Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Searchfog.com Spyware/Malware

Started by heyage13 , Nov 22 2013 04:37 PM

  • This topic is locked This topic is locked

#1
heyage13
Posted 22 November 2013 - 04:37 PM

heyage13

    Member

  • Member
  • PipPipPip
  • 132 posts
I have noticed after the past few days that certain words are highlighted as links on random webpages. If I put my mouse over the link a pic will populate with a link to searchfog.com. As well, certain links in webpages I regularly visit have all of a sudden stopped working. I need to right click on the link and click "open link in new tab" for it to open.

Here is my OTL scan report:

OTL logfile created on: 21/11/2013 12:13:46 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Room PC\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.25 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 34.24% Memory free
6.50 Gb Paging File | 3.73 Gb Available in Paging File | 57.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.41 Gb Total Space | 585.60 Gb Free Space | 62.87% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 660.03 Gb Free Space | 35.43% Space Free | Partition Type: NTFS

Computer Name: ROOMPC-PC | User Name: Room PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 12:12:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Room PC\Downloads\OTL.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/10/23 02:19:06 | 000,932,640 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/10/23 02:19:05 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/10/17 20:35:59 | 014,650,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
PRC - [2013/10/17 20:35:01 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/10/17 20:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/08/01 19:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 15:42:22 | 000,316,360 | ---- | M] (Azureus Software, Inc) -- C:\Program Files\Vuze\Azureus.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/02 15:37:08 | 001,668,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2012/11/02 15:37:08 | 001,093,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2012/05/18 00:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/14 18:10:30 | 000,153,672 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/05/19 16:21:38 | 030,138,368 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\wirelesscm.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:30 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/12/14 15:42:22 | 000,077,768 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\jacob-1.17-M2-x86.dll
MOD - [2012/12/14 15:42:22 | 000,053,160 | ---- | M] () -- C:\Program Files\Vuze\aereg.dll
MOD - [2012/12/14 15:42:22 | 000,019,368 | ---- | M] () -- C:\Program Files\Vuze\plugins\azitunes\libProcessAccess.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2013/10/23 15:01:10 | 000,280,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/10/23 03:02:32 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/10/17 20:35:59 | 014,650,144 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013/10/17 20:34:28 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/09 17:34:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/10 21:17:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/09/20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/05/18 00:23:36 | 002,938,880 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/04/16 14:53:02 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-542\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV - [2013/10/23 05:24:25 | 010,410,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/09/27 18:01:42 | 000,033,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2013/09/27 09:53:06 | 000,104,768 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/08/25 18:36:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/06/16 07:38:15 | 000,161,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2013/04/17 01:56:20 | 000,018,704 | ---- | M] (Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\diginet.sys -- (DigiNet)
DRV - [2012/12/05 16:23:32 | 000,073,544 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2012/11/02 15:37:10 | 000,064,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/05/16 10:13:14 | 000,093,336 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2012/04/09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2012/03/26 14:50:12 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2012/02/09 01:06:40 | 000,112,096 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/07/13 12:39:10 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011/07/13 12:39:10 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/27 18:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2010/04/27 18:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2010/04/27 18:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2010/04/27 16:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/10/13 02:16:02 | 000,049,152 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2009/07/13 17:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2008/04/28 15:59:20 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/02/20 14:47:44 | 000,765,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 B3 05 D9 13 07 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{73B7AEE8-A5C4-4C2C-BA6E-46AF924E7732}: "URL" = http://search.condui...3528011703&UM=2
IE - HKCU\..\SearchScopes\{F09C50BD-091D-4F59-B47C-8E406CB5D05D}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Room PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Room PC\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/21 15:45:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/21 15:45:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Citrix ICA Client (Enabled) = C:\Program Files\Citrix\ICA Client\npicaN.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Disabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Disabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Dark Vibe = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0\
CHR - Extension: Personal Trainer = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmgohkgndpahjklgpdihieeedjeneoke\1.7_0\
CHR - Extension: Planner 5D = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Google Wallet = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Pop Art Studio Online = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\oompiimecpnflklhlnmdpddcjdmiibkf\1.0.0.0_0\
CHR - Extension: Psykopaint = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Weather Underground = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0\
CHR - Extension: World Clocks = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjgoijhajhaahklokegbfnohialajpej\5.0_0\
CHR - Extension: Gmail = C:\Users\Room PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [ShadowPlay] C:\Windows\System32\nvspcap.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab (PCPitstop Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.204 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ABE211A-EB13-4D5B-BAE4-4B9C78D45C27}: DhcpNameServer = 64.71.255.204 64.71.255.198
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/20 17:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2013/11/20 17:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure
[2013/11/20 17:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2013/11/16 13:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Saints Row IV
[2013/11/16 13:25:43 | 000,000,000 | ---D | C] -- C:\Users\Room PC\AppData\Roaming\NVIDIA
[2013/11/16 13:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2013/11/14 17:36:26 | 000,000,000 | ---D | C] -- C:\Users\Room PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/13 23:52:02 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/13 23:52:01 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/13 23:52:00 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/13 23:52:00 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/13 23:52:00 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/13 23:51:59 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/13 23:51:59 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/13 23:51:59 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/13 23:51:59 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/13 23:51:59 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/13 17:28:20 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/13 17:28:20 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/13 17:28:14 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/13 17:28:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/13 17:28:12 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/13 17:28:12 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/03 23:23:54 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013/11/03 23:22:46 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco32.dll
[2013/11/03 23:22:46 | 000,161,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013/11/03 23:22:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013/11/03 23:22:45 | 001,049,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233165.dll
[2013/11/03 23:22:45 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233165.dll
[2013/11/03 23:22:44 | 022,933,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/11/03 23:22:44 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/11/03 23:22:44 | 015,855,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013/11/03 23:22:44 | 015,212,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013/11/03 23:22:44 | 010,410,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/11/03 23:22:44 | 009,524,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/11/03 23:22:44 | 009,480,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/11/03 23:22:44 | 002,946,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/11/03 23:22:44 | 002,747,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/11/03 23:22:44 | 002,695,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013/11/03 23:22:44 | 001,241,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013/11/03 23:22:44 | 000,599,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/11/03 23:22:44 | 000,560,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/11/03 23:22:44 | 000,266,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013/11/03 23:22:44 | 000,141,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013/10/30 23:03:18 | 000,955,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvspcap.dll
[2013/10/30 23:02:31 | 000,033,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvvad32v.sys
[2013/10/30 22:53:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab
[2013/10/30 22:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2013/10/30 22:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/30 22:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/30 22:52:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/10/30 22:51:59 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/10/30 22:51:59 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/10/30 22:51:59 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/10/30 22:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/30 22:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/10/23 20:27:59 | 000,000,000 | ---D | C] -- C:\Users\Room PC\Desktop\Sints Row IV
[2013/10/23 03:02:36 | 000,589,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2010/12/22 11:26:24 | 487,666,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\Room PC\AppData\Roaming\AcrobatPro_10_Web_WWEFD.exe

========== Files - Modified Within 30 Days ==========

[2013/11/21 12:11:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/21 11:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/21 11:22:02 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2013/11/21 11:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/21 03:00:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/20 18:58:55 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 18:58:55 | 000,013,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/20 18:55:54 | 000,668,572 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/20 18:55:54 | 000,129,116 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/20 18:51:42 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2013/11/20 18:51:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/20 18:51:30 | 2616,549,376 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/20 17:57:57 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2013/11/19 05:21:30 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/10/23 05:24:25 | 022,933,792 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013/10/23 05:24:25 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013/10/23 05:24:25 | 015,855,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013/10/23 05:24:25 | 015,212,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013/10/23 05:24:25 | 010,410,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013/10/23 05:24:25 | 009,524,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013/10/23 05:24:25 | 009,480,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013/10/23 05:24:25 | 002,946,848 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013/10/23 05:24:25 | 002,747,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013/10/23 05:24:25 | 002,695,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013/10/23 05:24:25 | 001,241,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013/10/23 05:24:25 | 001,049,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3233165.dll
[2013/10/23 05:24:25 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3233165.dll
[2013/10/23 05:24:25 | 000,599,840 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013/10/23 05:24:25 | 000,560,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013/10/23 05:24:25 | 000,266,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013/10/23 05:24:25 | 000,141,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013/10/23 05:24:25 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013/10/23 05:24:25 | 000,018,174 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013/10/23 03:02:36 | 000,589,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013/10/23 02:19:05 | 004,318,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013/10/23 02:19:05 | 003,036,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013/10/23 02:19:03 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013/10/23 02:19:02 | 000,209,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013/10/23 02:19:01 | 003,426,956 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin
[2013/10/22 16:45:44 | 000,000,827 | ---- | M] () -- C:\Users\Room PC\.swfinfo

========== Files Created - No Company Name ==========

[2013/11/20 17:58:00 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2013/11/20 17:57:59 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2013/11/20 17:57:57 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2013/11/03 23:22:44 | 000,018,174 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013/08/29 22:15:26 | 000,000,827 | ---- | C] () -- C:\Users\Room PC\.swfinfo
[2013/07/29 18:03:06 | 003,426,956 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013/06/12 15:58:38 | 000,039,904 | ---- | C] () -- C:\Windows\System32\DiscHandler.exe
[2013/06/08 06:54:10 | 003,915,776 | ---- | C] () -- C:\Windows\System32\ffmpeg.dll
[2013/06/08 06:53:06 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2013/06/08 06:52:30 | 000,271,360 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2013/06/08 06:52:12 | 000,157,184 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2013/06/08 06:52:10 | 000,147,456 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2013/06/08 06:52:10 | 000,099,840 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2013/06/08 06:52:08 | 001,525,760 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2013/06/08 06:52:08 | 000,211,968 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2013/06/08 06:52:08 | 000,114,688 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2013/06/08 06:52:06 | 000,136,704 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2013/05/20 10:43:32 | 000,446,128 | ---- | C] () -- C:\Windows\System32\swscale-lav-2.dll
[2013/05/20 10:43:32 | 000,280,624 | ---- | C] () -- C:\Windows\System32\avutil-lav-52.dll
[2013/05/20 10:43:32 | 000,190,640 | ---- | C] () -- C:\Windows\System32\libbluray.dll
[2013/05/20 10:43:32 | 000,172,216 | ---- | C] () -- C:\Windows\System32\avresample-lav-1.dll
[2013/05/20 10:43:30 | 007,856,976 | ---- | C] () -- C:\Windows\System32\avcodec-lav-55.dll
[2013/05/20 10:43:30 | 001,315,240 | ---- | C] () -- C:\Windows\System32\avformat-lav-55.dll
[2013/05/20 10:43:30 | 000,202,344 | ---- | C] () -- C:\Windows\System32\avfilter-lav-3.dll
[2013/05/19 14:54:44 | 000,000,884 | RHS- | C] () -- C:\Users\Room PC\ntuser.pol
[2013/04/02 15:56:38 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2013/04/02 15:56:23 | 000,078,848 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2013/02/21 15:42:30 | 000,221,508 | ---- | C] () -- C:\Windows\hpoins19.dat
[2013/02/21 15:42:30 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2013/02/10 19:23:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/09/29 17:47:28 | 000,000,178 | ---- | C] () -- C:\Windows\System32\Formats.ini
[2012/05/16 10:14:32 | 000,021,144 | ---- | C] () -- C:\Windows\System32\drivers\iLokDrvr.sys
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\Lagarith.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 1274 bytes -> C:\Users\Room PC\AppData\Local\hlNOzQBG4Fy:GL7YNdagGV3f82Zay
@Alternate Data Stream - 1130 bytes -> C:\ProgramData\Microsoft:gGVnulIJ9ou1XR7jWnvK1
@Alternate Data Stream - 1089 bytes -> C:\ProgramData\Microsoft:iBgekwaqtnFFok2wSqT

< End of report >
0
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP