Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help clean up my pc [Closed]

Started by Aliengx12 , Mar 03 2014 08:04 PM

  • This topic is locked This topic is locked

#1
Aliengx12
Posted 03 March 2014 - 08:04 PM

Aliengx12

    New Member

  • Member
  • Pip
  • 1 posts
hi please help me clean up my p. every time open up a browser a new popup ad comes up, and i get all these bing and yahoo search bars, and some words could be highlighted, so when i go near them they pop up an ad. so can someone tell me how to fix up my PC.

OTL logfile created on: 3/3/2014 8:03:14 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Poppa\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.00 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 53.39% Memory free
10.00 Gb Paging File | 6.76 Gb Available in Paging File | 67.68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.91 Gb Total Space | 7.80 Gb Free Space | 2.73% Space Free | Partition Type: NTFS
Drive D: | 12.18 Gb Total Space | 1.65 Gb Free Space | 13.54% Space Free | Partition Type: NTFS

Computer Name: POPPA-PC | User Name: Poppa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/03/03 20:02:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Poppa\Downloads\OTL (1).exe
PRC - [2014/02/21 01:10:19 | 001,095,872 | ---- | M] (Razer, Inc.) -- C:\Program Files (x86)\Razer\Core\RazerCore.exe
PRC - [2014/02/12 15:26:32 | 000,043,336 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2014/01/12 06:48:00 | 000,096,256 | ---- | M] (AmiExt ltd. ) -- C:\Program Files (x86)\AmiExt\flashEnhancer\ie\AmiStorage.exe
PRC - [2014/01/02 19:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Poppa\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/11 14:57:25 | 000,041,024 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2013/12/11 14:57:22 | 004,383,296 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2013/11/22 12:36:18 | 000,105,448 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/09/03 19:24:56 | 000,395,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
PRC - [2013/09/03 14:58:26 | 002,237,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
PRC - [2013/08/30 09:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
PRC - [2013/06/05 13:18:06 | 001,039,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Poppa\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2012/12/14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/12/14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2012/12/12 14:37:10 | 000,054,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/06/19 15:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2008/09/10 05:15:24 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
PRC - [2007/09/14 08:24:06 | 001,695,744 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/19 20:03:05 | 000,394,568 | ---- | M] () -- C:\Users\Poppa\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 20:03:04 | 013,632,840 | ---- | M] () -- C:\Users\Poppa\AppData\Local\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
MOD - [2014/02/19 20:03:03 | 004,060,488 | ---- | M] () -- C:\Users\Poppa\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 20:02:59 | 000,716,616 | ---- | M] () -- C:\Users\Poppa\AppData\Local\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 20:02:58 | 000,100,168 | ---- | M] () -- C:\Users\Poppa\AppData\Local\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 20:02:56 | 001,647,432 | ---- | M] () -- C:\Users\Poppa\AppData\Local\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 20:02:54 | 000,051,016 | ---- | M] () -- C:\Users\Poppa\AppData\Local\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/12 04:30:15 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\a00f66c9fa4095f35690cbc7e8a4663e\System.IdentityModel.ni.dll
MOD - [2014/02/12 04:30:09 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\e61c002b87e6a11678c2104f82d1628b\System.ServiceModel.ni.dll
MOD - [2014/02/12 04:29:44 | 001,075,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\85e1a779c6dd55df956f76b5726b91ae\System.ServiceModel.Web.ni.dll
MOD - [2014/02/12 04:29:32 | 013,825,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\a5498337a60da2cbd3e104c91c0825d2\System.Data.Entity.ni.dll
MOD - [2014/02/12 04:13:35 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\36016a2c7e67f81788eebde65e1e7973\System.Xml.Linq.ni.dll
MOD - [2014/02/12 04:13:34 | 000,012,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\7bb15fcd241b71c6f751cf52c28687fc\Microsoft.VisualC.ni.dll
MOD - [2014/02/12 03:16:24 | 013,325,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\4e8afc204e2bcb1d5b8d1c4178727701\System.Web.ni.dll
MOD - [2014/02/12 03:16:17 | 001,836,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\32b7afce925af24425e4742ccfb1c1f1\System.Web.Services.ni.dll
MOD - [2014/02/12 03:08:16 | 000,220,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\520e9928166d0989d25bc8320f458c07\System.ServiceProcess.ni.dll
MOD - [2014/02/12 03:08:14 | 001,161,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data86569bbf#\954013adf5855ad7bb638ed9f67c1806\System.Data.OracleClient.ni.dll
MOD - [2014/02/12 03:08:11 | 000,777,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\f249b94356e1fdc539e1b69d7f6cd874\System.EnterpriseServices.ni.dll
MOD - [2014/02/12 03:08:11 | 000,249,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Ente96d83b35#\f249b94356e1fdc539e1b69d7f6cd874\System.EnterpriseServices.Wrapper.dll
MOD - [2014/02/12 03:08:10 | 000,641,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\6ae99c7ddae28f9cf3f79c4f3fab4868\System.Transactions.ni.dll
MOD - [2014/02/12 03:08:08 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d1797a38e945a46f85cdaf2080afb5c6\System.Xaml.ni.dll
MOD - [2014/02/12 03:08:04 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\37731438b71b6798d934dad47ef56596\PresentationFramework.ni.dll
MOD - [2014/02/12 03:08:04 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\4993b91a1092d78fb438c85a5a2df4b5\System.Management.ni.dll
MOD - [2014/02/12 03:07:55 | 007,249,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\cef48e3cde3815f277c1e330e4426be1\System.Data.ni.dll
MOD - [2014/02/12 03:07:54 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\cd1bbf37c5adc7bb67eabaae20649e54\System.Windows.Forms.ni.dll
MOD - [2014/02/12 03:07:40 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\b78d2d1864738205744e16af046d79f7\System.Runtime.Serialization.ni.dll
MOD - [2014/02/12 03:07:40 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a095ded1f7d3feaee17336cd7e39e2f8\System.Drawing.ni.dll
MOD - [2014/02/12 03:07:39 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1a9328ba3d852ca94185f435a05affe2\PresentationCore.ni.dll
MOD - [2014/02/12 03:07:39 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\292289421ae443d791368181824a1ca8\SMDiagnostics.ni.dll
MOD - [2014/02/12 03:07:38 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\b1c2960a66470630da6ebb76469ca04e\System.ServiceModel.Internals.ni.dll
MOD - [2014/02/12 03:07:36 | 000,989,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\0e4530a56b4d401da06fbf7f212dd18a\System.ComponentModel.Composition.ni.dll
MOD - [2014/02/12 03:07:33 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\02e42498507af2efd496e1f1f17cee63\PresentationFramework.Aero.ni.dll
MOD - [2014/02/12 03:07:30 | 000,389,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\b6a579520ee1a0be00d58f562d7d63d9\System.Dynamic.ni.dll
MOD - [2014/02/12 03:07:29 | 001,614,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\88f1114df21157d79c016e19638ddf60\Microsoft.CSharp.ni.dll
MOD - [2014/02/12 03:07:28 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\63b566ebd7592ab4aac14614b05b32e0\System.Xml.ni.dll
MOD - [2014/02/12 03:07:27 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\e29c126f91fa5e968c7792adaf3c62ff\System.Core.ni.dll
MOD - [2014/02/12 03:07:25 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3a685d1b549ea40565f41bc3d054cd06\WindowsBase.ni.dll
MOD - [2014/02/12 03:07:20 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b421d19f01911e8f74876ded9d5a85c0\System.Configuration.ni.dll
MOD - [2014/02/12 03:07:18 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fd8c46f1f500496403ec7538ab3077b6\System.ni.dll
MOD - [2014/02/12 03:07:11 | 000,145,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\21bb5269fe91814a3f00cfa7914d47f9\System.Numerics.ni.dll
MOD - [2014/02/12 03:07:10 | 016,546,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\e56a581b7e96d7cde5a258d43041c942\mscorlib.ni.dll
MOD - [2014/01/02 19:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Poppa\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/18 18:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Poppa\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/09/03 14:25:58 | 032,726,528 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
MOD - [2013/08/30 09:01:00 | 004,579,696 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
MOD - [2013/08/30 09:00:58 | 000,381,808 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CCInvokeAAM.dll
MOD - [2013/06/05 13:21:18 | 000,071,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll
MOD - [2012/10/18 02:13:50 | 004,141,056 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\QQPYEngine.dll
MOD - [2012/03/23 05:15:58 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\libssh2.dll
MOD - [2012/03/02 03:23:26 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Razer\Core\Plugins\ChatApplet\sqlite3.dll
MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\WinRAR\RarExt.dll
MOD - [2008/09/10 05:15:24 | 000,676,520 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe
MOD - [2008/09/10 04:46:16 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7600 Series\lxdwcaps.dll
MOD - [2008/09/10 04:46:07 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7600 Series\lxdwscw.dll
MOD - [2008/09/10 04:46:06 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7600 Series\lxdwdrs.dll
MOD - [2008/09/10 04:36:04 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7600 Series\lxdwcnv4.dll
MOD - [2008/05/16 09:50:10 | 000,188,416 | ---- | M] () -- C:\Program Files (x86)\Lexmark 7600 Series\lxdwdatr.dll
MOD - [2007/09/14 08:24:06 | 001,695,744 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/10/16 15:09:20 | 001,044,136 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxdwcoms.exe -- (lxdw_device)
SRV:64bit: - [2009/10/16 15:09:10 | 000,033,960 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV - [2014/02/26 19:57:32 | 002,224,976 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2014/02/26 09:50:04 | 000,377,616 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2014/02/21 01:10:22 | 000,032,960 | ---- | M] (Razer, Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe -- (RzOvlMon)
SRV - [2014/01/27 14:02:50 | 000,571,816 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/24 16:05:00 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/11 14:57:25 | 000,041,024 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/11/22 12:36:18 | 000,105,448 | ---- | M] (Razer Inc.) [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/06/11 21:07:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/30 09:57:00 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2013/04/18 14:04:05 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/19 15:21:24 | 001,646,608 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2011/12/15 17:03:40 | 000,011,776 | ---- | M] (Brand Affinity Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe -- (FTSvc)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/16 15:09:10 | 000,033,960 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/05/16 10:33:10 | 000,594,600 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxdwcoms.exe -- (lxdw_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/21 01:04:07 | 000,129,472 | ---- | M] (Razer, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RzDxgk.sys -- (RzDxgk)
DRV:64bit: - [2014/02/21 01:04:07 | 000,074,432 | ---- | M] (Razer, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RzFilter.sys -- (RzFilter)
DRV:64bit: - [2014/01/29 15:49:16 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/01/24 16:04:54 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2014/01/15 15:15:55 | 000,049,240 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/07/24 10:25:24 | 000,025,056 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2013/04/30 09:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2013/04/30 09:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMImirr.sys -- (lmimirr)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/19 19:35:10 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/05 16:23:34 | 000,098,888 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2012/10/08 19:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/07 18:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2009/06/10 16:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2009/06/10 15:35:46 | 000,416,768 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/03/18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/02/03 10:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 10:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64)
DRV - [2014/01/29 17:36:28 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140212.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/29 04:52:55 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140213.002\ex64.sys -- (NAVEX15)
DRV - [2014/01/29 04:52:55 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/01/29 04:52:55 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/29 04:52:55 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140213.002\eng64.sys -- (NAVENG)
DRV - [2014/01/21 03:37:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/04/30 09:57:00 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{532C70B1-CA8A-4ED7-82A6-2243AD2008AF}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{C785A769-2E9F-41CE-A941-D457C980756A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easyl...315&lg=EN&cc=US
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...315&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{532C70B1-CA8A-4ED7-82A6-2243AD2008AF}: "URL" = http://search.yahoo....ing}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{932594B8-F95A-4828-88A9-B3DB49194635}: "URL" = http://search.phpnuk...q={searchTerms}
IE - HKLM\..\SearchScopes\{C785A769-2E9F-41CE-A941-D457C980756A}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.phpnuk...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...315&lg=EN&cc=US
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startn...eferrer:source}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Poppa\AppData\Local\Roblox\Versions\version-87de5333d4254860\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Poppa\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Poppa\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Poppa\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Poppa\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Poppa\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Poppa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/03/01 10:30:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/29 19:53:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2014/02/17 19:29:39 | 000,000,000 | ---D | M]

[2012/12/02 00:05:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Poppa\AppData\Roaming\Mozilla\Extensions
[2012/01/11 17:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/17 19:29:39 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES (X86)\AMIEXT\FLASHENHANCER\FF

========== Chrome ==========

CHR - homepage: http://searchy.easyl...315&lg=EN&cc=US
CHR - Extension: DownLoad kEeper = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlghehejiceljenbdaoacoemnbafgdf\1.6\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgoohpbdddibhlhdkenenmmlfofjfkh\1.0.5_0\
CHR - Extension: SearchNewTab = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbhdkimcbicfhhahclkjmlehcklldpie\1.0\
CHR - Extension: DownlOad kEepoEr = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfagnkahgbpnbhdjofkgnndegeomacjb\1.6\
CHR - Extension: DownLoad kEeper = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cipkiibjfcfhngfjocdacoipcgoaagdb\1.6\
CHR - Extension: SearchNewTab = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dobnhkgglgadbkbafnnjhdjibegmfnfh\1.0\
CHR - Extension: DeownLOad kEeepoer = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fckiaekaljebhnoipjjbcnnpjgjiioad\1.6\
CHR - Extension: DownloAidd keeper = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmnlndklbfehpngalfafkdicddlcabbj\1.6\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf\1.0.6_0\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: No name found = C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgpbaimnchocgjfclmachhkbefadglp\1.0.10_0\

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (DeownLOad kEeepoer) - {160B4FFA-4630-536C-0A45-D70777FED988} - C:\ProgramData\DeownLOad kEeepoer\MW6Rq4.dll ()
O2 - BHO: (no name) - {27a220b7-bb43-4faf-b27b-f803d18eea28} - No CLSID value found.
O2 - BHO: (Ginyas Browser Companion) - {2d8c4843-765f-4827-bafa-8c318284e4d8} - C:\Program Files (x86)\GinyasBrowserCompanions\jsloader.dll ()
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\flashEnhancer.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Fantapper) - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll ()
O2 - BHO: (DownloAidd keeper) - {9CDF47EC-CA06-66A4-B7DF-B60BA8973F72} - C:\ProgramData\DownloAidd keeper\WHTV28.dll ()
O2 - BHO: (DownLoad kEeper) - {A3967805-E285-2AB5-EE4D-752E1F351801} - C:\ProgramData\DownLoad kEeper\yaXb.dll ()
O2 - BHO: (DownLoad kEeper) - {A683F472-B1CD-27B4-40CB-B6D6B6408769} - C:\ProgramData\DownLoad kEeper\xYY3b2y.dll ()
O2 - BHO: (SearchNewTab) - {A8F13239-FA09-3132-DFAE-2CF5CF2200E3} - C:\ProgramData\SearchNewTab\uhcxD.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DownlOad kEepoEr) - {DE15F3FB-6F83-4071-35D8-079688DB8B59} - C:\ProgramData\DownlOad kEepoEr\GCrv.dll ()
O2 - BHO: (SearchNewTab) - {E8C4D993-92EA-890D-145F-138606B2ECE3} - C:\ProgramData\SearchNewTab\_MaGmeNMV.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [lxdwamon] C:\Program Files (x86)\Lexmark 7600 Series\lxdwamon.exe ()
O4:64bit: - HKLM..\Run: [lxdwmon.exe] C:\Program Files (x86)\Lexmark 7600 Series\lxdwmon.exe ()
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Poppa\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Razer Comms] C:\Program Files (x86)\Razer\Core\RazerCore.exe (Razer, Inc.)
O4 - HKCU..\Run: [StartNow Search Protect] C:\Program Files (x86)\StartNow Toolbar\search_protect.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\Poppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Poppa\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Poppa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinn...ut/brickout.cab (Brickout Control)
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinn...ts/wwhearts.cab (WWHearts Control)
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinn...ersolitaire.cab (SpiderSolitaire Control)
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinn...dy/jeopardy.cab (Jeopardy Control)
O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinn...ll/freecell.cab (FreeCell Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinn...eweledtwist.cab (BejeweledTwist Control)
O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinn...8/clue/clue.cab (Clue Control)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinn...royal/royal.cab (Royal Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://aolsvc.aol.co...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinn...sol/golfsol.cab (GolfSol Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{572522F7-03B6-48D0-B25C-801EA0D4E83E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F28B6729-E0AD-4545-84D9-2504221A2A5A}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (c:\progra~2\keycry~1\keycry~3.dll) - c:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll) - C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Poppa\Downloads\moving.jpg
O24 - Desktop BackupWallPaper: C:\Users\Poppa\Downloads\moving.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/03 14:54:12 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{5086f7e7-3c35-11e2-9ecf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5086f7e7-3c35-11e2-9ecf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/03 15:16:03 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Desktop\LadderClimbScript
[2014/03/01 10:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2014/03/01 10:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2014/03/01 10:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/03/01 10:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/03/01 10:20:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/03/01 10:20:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/03/01 10:20:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/02/28 17:43:47 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Roaming\SM2
[2014/02/28 17:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShaderMap 2 (DEMO)
[2014/02/28 17:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\ShaderMap 2 DEMO
[2014/02/28 16:56:44 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Documents\New Unity Project 1
[2014/02/28 16:22:53 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Desktop\FootSteps
[2014/02/21 16:51:27 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\fontconfig
[2014/02/21 16:51:25 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\gegl-0.2
[2014/02/21 16:51:25 | 000,000,000 | ---D | C] -- C:\Users\Poppa\.gimp-2.8
[2014/02/21 16:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2014/02/21 16:25:23 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Documents\2d game
[2014/02/17 20:28:07 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Desktop\Old_Truck
[2014/02/17 19:56:53 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Roaming\Mirillis
[2014/02/17 19:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mirillis
[2014/02/17 19:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
[2014/02/17 19:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lightspark 0.5.3-git
[2014/02/17 19:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmiExt
[2014/02/17 19:29:23 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\SwvUpdater
[2014/02/17 18:42:15 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\gtk-2.0
[2014/02/17 10:08:13 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Desktop\Terrain Assets
[2014/02/14 19:52:54 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Documents\Action!
[2014/02/14 19:52:49 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\Mirillis
[2014/02/14 19:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mirillis
[2014/02/14 19:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mirillis
[2014/02/14 13:04:09 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Documents\Amnesia
[2014/02/14 13:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amnesia - The Dark Descent Demo
[2014/02/14 12:58:27 | 164,754,752 | ---- | C] (Frictional Games ) -- C:\Users\Poppa\Desktop\amnesia_tdd_demo_1.0.1.exe
[2014/02/14 12:52:55 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Desktop\Slender_v0_9_7
[2014/02/14 08:22:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
[2014/02/03 18:56:04 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\{78199648-7E7F-4ECA-888B-A7765F270956}
[2014/02/03 18:01:40 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Roaming\stetic
[2014/02/03 18:00:50 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Roaming\MonoDevelop-Unity-4.0
[2014/02/03 18:00:32 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\MonoDevelop-Unity-4.0
[2014/02/03 17:33:25 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Desktop\Horror Kit v1.0.obj
[2014/02/03 16:49:17 | 000,000,000 | ---D | C] -- C:\Users\Poppa\Desktop\Horror KIt v1.0
[2014/02/03 16:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SetApp
[1 C:\Users\Poppa\Documents\*.tmp files -> C:\Users\Poppa\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/03/03 19:45:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cedf33a3c30420.job
[2014/03/03 19:42:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657773482-128599143-1476263235-1000UA1cedf3392138ce0.job
[2014/03/03 19:29:49 | 000,084,992 | ---- | M] () -- C:\Users\Poppa\AppData\Roaming\RZR_018017b741428a61356a9f8c87f8.db
[2014/03/03 16:48:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/03/03 15:09:58 | 000,012,969 | ---- | M] () -- C:\Users\Poppa\Desktop\floor tile b w.jpg
[2014/03/03 15:00:04 | 000,007,220 | ---- | M] () -- C:\Users\Poppa\AppData\Local\recently-used.xbel
[2014/03/03 11:42:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2657773482-128599143-1476263235-1000Core1cedf339077bf00.job
[2014/03/03 02:45:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cedf33a39cee20.job
[2014/03/01 10:42:43 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 10:42:43 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/01 10:26:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/01 10:25:34 | 4025,331,712 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/01 10:21:21 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/02/28 17:47:29 | 000,001,387 | ---- | M] () -- C:\Users\Poppa\Desktop\dirty tile bump.smap
[2014/02/28 17:43:09 | 000,000,985 | ---- | M] () -- C:\Users\Poppa\Desktop\ShaderMap 2 (DEMO).lnk
[2014/02/28 17:22:34 | 000,006,118 | ---- | M] () -- C:\Users\Poppa\Desktop\dirty tile.jpg
[2014/02/28 07:40:08 | 000,874,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/28 07:40:08 | 000,727,696 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/28 07:40:08 | 000,146,654 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/27 20:16:37 | 000,001,248 | ---- | M] () -- C:\Users\Public\Desktop\Razer Comms.lnk
[2014/02/25 17:08:27 | 000,017,008 | ---- | M] () -- C:\Users\Poppa\AppData\Roaming\wklnhst.dat
[2014/02/25 17:08:15 | 000,115,676 | ---- | M] () -- C:\Users\Poppa\Documents\Untitled.png
[2014/02/24 18:17:12 | 005,062,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/24 18:01:33 | 000,254,006 | ---- | M] () -- C:\Users\Poppa\Documents\excel picture.jpg
[2014/02/24 18:00:21 | 000,042,496 | ---- | M] () -- C:\Users\Poppa\Documents\template of the report (1).wps
[2014/02/21 10:56:50 | 001,795,179 | ---- | M] () -- C:\Users\Poppa\Desktop\IMG_2886.JPG
[2014/02/21 10:54:03 | 001,735,129 | ---- | M] () -- C:\Users\Poppa\Desktop\IMG_2881.JPG
[2014/02/21 01:04:07 | 000,129,472 | ---- | M] (Razer, Inc.) -- C:\Windows\SysNative\drivers\RzDxgk.sys
[2014/02/21 01:04:07 | 000,074,432 | ---- | M] (Razer, Inc.) -- C:\Windows\SysNative\drivers\RzFilter.sys
[2014/02/21 00:45:41 | 000,002,330 | ---- | M] () -- C:\Users\Poppa\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/21 00:45:35 | 000,002,328 | ---- | M] () -- C:\Users\Poppa\Desktop\Google Chrome.lnk
[2014/02/17 19:39:44 | 000,002,681 | ---- | M] () -- C:\Users\Poppa\Desktop\CrosshairTexture.unitypackage
[2014/02/17 19:30:28 | 000,000,076 | ---- | M] () -- C:\extensions.ini
[2014/02/17 19:30:28 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2014/02/17 19:08:20 | 000,000,491 | ---- | M] () -- C:\Users\Poppa\Desktop\crosshair.lnk
[2014/02/17 13:01:55 | 510,664,402 | ---- | M] () -- C:\Users\Poppa\Desktop\New Unity Project 1.rar
[2014/02/14 19:52:06 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Action!.lnk
[2014/02/14 17:03:08 | 000,000,222 | ---- | M] () -- C:\Users\Poppa\Desktop\Outlast.url
[2014/02/14 13:03:02 | 000,001,920 | ---- | M] () -- C:\Users\Poppa\Desktop\Amnesia Demo.lnk
[2014/02/14 13:00:53 | 164,754,752 | ---- | M] (Frictional Games ) -- C:\Users\Poppa\Desktop\amnesia_tdd_demo_1.0.1.exe
[2014/02/14 12:55:00 | 065,564,930 | ---- | M] () -- C:\Users\Poppa\Desktop\Slender_v0_9_7.zip
[2014/02/12 03:14:54 | 000,866,428 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/09 13:46:00 | 000,001,857 | ---- | M] () -- C:\Users\Poppa\Desktop\skin_2014020113374794223.png
[2014/02/03 18:51:24 | 003,154,385 | ---- | M] () -- C:\Users\Poppa\Desktop\the tunnel.obj
[2014/02/03 17:08:27 | 000,000,593 | ---- | M] () -- C:\Users\Poppa\Desktop\Horror Kit v1.0.lnk
[1 C:\Users\Poppa\Documents\*.tmp files -> C:\Users\Poppa\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/03/03 15:09:58 | 000,012,969 | ---- | C] () -- C:\Users\Poppa\Desktop\floor tile b w.jpg
[2014/03/03 15:00:04 | 000,007,220 | ---- | C] () -- C:\Users\Poppa\AppData\Local\recently-used.xbel
[2014/03/01 10:21:21 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/02/28 17:47:29 | 000,001,387 | ---- | C] () -- C:\Users\Poppa\Desktop\dirty tile bump.smap
[2014/02/28 17:43:09 | 000,000,985 | ---- | C] () -- C:\Users\Poppa\Desktop\ShaderMap 2 (DEMO).lnk
[2014/02/28 17:40:11 | 000,006,118 | ---- | C] () -- C:\Users\Poppa\Desktop\dirty tile.jpg
[2014/02/25 17:08:14 | 000,115,676 | ---- | C] () -- C:\Users\Poppa\Documents\Untitled.png
[2014/02/24 18:01:32 | 000,254,006 | ---- | C] () -- C:\Users\Poppa\Documents\excel picture.jpg
[2014/02/24 18:00:21 | 000,042,496 | ---- | C] () -- C:\Users\Poppa\Documents\template of the report (1).wps
[2014/02/21 22:09:43 | 000,052,168 | ---- | C] () -- C:\Users\Poppa\Desktop\1942.ttf
[2014/02/21 16:51:14 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014/02/21 11:56:24 | 001,795,179 | ---- | C] () -- C:\Users\Poppa\Desktop\IMG_2886.JPG
[2014/02/21 11:55:58 | 001,735,129 | ---- | C] () -- C:\Users\Poppa\Desktop\IMG_2881.JPG
[2014/02/17 20:17:23 | 007,757,593 | ---- | C] () -- C:\Users\Poppa\Desktop\Car Ford F250 Regular Cab2009 N200111.3DS
[2014/02/17 19:39:43 | 000,002,681 | ---- | C] () -- C:\Users\Poppa\Desktop\CrosshairTexture.unitypackage
[2014/02/17 19:30:28 | 000,000,076 | ---- | C] () -- C:\extensions.ini
[2014/02/17 19:30:28 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2014/02/17 19:29:23 | 000,000,356 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/02/17 19:08:20 | 000,000,491 | ---- | C] () -- C:\Users\Poppa\Desktop\crosshair.lnk
[2014/02/17 12:56:23 | 510,664,402 | ---- | C] () -- C:\Users\Poppa\Desktop\New Unity Project 1.rar
[2014/02/14 19:52:05 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Action!.lnk
[2014/02/14 17:03:08 | 000,000,222 | ---- | C] () -- C:\Users\Poppa\Desktop\Outlast.url
[2014/02/14 14:20:59 | 009,152,000 | ---- | C] () -- C:\Users\Poppa\Desktop\Slender - The Eight Pages.exe
[2014/02/14 13:46:29 | 000,084,992 | ---- | C] () -- C:\Users\Poppa\AppData\Roaming\RZR_018017b741428a61356a9f8c87f8.db
[2014/02/14 13:03:02 | 000,001,920 | ---- | C] () -- C:\Users\Poppa\Desktop\Amnesia Demo.lnk
[2014/02/14 12:50:01 | 065,564,930 | ---- | C] () -- C:\Users\Poppa\Desktop\Slender_v0_9_7.zip
[2014/02/14 08:23:37 | 000,001,510 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2014/02/09 13:47:36 | 000,001,857 | ---- | C] () -- C:\Users\Poppa\Desktop\skin_2014020113374794223.png
[2014/02/03 18:51:23 | 003,154,385 | ---- | C] () -- C:\Users\Poppa\Desktop\the tunnel.obj
[2014/02/03 17:33:26 | 000,094,309 | ---- | C] () -- C:\Users\Poppa\Desktop\Horror.png
[2014/02/03 16:49:12 | 000,000,593 | ---- | C] () -- C:\Users\Poppa\Desktop\Horror Kit v1.0.lnk
[2013/08/21 20:13:21 | 001,229,097 | ---- | C] () -- C:\Windows\unins000.exe
[2013/08/21 20:13:21 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2013/08/21 20:13:21 | 000,076,330 | ---- | C] () -- C:\Windows\unins000.dat
[2013/05/28 15:22:48 | 000,641,024 | ---- | C] () -- C:\Windows\SysWow64\ficvdec_x86.dll
[2013/05/07 11:37:17 | 000,007,168 | ---- | C] () -- C:\Users\Poppa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/21 15:33:09 | 000,000,116 | ---- | C] () -- C:\Users\Poppa\Matrix.bat
[2012/12/12 18:28:45 | 000,587,351 | ---- | C] () -- C:\Users\Poppa\final copy.jpg
[2012/12/02 09:56:02 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/12/02 09:37:08 | 000,866,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/02 20:36:55 | 000,065,536 | -H-- | C] () -- C:\Windows\SysWow64\WebCamLib.dll
[2012/05/05 07:37:56 | 000,854,016 | ---- | C] () -- C:\Users\Poppa\Cartograph_G_Post_Processor.exe
[2012/05/05 07:37:56 | 000,518,656 | ---- | C] () -- C:\Users\Poppa\Cartograph_G_Renderer.exe
[2012/05/05 07:37:56 | 000,299,008 | ---- | C] () -- C:\Users\Poppa\corona.dll
[2012/05/05 07:37:56 | 000,164,352 | ---- | C] () -- C:\Users\Poppa\libpng14.dll
[2012/05/05 07:37:56 | 000,141,312 | ---- | C] () -- C:\Users\Poppa\zlibwapi.dll
[2012/05/05 07:37:56 | 000,092,672 | ---- | C] () -- C:\Users\Poppa\zlib1.dll
[2012/05/05 07:37:56 | 000,002,214 | ---- | C] () -- C:\Users\Poppa\Texture.png
[2012/05/05 07:37:56 | 000,000,121 | ---- | C] () -- C:\Users\Poppa\WLF.png
[2012/03/04 11:59:22 | 000,156,160 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2012/02/17 19:14:34 | 839,753,847 | ---- | C] () -- C:\Users\Poppa\AppData\Roaming\.minecraft.rar
[2011/09/18 17:15:27 | 000,017,008 | ---- | C] () -- C:\Users\Poppa\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/02 18:46:24 | 000,000,000 | -HSD | M] -- C:\Users\Poppa\AppData\Roaming\.#
[2014/02/27 17:22:49 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\.minecraft
[2012/12/02 00:04:41 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\.Nitrous
[2014/01/15 20:44:14 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\.technic
[2012/12/02 00:05:08 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\.techniclauncher
[2012/12/02 00:05:08 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\7600 Series
[2012/12/02 00:05:09 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Apowersoft
[2012/12/02 00:05:10 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Atari
[2013/08/21 09:54:41 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Audacity
[2013/09/03 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Autodesk
[2012/12/02 00:05:12 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\BANDISOFT
[2013/06/04 14:38:11 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Blender Foundation
[2013/04/23 14:00:06 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/12/02 00:05:12 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\com.w3i.fliptoast
[2014/03/01 15:53:35 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Dropbox
[2013/01/10 21:44:20 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\EPSON
[2014/02/14 17:06:15 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\ICAClient
[2014/03/03 19:49:13 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\ID Vault
[2012/12/02 00:05:13 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Leadertech
[2013/01/29 16:58:15 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\LEGO Company
[2012/12/02 00:05:13 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Lexmark Productivity Studio
[2014/02/17 19:56:53 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Mirillis
[2014/02/03 18:01:27 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\MonoDevelop-Unity-4.0
[2013/08/02 19:17:00 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Mumble
[2012/12/02 00:05:21 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Oberon Media
[2014/01/25 12:24:37 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\openvr
[2013/04/24 14:11:03 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\PDAppFlex
[2012/12/02 00:05:21 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\pymclevel
[2012/12/02 00:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\skyz
[2014/02/28 17:49:04 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\SM2
[2013/04/25 13:44:27 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/12/13 03:30:11 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\StartNow Toolbar
[2014/02/03 18:01:40 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\stetic
[2013/05/13 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Strongvault
[2012/12/02 00:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Template
[2012/12/02 00:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Tific
[2014/01/30 12:03:50 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Unity
[2013/08/21 11:10:00 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Video Media Download
[2012/12/02 00:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\W3i, LLC
[2012/12/02 00:05:23 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Wondershare
[2012/12/02 00:05:24 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Wondershare Video Converter Ultimate
[2012/12/02 00:05:24 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Worksimaging
[2013/10/03 10:48:57 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\WorldPainter

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Poppa\Documents\The Office.mp3:TOC.WMV

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 04 March 2014 - 06:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets see how this goes

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchy.easyl...315&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...315&lg=EN&cc=US
IE - HKLM\..\SearchScopes\{932594B8-F95A-4828-88A9-B3DB49194635}: "URL" = http://search.phpnuk...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.phpnuk...q={searchTerms}
IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://searchy.easyl...315&lg=EN&cc=US
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startn...eferrer:source}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AmiExt\flashEnhancer\ff [2014/02/17 19:29:39 | 000,000,000 | ---D | M]
[2014/02/17 19:29:39 | 000,000,000 | ---D | M] (flash-Enhancer) -- C:\PROGRAM FILES (X86)\AMIEXT\FLASHENHANCER\FF
O2 - BHO: (DeownLOad kEeepoer) - {160B4FFA-4630-536C-0A45-D70777FED988} - C:\ProgramData\DeownLOad kEeepoer\MW6Rq4.dll ()
O2 - BHO: (no name) - {27a220b7-bb43-4faf-b27b-f803d18eea28} - No CLSID value found.
O2 - BHO: (Ginyas Browser Companion) - {2d8c4843-765f-4827-bafa-8c318284e4d8} - C:\Program Files (x86)\GinyasBrowserCompanions\jsloader.dll ()
O2 - BHO: (flash-Enhancer) - {5A60B6BB-FA81-4EFA-AB9C-A820E2143736} - C:\Program Files (x86)\AmiExt\flashEnhancer\ie\flashEnhancer.dll ()
O2 - BHO: (Fantapper) - {8A86D350-37AB-410A-8531-7D1363F317B3} - C:\Program Files (x86)\Brand Affinity Technologies\Fantapper Player\\IEInstaller.dll ()
O2 - BHO: (DownloAidd keeper) - {9CDF47EC-CA06-66A4-B7DF-B60BA8973F72} - C:\ProgramData\DownloAidd keeper\WHTV28.dll ()
O2 - BHO: (DownLoad kEeper) - {A3967805-E285-2AB5-EE4D-752E1F351801} - C:\ProgramData\DownLoad kEeper\yaXb.dll ()
O2 - BHO: (DownLoad kEeper) - {A683F472-B1CD-27B4-40CB-B6D6B6408769} - C:\ProgramData\DownLoad kEeper\xYY3b2y.dll ()
O2 - BHO: (SearchNewTab) - {A8F13239-FA09-3132-DFAE-2CF5CF2200E3} - C:\ProgramData\SearchNewTab\uhcxD.dll ()
O2 - BHO: (DownlOad kEepoEr) - {DE15F3FB-6F83-4071-35D8-079688DB8B59} - C:\ProgramData\DownlOad kEepoEr\GCrv.dll ()
O2 - BHO: (SearchNewTab) - {E8C4D993-92EA-890D-145F-138606B2ECE3} - C:\ProgramData\SearchNewTab\_MaGmeNMV.dll ()
O4 - HKCU..\Run: [StartNow Search Protect] C:\Program Files (x86)\StartNow Toolbar\search_protect.exe ()
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
[2014/02/17 19:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightspark 0.5.3-git
[2014/02/17 19:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lightspark 0.5.3-git
[2014/02/17 19:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmiExt
[2014/02/17 19:29:23 | 000,000,000 | ---D | C] -- C:\Users\Poppa\AppData\Local\SwvUpdater
[2014/03/03 16:48:01 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2012/12/02 18:46:24 | 000,000,000 | -HSD | M] -- C:\Users\Poppa\AppData\Roaming\.#
[2013/05/13 20:10:25 | 000,000,000 | ---D | M] -- C:\Users\Poppa\AppData\Roaming\Strongvault

:Files
C:\Program Files (x86)\AmiExt
C:\Program Files (x86)\SweetIM
C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfagnkahgbpnbhdjofkgnndegeomacjb
C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\fckiaekaljebhnoipjjbcnnpjgjiioad
C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgcjecomkebbohfjgmncelbhogbbokf
C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
C:\Users\Poppa\AppData\Local\Google\Chrome\User Data\Default\Extensions\plgpbaimnchocgjfclmachhkbefadglp

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#3
Essexboy
Posted 09 March 2014 - 11:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP