Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

greendot virus(?) [Closed]


  • This topic is locked This topic is locked

#1
PoppaRob

PoppaRob

    New Member

  • Member
  • Pip
  • 7 posts
This is the second time this PC has gotten this virus. Beside needing help with walking through the fix, what is the recommended software for preventing this? This PC has norton antivirus and some other things from the service provider (Comcast).Need a solution other than keeping the 13 year old off the internet downloading left and right. *sigh*

Contents of OTL log below.

Thanks for any help!!

OTL logfile created on: 6/6/2013 1:10:07 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Poppa\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 86.40% Memory free
10.00 Gb Paging File | 9.35 Gb Available in Paging File | 93.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.91 Gb Total Space | 78.62 Gb Free Space | 27.50% Space Free | Partition Type: NTFS
Drive D: | 12.18 Gb Total Space | 1.65 Gb Free Space | 13.54% Space Free | Partition Type: NTFS
Drive F: | 15.11 Gb Total Space | 14.11 Gb Free Space | 93.38% Space Free | Partition Type: FAT32
Drive G: | 968.98 Mb Total Space | 252.67 Mb Free Space | 26.08% Space Free | Partition Type: FAT

Computer Name: POPPA-PC | User Name: Poppa | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/06 00:41:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Poppa\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/10/16 16:09:20 | 001,044,136 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdwcoms.exe -- (lxdw_device)
SRV:64bit: - [2009/10/16 16:09:10 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/14 19:07:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/08 19:45:06 | 000,056,872 | ---- | M] (White Sky, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/04/19 17:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/04/18 15:04:05 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/23 23:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/06/19 16:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2011/12/15 18:03:40 | 000,011,776 | ---- | M] (Brand Affinity Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe -- (FTSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 16:09:10 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/16 11:33:10 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdwcoms.exe -- (lxdw_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/15 18:11:04 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/07 17:41:22 | 000,025,784 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2013/02/19 20:35:10 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/01/30 23:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/01/28 21:45:20 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/28 21:45:20 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/01/21 22:15:34 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/11/24 09:39:50 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/11/15 22:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/10/08 20:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/22 21:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1403010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 19:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/14 12:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/09/15 05:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 17:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 16:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/02/03 11:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 11:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64)
DRV - [2013/05/31 12:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130531.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/05/22 15:37:58 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130605.002\ex64.sys -- (NAVEX15)
DRV - [2013/05/22 15:37:58 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130605.002\eng64.sys -- (NAVENG)
DRV - [2012/11/24 10:23:28 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/11/24 10:23:28 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/11/23 17:36:10 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130604.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{532C70B1-CA8A-4ED7-82A6-2243AD2008AF}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C785A769-2E9F-41CE-A941-D457C980756A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{532C70B1-CA8A-4ED7-82A6-2243AD2008AF}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{932594B8-F95A-4828-88A9-B3DB49194635}: "URL" = http://search.phpnuk...q={searchTerms}
IE - HKLM\..\SearchScopes\{C785A769-2E9F-41CE-A941-D457C980756A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.phpnuk...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS449
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startn...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Poppa\AppData\Local\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Poppa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Poppa\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Poppa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Poppa\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Poppa\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/06/06 00:57:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012/12/02 00:35:00 | 000,000,000 | ---D | M]

[2012/12/02 01:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Poppa\AppData\Roaming\Mozilla\Extensions
[2012/01/11 18:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgoohpbdddibhlhdkenenmmlfofjfkh\1.0.5_0\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\1.0.6_0\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (no name) - {27a220b7-bb43-4faf-b27b-f803d18eea28} - No CLSID value found.
O2 - BHO: (Ginyas Browser Companion) - {2d8c4843-765f-4827-bafa-8c318284e4d8} - C:\Program Files (x86)\GinyasBrowserCompanions\jsloader.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Fantapper) - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.506.2\NativeBHO.dll (WhiteSky)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.3.1.22\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [lxdwamon] C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe ()
O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 545" File not found
O4 - HKCU..\Run: [NVIDIASpace] C:\ProgramData\NVIDIASpace\cpuhelper.dll ()
O4 - HKCU..\Run: [StartNow Search Protect] C:\Program Files (x86)\StartNow Toolbar\search_protect.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Poppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Poppa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Poppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinn...ts/wwhearts.cab (WWHearts Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinn...8/clue/clue.cab (Clue Control)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinn...sol/golfsol.cab (GolfSol Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F28B6729-E0AD-4545-84D9-2504221A2A5A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE6D28~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(2).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KE50FD~1.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(2).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Poppa\Downloads\moving.jpg
O24 - Desktop BackupWallPaper: C:\Users\Poppa\Downloads\moving.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/06 04:50:00 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/06/05 23:49:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIASpace
[2013/06/04 17:22:27 | 000,000,000 | ---D | C] -- C:\tmp
[2013/06/04 15:38:11 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Roaming\Blender Foundation
[2013/06/04 15:33:43 | 000,000,000 | ---D | C] -- C:\Users\Poppa\.thumbnails
[2013/06/04 15:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2013/05/24 21:09:55 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Desktop\viewer
[2013/05/23 15:28:29 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pepakura Designer 3
[2013/05/09 22:13:49 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\{E1BA439F-3275-4EBC-AF21-010CFF0F3D0C}
[2013/05/09 22:13:48 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\{62EB5D37-53B6-4084-8EFB-691214021D9B}
[2013/05/08 18:07:22 | 000,000,000 | ---D | C] -- C:\Users\Poppa\.minecraft
[2013/05/08 15:36:09 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\{F2DEFAED-47D4-48FA-9D4A-11897278FF6C}
[2013/05/08 03:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/05/07 15:02:14 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Roaming\.technic
[2013/05/07 13:04:07 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\{BA6CCC34-FCC4-436C-9D3F-24586506A1F6}
[2013/05/07 12:59:14 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/05/07 12:54:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013/05/07 12:52:11 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Roaming\Strongvault
[2013/05/07 12:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/05/07 12:50:23 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/05/07 12:49:28 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\Windows Live
[2013/05/07 12:49:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/05/07 11:36:15 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Desktop\New folder (3)
[1 C:\Users\Poppa\Documents\*.tmp files -> C:\Users\Poppa\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/06/06 01:04:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/06 01:04:13 | 4025,331,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/06 01:03:10 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 01:03:10 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/06 01:00:06 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/06 00:54:47 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Chrome Watcher.job
[2013/06/06 00:54:21 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/06 00:54:12 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Stats Report.job
[2013/06/06 00:54:12 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions FireFox Watcher.job
[2013/06/06 00:54:08 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Update Checker.job
[2013/06/06 00:41:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Poppa\Desktop\OTL.exe
[2013/06/05 23:49:49 | 000,000,794 | ---- | M] () -- C:\Users\Poppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVIDIA GPU Helper.lnk
[2013/06/05 23:49:45 | 000,064,512 | ---- | M] () -- C:\Users\Poppa\javaw.dll
[2013/06/05 23:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657773482-128599143-1476263235-1000UA.job
[2013/06/05 23:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/05 03:08:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657773482-128599143-1476263235-1000Core.job
[2013/06/04 16:11:28 | 000,002,328 | ---- | M] () -- C:\Users\Poppa\Desktop\Google Chrome.lnk
[2013/06/03 18:08:44 | 002,476,224 | ---- | M] () -- C:\Users\Poppa\Desktop\TechnicLauncher.exe
[2013/05/31 18:24:59 | 000,000,050 | ---- | M] () -- C:\Users\Poppa\AppData\Roaming\mbam.context.scan
[2013/05/24 21:09:55 | 000,001,523 | ---- | M] () -- C:\Users\Poppa\Desktop\Pepakura Viewer 3.lnk
[2013/05/24 20:42:18 | 002,929,022 | ---- | M] () -- C:\Users\Poppa\Desktop\LineFollowPro.rbt
[2013/05/20 17:12:13 | 002,141,259 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\Cat.DB
[2013/05/20 17:11:43 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403010.016\VT20130115.021
[2013/05/16 03:36:29 | 005,062,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/16 03:05:46 | 000,884,548 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/16 03:05:46 | 000,725,380 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/16 03:05:46 | 000,145,398 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/15 18:25:42 | 000,015,086 | ---- | M] () -- C:\Users\Poppa\AppData\Roaming\wklnhst.dat
[2013/05/15 18:11:04 | 000,049,240 | ---- | M] (Zemana Ltd.) -- C:\Windows\SysNative\drivers\AntiLog64.sys
[2013/05/15 18:11:01 | 000,002,209 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2013/05/15 18:11:01 | 000,002,191 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2013/05/14 18:49:11 | 000,000,046 | ---- | M] () -- C:\Users\Poppa\Desktop\teams.dat
[2013/05/09 22:28:18 | 000,005,120 | ---- | M] () -- C:\Users\Poppa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Poppa\Documents\*.tmp files -> C:\Users\Poppa\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/05 23:49:49 | 000,000,794 | ---- | C] () -- C:\Users\Poppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NVIDIA GPU Helper.lnk
[2013/06/05 23:49:45 | 000,064,512 | ---- | C] () -- C:\Users\Poppa\javaw.dll
[2013/05/31 18:24:59 | 000,000,050 | ---- | C] () -- C:\Users\Poppa\AppData\Roaming\mbam.context.scan
[2013/05/24 21:09:55 | 000,001,523 | ---- | C] () -- C:\Users\Poppa\Desktop\Pepakura Viewer 3.lnk
[2013/05/24 19:37:02 | 002,929,022 | ---- | C] () -- C:\Users\Poppa\Desktop\LineFollowPro.rbt
[2013/05/14 18:30:49 | 000,000,046 | ---- | C] () -- C:\Users\Poppa\Desktop\teams.dat
[2013/05/07 15:01:37 | 002,476,224 | ---- | C] () -- C:\Users\Poppa\Desktop\TechnicLauncher.exe
[2013/05/07 12:55:44 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013/05/07 12:37:17 | 000,005,120 | ---- | C] () -- C:\Users\Poppa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/21 16:33:09 | 000,000,116 | ---- | C] () -- C:\Users\Poppa\Matrix.bat
[2012/12/12 19:28:45 | 000,587,351 | ---- | C] () -- C:\Users\Poppa\final copy.jpg
[2012/12/02 10:56:02 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/12/02 10:37:08 | 000,864,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/02 21:36:55 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012/05/05 08:37:56 | 000,854,016 | ---- | C] () -- C:\Users\Poppa\Cartograph_G_Post_Processor.exe
[2012/05/05 08:37:56 | 000,518,656 | ---- | C] () -- C:\Users\Poppa\Cartograph_G_Renderer.exe
[2012/05/05 08:37:56 | 000,299,008 | ---- | C] () -- C:\Users\Poppa\corona.dll
[2012/05/05 08:37:56 | 000,164,352 | ---- | C] () -- C:\Users\Poppa\libpng14.dll
[2012/05/05 08:37:56 | 000,141,312 | ---- | C] () -- C:\Users\Poppa\zlibwapi.dll
[2012/05/05 08:37:56 | 000,092,672 | ---- | C] () -- C:\Users\Poppa\zlib1.dll
[2012/05/05 08:37:56 | 000,002,214 | ---- | C] () -- C:\Users\Poppa\Texture.png
[2012/05/05 08:37:56 | 000,000,121 | ---- | C] () -- C:\Users\Poppa\WLF.png
[2012/03/04 12:59:22 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2012/02/17 20:14:34 | 839,753,847 | ---- | C] () -- C:\Users\Poppa\AppData\Roaming\.minecraft.rar
[2012/02/10 20:23:31 | 000,000,239 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/02/10 20:23:20 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011/09/19 03:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 03:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/09/18 18:15:27 | 000,015,086 | ---- | C] () -- C:\Users\Poppa\AppData\Roaming\wklnhst.dat
[2011/09/15 14:40:11 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdwdrs.dll
[2011/09/15 14:40:11 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxdwcaps.dll
[2011/09/15 14:40:11 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxdwcnv4.dll
[2011/09/15 14:37:53 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDWinst.dll
[2011/09/15 14:37:53 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdwcomx.dll
[2011/09/15 14:37:52 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwpmui.dll
[2011/09/15 14:37:52 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwinpa.dll
[2011/09/15 14:37:52 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwiesc.dll
[2011/09/15 14:37:51 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwserv.dll
[2011/09/15 14:37:51 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwusb1.dll
[2011/09/15 14:37:51 | 000,679,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwhbn3.dll
[2011/09/15 14:37:51 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcoms.exe
[2011/09/15 14:37:51 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwlmpm.dll
[2011/09/15 14:37:51 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwih.exe
[2011/09/15 14:37:50 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomc.dll
[2011/09/15 14:37:50 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcomm.dll
[2011/09/15 14:37:50 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdwcfg.exe
[2011/09/14 17:27:34 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/02 19:46:24 | 000,000,000 | -HSD | M] -- C:\Users\Poppa\AppData\Roaming\.#
[2013/04/30 19:40:03 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\.minecraft
[2012/12/02 01:04:41 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\.Nitrous
[2013/06/03 18:08:17 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\.technic
[2012/12/02 01:05:08 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\.techniclauncher
[2012/12/02 01:05:08 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\7600 Series
[2012/12/02 01:05:09 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Apowersoft
[2012/12/02 01:05:10 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Atari
[2012/12/02 01:05:12 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\BANDISOFT
[2013/06/04 15:38:11 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Blender Foundation
[2013/04/23 15:00:06 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/02 01:05:12 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\com.w3i.fliptoast
[2013/06/06 00:59:32 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Dropbox
[2013/01/10 22:44:20 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\EPSON
[2012/12/02 01:05:13 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\ICAClient
[2013/06/06 01:02:59 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\ID Vault
[2012/12/02 01:05:13 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Leadertech
[2013/01/29 17:58:15 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\LEGO Company
[2012/12/02 01:05:13 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Lexmark Productivity Studio
[2012/12/02 01:05:21 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Oberon Media
[2013/04/24 15:11:03 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\PDAppFlex
[2012/12/02 01:05:21 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\pymclevel
[2012/12/02 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\skyz
[2013/04/25 14:44:27 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/12/13 04:30:11 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\StartNow Toolbar
[2013/05/13 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Strongvault
[2012/12/02 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Template
[2012/12/02 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Tific
[2012/12/02 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\W3i, LLC
[2012/12/02 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\WildTangent
[2012/12/02 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Wondershare
[2012/12/02 01:05:24 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/12/02 01:05:24 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Worksimaging
[2012/12/14 12:38:41 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\WorldPainter

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Poppa\Documents\The Office.mp3:TOC.WMV

< End of report >
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Hello Popparob and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
Also please note before we begin:
Please be aware that removing Malware can be a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot %100 guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before we start.

Hello,
I would like to see fresh logs from this computer, since the one you posted is a few days old now.

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 2
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Scan

Posted Image

A log will be produced at C:\ADWCleaner[XX].txt please attach that in your next post

Step 3
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • fresh OTL scan
  • Extras.txt - it should be on your desktop already
  • ADWCleaner log
  • Roguekiller log

  • 0

#3
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP