 12:40:01 | 000,247,938 | ---- | M] () (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\[email protected]
[2011/09/14 07:29:32 | 001,547,075 | ---- | M] () (No name found) -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\extensions\{1519200d-6633-40c9-a9a1-d60d8d1d0479}.xpi
[2012/10/15 12:42:20 | 000,002,001 | ---- | M] () -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\allgameshome.xml
[2012/01/17 00:23:54 | 000,002,281 | ---- | M] () -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\s-amazon.xml
[2011/03/30 22:34:55 | 000,001,679 | ---- | M] () -- C:\Users\Narcis\AppData\Roaming\Mozilla\Firefox\Profiles\2iik9xm1.default\searchplugins\thepiratebayorg.xml
[2012/04/27 21:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/28 14:28:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/02/26 15:29:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/18 03:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npkimi.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Narcis\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Narcis\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: RealDownloader = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Narcis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\

O1 HOSTS File: ([2013/05/12 06:31:40 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll ()
O4 - HKLM..\Run: [BackupNowEZtray] C:\Program Files (x86)\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Visicom Media Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [GGWallpaper] C:\Program Files (x86)\LivingEarthDesktop\Living-Earth-Desktop.exe ()
O4 - HKCU..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (Hewlett-Packard)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll] C:\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DirectShowDemuxFilter.dll (DivX, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Narcis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.151.64.110 202.151.64.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72CEA451-92EF-4AAC-A359-B5FE41C30D80}: DhcpNameServer = 202.151.64.110 202.151.64.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC8C1302-92B0-45C7-B2C0-BCBA09209004}: DhcpNameServer = 116.68.13.136 116.68.13.137
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18:64bit: - Protocol\Handler\wot - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/05 21:54:14 | 000,000,016 | -H-- | M] () - F:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/11 09:44:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Narcis\Desktop\OTL.exe
[2013/04/27 14:50:28 | 000,000,000 | ---D | C] -- C:\Users\Narcis\Desktop\Visio2007-ProSp1
[2013/04/27 14:49:20 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Roaming\WinRAR
[2013/04/27 14:49:20 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/04/27 14:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/04/27 14:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/04/25 14:27:17 | 000,058,360 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2013/04/20 20:16:04 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Roaming\FamilyTreeMaker
[2013/04/20 19:46:28 | 000,000,000 | ---D | C] -- C:\Users\Narcis\Documents\Family Tree Maker
[2013/04/20 19:41:18 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Local\Ancestry.com
[2013/04/20 18:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2012
[2013/04/20 18:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Family Tree Maker 2012
[2013/04/20 18:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BCL Technologies
[2013/04/20 18:57:51 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2013/04/20 18:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
[2013/04/20 18:57:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Components
[2013/04/20 18:54:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{484395D8-1F9B-4C71-9DA9-A64CBD0E8DE2}
[2013/04/20 14:22:27 | 000,000,000 | ---D | C] -- C:\Users\Narcis\AppData\Local\panda4_0dn
[2013/04/20 14:08:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pandasecuritytb
[2013/04/20 14:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2013/04/18 19:18:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/14 21:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader

========== Files - Modified Within 30 Days ==========

[2013/05/12 17:20:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/12 16:54:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001UA.job
[2013/05/12 16:53:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/12 16:53:53 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001UA.job
[2013/05/12 15:24:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 15:24:29 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/12 15:21:30 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/12 15:17:20 | 2214,043,648 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/12 15:02:35 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/12 06:31:40 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/05/12 05:36:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001Core.job
[2013/05/11 20:54:45 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001Core.job
[2013/05/11 11:14:49 | 000,001,029 | ---- | M] () -- C:\Users\Narcis\Desktop\Dropbox.lnk
[2013/05/11 09:45:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Narcis\Desktop\OTL.exe
[2013/05/10 22:54:56 | 001,341,861 | ---- | M] () -- C:\Users\Narcis\Desktop\yigo.png
[2013/05/08 18:36:44 | 000,783,878 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/08 18:36:44 | 000,663,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/08 18:36:44 | 000,122,328 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/29 22:43:15 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForNarcis.job
[2013/04/27 15:02:44 | 000,000,510 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/04/21 08:56:42 | 001,471,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/20 19:00:23 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Family Tree Maker 2012.lnk
[2013/04/19 01:15:40 | 000,012,288 | ---- | M] () -- C:\Users\Narcis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/18 23:22:21 | 000,004,096 | -H-- | M] () -- C:\Users\Narcis\AppData\Local\keyfile3.drm
[2013/04/17 12:59:24 | 000,920,637 | ---- | M] () -- C:\Users\Narcis\Desktop\CC 04-17-2013.png
[2013/04/16 12:27:12 | 000,445,898 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130504-211525.backup
[2013/04/14 21:05:44 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk

========== Files Created - No Company Name ==========

[2013/05/10 22:49:55 | 001,341,861 | ---- | C] () -- C:\Users\Narcis\Desktop\yigo.png
[2013/04/20 19:00:23 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Family Tree Maker 2012.lnk
[2013/04/17 12:59:23 | 000,920,637 | ---- | C] () -- C:\Users\Narcis\Desktop\CC 04-17-2013.png
[2012/09/30 12:35:41 | 000,006,400 | ---- | C] () -- C:\ProgramData\NanoRepository.bin
[2012/09/13 05:39:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2012/07/06 06:33:43 | 000,001,481 | ---- | C] () -- C:\Windows\wininit.ini
[2012/05/08 07:23:21 | 000,000,000 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\bibstats
[2012/03/29 10:17:56 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012/02/10 00:20:33 | 000,001,063 | ---- | C] () -- C:\Users\Narcis\Music - Shortcut.lnk
[2012/01/14 15:42:21 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/08/07 21:12:59 | 000,038,427 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/07/22 12:03:55 | 000,012,288 | ---- | C] () -- C:\Users\Narcis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/11 11:02:40 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/05 18:06:27 | 000,004,096 | -H-- | C] () -- C:\Users\Narcis\AppData\Local\keyfile3.drm
[2011/06/05 16:14:54 | 000,001,057 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\vso_ts_preview.xml
[2011/05/17 21:57:25 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/14 20:02:33 | 000,001,854 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\GhostObjGAFix.xml
[2011/01/19 11:34:04 | 000,001,799 | ---- | C] () -- C:\Users\Narcis\ts.m3u
[2010/12/06 18:12:23 | 000,855,641 | ---- | C] () -- C:\Users\Narcis\AppData\Roaming\PandaIDProtectHelp.chm
[2010/12/04 20:22:09 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/12/03 17:13:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 14:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/12 03:24:17 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/12 03:24:17 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 11:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2011/03/10 19:34:06 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 11:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/07 00:17:35 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\4 Friends Games
[2011/10/12 21:48:41 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Alawar Stargaze
[2012/10/27 12:09:57 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\AlawarEntertainment
[2011/12/17 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Artifex Mundi
[2011/06/01 20:54:21 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Artogon
[2012/08/05 19:39:05 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Big Fish Games
[2011/03/23 22:47:52 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Blue Tea Games
[2012/01/15 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Boomzap
[2011/12/24 11:20:22 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Brabl
[2011/10/12 06:51:50 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\BrablGames
[2012/10/08 10:25:58 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Canon
[2011/12/11 03:03:28 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\casualArts
[2011/05/11 08:40:28 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\com.terrypaton.breakit4
[2011/06/18 15:11:43 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2011/04/14 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\DarkParablesBriarRose_BFG
[2011/03/15 20:52:47 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Dekovir
[2013/01/20 21:01:02 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Downloaded Installations
[2013/05/11 15:43:29 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Dropbox
[2012/06/04 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\EleFun Games
[2012/06/05 19:40:12 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Elephant Games
[2012/08/28 20:44:09 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\ERS Game Studios
[2012/06/05 23:14:38 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Faerie Solitaire
[2013/04/21 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\FamilyTreeMaker
[2012/12/29 14:23:32 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\FileOpen
[2012/06/10 16:25:16 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Flickr
[2011/08/21 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Floodlight Games
[2012/07/19 22:33:56 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Friday's games
[2011/06/14 00:54:47 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\FriendsGamesNetwork
[2012/07/30 07:16:16 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\FrostWire
[2012/06/03 22:04:41 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\GameMill Entertainment
[2011/03/01 21:24:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\GAMGO
[2011/01/08 23:44:52 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Ghost Ship Studios
[2010/12/07 22:58:35 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\gogii
[2011/10/15 11:45:22 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\ICQ
[2011/01/23 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\iJoysoft
[2012/10/29 20:38:18 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\IMVU
[2012/10/25 06:15:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\IMVUClient
[2012/02/24 07:32:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Jigsaws Galore
[2011/12/17 12:56:03 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\JLAdventCalendarLondon2011
[2012/01/14 15:42:48 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Leawo
[2013/01/19 16:48:14 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LegacyGames
[2011/10/13 23:17:41 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LestaStudio
[2011/03/07 20:11:11 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LG Electronics
[2012/06/17 17:37:20 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LittleGamesCompany
[2013/05/11 11:03:37 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LivingEarthDesktop
[2012/03/07 14:35:01 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LolClient
[2012/05/24 07:48:48 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\LolClient2
[2011/04/05 20:25:29 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\margrave3_full
[2011/03/21 01:05:41 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\md studio
[2011/10/15 19:40:20 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Millennia
[2011/03/03 20:21:52 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Mystery of Mortlake Mansion
[2012/09/24 22:29:59 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\NewspaperDirect
[2012/12/29 14:23:32 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Nitro
[2013/04/18 19:33:22 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Nitro PDF
[2012/07/29 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Orneon
[2010/12/05 19:45:16 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Panda Security
[2010/12/03 15:29:56 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\PictureMover
[2012/11/16 18:43:52 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\PlayFirst
[2011/03/01 20:23:32 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\QB9
[2011/02/27 15:46:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Red Kawa
[2012/01/08 16:22:11 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\redsn0w
[2011/05/28 22:07:15 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Registry Mechanic
[2011/05/22 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Silverback Productions
[2013/03/09 08:04:08 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\SmartDraw
[2011/06/27 07:18:28 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\SoftGrid Client
[2010/12/05 19:44:51 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\SurfSecret Privacy Suite
[2011/06/11 16:53:25 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Ten Heavens
[2012/01/14 15:44:22 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\tiger-k
[2012/03/01 19:28:17 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Top Evidence
[2011/05/09 08:22:01 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\TP
[2013/01/11 07:12:24 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\TuneUpMedia
[2012/12/14 16:55:45 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Unity
[2013/05/10 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\uTorrent
[2012/10/28 20:15:51 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\V-Games
[2011/10/28 22:42:37 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Vast Studios
[2011/06/02 21:01:21 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Vogat Interactive
[2012/01/03 18:31:48 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Vso
[2012/05/07 01:14:51 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WeatherWatcher
[2012/06/14 05:35:01 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WeatherWatcherLive
[2012/07/22 17:22:47 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WildTangent
[2010/12/10 07:31:59 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WildTangentv1002
[2010/12/04 22:10:54 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\WinBatch
[2010/12/05 19:29:34 | 000,000,000 | ---D | M] -- C:\Users\Narcis\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/08/17 07:34:27 | 000,000,720 | ---- | M] ()(C:\Users\Narcis\AppData\Local\PMB Fik?s) -- C:\Users\Narcis\AppData\Local\PMB Fik聥s
[2011/08/17 07:34:12 | 000,000,720 | ---- | C] ()(C:\Users\Narcis\AppData\Local\PMB Fik?s) -- C:\Users\Narcis\AppData\Local\PMB Fik聥s

< End of report >

Attached Thumbnails

  • GeeksToGo - annoying pop-up 05-12-13 a.png
  • GeeksToGo - annoying pop-up 05-12-13 b.png

  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Chances are you have a backup software installed that is mapped to an external hard drive and the software might be automatically trying to backup your files, but the external hard drive is not plugged in, or the path may be wrong.

Lets check that and the contents of the Tasks folder.

Press the Windows Key+R. At the Run window copy and paste the following command and click OK.

CMD /C Dir /a C:\Windows\tasks > "%Userprofile%\desktop\TaskRpt.txt"

This will create a TaskRpt.txt file on your desktop. Please post its content in a reply
  • 0

#12
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
Volume in drive C is Narcis
Volume Serial Number is 8819-A229

Directory of C:\Windows\tasks

04/08/2013 07:13 PM <DIR> .
04/08/2013 07:13 PM <DIR> ..
05/12/2013 07:36 PM 910 FacebookUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001Core.job
05/13/2013 04:36 AM 932 FacebookUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001UA.job
05/13/2013 01:20 AM 894 GoogleUpdateTaskMachineCore.job
05/13/2013 06:20 AM 898 GoogleUpdateTaskMachineUA.job
05/13/2013 05:36 AM 860 GoogleUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001Core.job
05/13/2013 06:36 AM 912 GoogleUpdateTaskUserS-1-5-21-1492978049-1898015326-2695977172-1001UA.job
04/29/2013 10:43 PM 336 HPCeeScheduleForNarcis.job
05/12/2013 03:18 PM 6 SA.DAT
03/05/2013 05:54 PM 32,602 SCHEDLGU.TXT
9 File(s) 38,350 bytes
2 Dir(s) 197,360,369,664 bytes free
  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Did you check the Backup software settings?
  • 0

#14
Lady_Rocker

Lady_Rocker

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 168 posts
I never performed a backup before; just did one last nite to an external Toshiba 1TB hard drive.

But that darn message still pops up.. I'm about to blow up this computer (LOL)

HELP!! :surrender:
  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,962 posts
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP