Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

papo's log


  • Please log in to reply

#1
justyn07

justyn07

    Member

  • Member
  • PipPip
  • 28 posts
Attached File  OTL.Txt   85.6KB   120 downloads Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 60.97% Memory free
10.00 Gb Paging File | 8.27 Gb Available in Paging File | 82.73% Paging File free
Paging file location(s): F:\pagefile.sys 6142 6142C:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 382.87 Gb Free Space | 54.81% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 83.99 Mb Free Space | 84.00% Space Free | Partition Type: NTFS
Drive G: | 149.05 Gb Total Space | 148.96 Gb Free Space | 99.94% Space Free | Partition Type: NTFS
Drive H: | 931.51 Gb Total Space | 730.42 Gb Free Space | 78.41% Space Free | Partition Type: NTFS

Computer Name: PAPO-PC | User Name: PAPO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/23 17:55:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PAPO\Downloads\OTL.exe
PRC - [2013/01/13 13:11:59 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 23:12:35 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 14:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 15:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/12/19 14:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/09/12 23:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 23:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/08/05 14:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2011/08/05 14:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2011/08/05 14:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 17:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/13 13:12:01 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/24 14:07:43 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 23:12:35 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 15:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2004/08/17 20:00:00 | 000,077,844 | -H-- | M] () [Auto | Running] -- C:\Windows\SysWOW64\FastUserSwitchingCompatibilityex.dll -- (FastUserSwitchingCompatibility)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/19 15:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 14:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 06:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/09/27 15:56:04 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/08/31 00:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/16 23:41:48 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2012/04/09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/13 17:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011/03/18 16:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/03/18 16:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/16 03:24:16 | 000,015,672 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2010/05/20 17:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/23 20:07:34 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/03/02 01:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=07-11-2012
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D0 4D 9C 6C C9 87 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ece24dcf-8548-4655-b392-47a388721482} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=07-11-2012
IE - HKCU\..\SearchScopes\{6D03BC13-DF8B-45AA-A638-56413D5749C1}: "URL" = http://search.condui...974259712255550
IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird


========== Chrome ==========

CHR - homepage: http://www.msn.com/?...CID=msnHomepage
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.msn.com/?...CID=msnHomepage
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\PAPO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Audi A4 = C:\Users\PAPO\AppData\Local\Google\Chrome\User Data\Default\Extensions\clgeplfgcckokjmfbjhpbhaobcfoncfh\1_0\
CHR - Extension: AdBlock = C:\Users\PAPO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: Skype Click to Call = C:\Users\PAPO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\

O1 HOSTS File: ([2013/01/20 23:10:43 | 000,001,543 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 192.157.56.28 www.google-analytics.com.
O1 - Hosts: 192.157.56.28 ad-emea.doubleclick.net.
O1 - Hosts: 192.157.56.28 www.statcounter.com.
O1 - Hosts: 192.157.56.28 connect.facebook.net.
O1 - Hosts: 192.157.56.28 platform.twitter.com.
O1 - Hosts: 93.115.241.27 www.google-analytics.com.
O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.
O1 - Hosts: 93.115.241.27 www.statcounter.com.
O1 - Hosts: 93.115.241.27 connect.facebook.net.
O1 - Hosts: 93.115.241.27 platform.twitter.com.
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
F3:64bit: - HKCU WinNT: Load - (C:\Users\PAPO\LOCALS~1\Temp\msoyvibrx.exe) - File not found
F3 - HKCU WinNT: Load - (C:\Users\PAPO\LOCALS~1\Temp\msoyvibrx.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} http://www.convergys...om/AppHardT.CAB (WNICheck2 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D3FD2703-EFA4-49E5-B5F9-A43BB404D08E}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{26a3a862-bfbb-11e0-b7a4-00e04dbca2d6}\Shell - "" = AutoRun
O33 - MountPoints2\{26a3a862-bfbb-11e0-b7a4-00e04dbca2d6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_the_witcher_2_ee_3.0.1.17.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/21 21:52:11 | 000,000,000 | ---D | C] -- C:\Users\PAPO\Documents\ShopToWin
[2013/01/21 10:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013/01/21 10:31:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013/01/21 10:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013/01/21 10:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2013/01/15 13:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/01/13 13:37:46 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Ywarok
[2013/01/13 13:37:46 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Mupe
[2013/01/13 13:37:46 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Abuh
[2013/01/13 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Laofn
[2013/01/13 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Ivybn
[2013/01/13 13:34:19 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Adyc
[2013/01/13 13:30:52 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Yrdo
[2013/01/13 13:30:52 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Vyqu
[2013/01/13 13:30:52 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Ukkune
[2013/01/13 13:30:19 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Ugeddo
[2013/01/13 13:30:19 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Osoca
[2013/01/13 13:30:19 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Kyatzy
[2013/01/13 13:01:18 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Kiyga
[2013/01/13 13:01:18 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Ixykam
[2013/01/13 13:01:18 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Ateg
[2013/01/13 12:03:17 | 000,000,000 | ---D | C] -- C:\Users\PAPO\Documents\ALI213
[2013/01/12 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Yxbo
[2013/01/12 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Ydixi
[2013/01/12 18:14:16 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Wouq
[2013/01/12 18:14:03 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Urwout
[2013/01/12 18:14:03 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Lyruc
[2013/01/12 18:14:03 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\Abyka
[2013/01/12 18:13:38 | 000,000,000 | ---D | C] -- C:\Users\PAPO\AppData\Roaming\b0e4365d-fe98-4741-b0e1-77e284efa1f479
[2013/01/08 21:57:12 | 000,000,000 | ---D | C] -- C:\Users\PAPO\Documents\TurboTax
[2013/01/08 21:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/23 17:21:59 | 000,021,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 17:21:59 | 000,021,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/23 17:14:45 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/23 17:14:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/23 17:14:05 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/23 17:12:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/23 17:11:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/22 10:14:41 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/22 10:14:41 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/22 10:14:41 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/21 21:51:12 | 000,000,009 | ---- | M] () -- C:\END
[2013/01/21 21:51:09 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/20 23:10:43 | 000,001,543 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/15 13:43:27 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/01/14 21:43:27 | 000,183,112 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/14 21:40:36 | 000,183,112 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/01/14 14:06:11 | 000,121,410 | ---- | M] () -- C:\Users\PAPO\Documents\Credit_Card_Payment_Receipt.pdf
[2013/01/14 10:45:56 | 000,140,441 | ---- | M] () -- C:\Users\PAPO\Documents\f1040ez.pdf
[2013/01/14 09:51:12 | 000,002,215 | ---- | M] () -- C:\Users\PAPO\Desktop\Google Chrome.lnk
[2013/01/13 12:03:12 | 000,001,752 | ---- | M] () -- C:\Users\PAPO\Desktop\dxhr - Shortcut.lnk
[2013/01/12 13:58:00 | 000,455,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/12 13:52:09 | 000,773,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/08 21:35:04 | 000,000,629 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/08 21:34:09 | 000,002,535 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
[2013/01/03 21:31:48 | 000,000,218 | ---- | M] () -- C:\Users\PAPO\AppData\Local\recently-used.xbel
[2012/12/24 18:33:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[12 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/21 21:51:12 | 000,000,009 | ---- | C] () -- C:\END
[2013/01/21 21:51:09 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/15 13:43:27 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/01/14 14:06:11 | 000,121,410 | ---- | C] () -- C:\Users\PAPO\Documents\Credit_Card_Payment_Receipt.pdf
[2013/01/14 10:45:56 | 000,140,441 | ---- | C] () -- C:\Users\PAPO\Documents\f1040ez.pdf
[2013/01/13 12:03:12 | 000,001,752 | ---- | C] () -- C:\Users\PAPO\Desktop\dxhr - Shortcut.lnk
[2013/01/08 21:34:09 | 000,002,535 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax 2012.lnk
[2013/01/03 21:31:48 | 000,000,218 | ---- | C] () -- C:\Users\PAPO\AppData\Local\recently-used.xbel
[2012/12/24 18:33:50 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2012/12/24 18:33:48 | 000,000,001 | -HS- | C] () -- C:\BOOTNXT
[2012/06/12 12:12:19 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/11 00:26:31 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/15 00:52:52 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/12 12:26:59 | 000,773,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/06 13:52:52 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/08/06 13:52:51 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/08/06 13:52:49 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011/08/05 19:52:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/09 20:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2013/01/18 14:21:10 | 000,002,048 | -HS- | M] () -- C:\$Recycle.bin\S-1-5-18\$a8e465241e68361c81cbab1d3cde02fb\@
[2013/01/12 18:13:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$a8e465241e68361c81cbab1d3cde02fb\L
[2013/01/12 18:13:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$a8e465241e68361c81cbab1d3cde02fb\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/16 09:42:34 | 000,000,000 | -HSD | M] -- C:\Users\PAPO\AppData\Roaming\735B8A
[2012/03/26 11:27:00 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\7Wonders
[2013/01/13 13:37:46 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Abuh
[2013/01/18 10:46:01 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Abyka
[2013/01/15 10:40:10 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Adyc
[2013/01/13 13:01:18 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Ateg
[2012/03/19 23:47:40 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Audacity
[2012/10/06 00:21:47 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Azureus
[2013/01/13 13:00:20 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\b0e4365d-fe98-4741-b0e1-77e284efa1f479
[2012/01/31 14:10:00 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Babylon
[2013/01/03 18:28:25 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\BitLord
[2011/10/15 00:53:14 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Daedalic Entertainment
[2013/01/21 21:53:45 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\DAEMON Tools Lite
[2012/09/27 15:15:19 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\DAEMON Tools Pro
[2012/02/27 13:56:47 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\DisplayFusion
[2012/05/07 11:44:56 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\DisplayTune
[2011/10/04 05:13:56 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Emergency Soft
[2011/12/07 23:27:59 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\ESET
[2011/08/05 21:17:55 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\GameHouse
[2012/03/16 11:27:17 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\GamesBar
[2011/11/09 23:09:34 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Garmin
[2012/03/24 20:52:45 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\gtk-2.0
[2013/01/13 13:34:19 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Ivybn
[2013/01/15 10:40:03 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Ixykam
[2013/01/13 13:01:18 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Kiyga
[2013/01/15 10:39:56 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Kyatzy
[2013/01/13 13:34:19 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Laofn
[2011/08/12 17:58:40 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Leadertech
[2011/08/14 12:45:52 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Lionhead Studios
[2012/06/23 20:25:21 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Lunascape
[2013/01/19 09:39:55 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Lyruc
[2013/01/13 13:37:46 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Mupe
[2011/12/05 00:27:10 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Need for Speed World
[2013/01/13 13:30:19 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Osoca
[2012/10/10 22:58:20 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Party
[2012/07/26 11:09:00 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Propellerhead Software
[2012/09/24 13:21:23 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\PunkBuster
[2012/07/25 21:28:29 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Python-Eggs
[2012/08/30 22:11:53 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\runic games
[2011/11/04 00:43:47 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\SWiSH Max4
[2012/08/08 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Thinstall
[2013/01/13 13:30:19 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Ugeddo
[2013/01/13 13:30:52 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Ukkune
[2013/01/12 18:14:03 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Urwout
[2013/01/13 13:30:52 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Vyqu
[2011/08/08 00:19:01 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\wargaming.net
[2012/09/18 01:23:30 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\WeatherWatcherLive
[2012/08/30 22:21:06 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\WildTangent
[2013/01/12 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Wouq
[2012/06/12 01:11:48 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Xilisoft
[2013/01/12 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Ydixi
[2013/01/15 10:39:49 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Yrdo
[2013/01/15 10:39:42 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Ywarok
[2013/01/12 18:14:16 | 000,000,000 | ---D | M] -- C:\Users\PAPO\AppData\Roaming\Yxbo

========== Purity Check ==========



< End of report >L.Txt]
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP