Jump to content

Browser homepage URL hijack - Firefox and Chrome

cadetpirx
 Share

Recommended Posts

cadetpirx

cadetpirx

Posted
Posted

Hi,

 

I need help removing something that is hijacking my homepages for both Chrome and FF. The unwanted homepage URL is:

 

http://search.yahoo.com?type=714647&fr=spigot-yhp-ch

 

I've done some cleaning but haven't had luck removing this issue. See my DDS logs below:

 

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16618  BrowserJavaVersion: 10.7.2
Run by Stoffel at 13:43:18 on 2013-08-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8183.5498 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files (x86)\Subsonic\subsonic-service.exe
C:\Program Files (x86)\Subsonic\subsonic-service.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Users\Stoffel\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Users\Stoffel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Stoffel\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Subsonic\subsonic-agent.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Stoffel\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Pidgin] "C:\Program Files (x86)\Pidgin\pidgin.exe"
uRun: [F.lux] "C:\Users\Stoffel\Local Settings\Apps\F.lux\flux.exe" /noshow
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [spotify Web Helper] "C:\Users\Stoffel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Akamai NetSession Interface] "C:\Users\Stoffel\AppData\Local\Akamai\netsession_win.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Stoffel\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Subsonic.lnk - C:\Program Files (x86)\Subsonic\subsonic-agent.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5A2FDC48-23D6-4064-9481-4B04F5769EA6} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stoffel\AppData\Roaming\Mozilla\Firefox\Profiles\k346xno4.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Users\Stoffel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stoffel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Stoffel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Stoffel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Stoffel\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-4-13 21544]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2012-4-13 68136]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2012-4-13 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-4-13 30528]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-2 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-13 346144]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-2 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 vncserver;VNC Server;C:\Program Files\RealVNC\VNC Server\vncserver.exe [2012-7-14 4714888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-14 1255736]
.
=============== Created Last 30 ================
.
2013-08-25 20:13:17 -------- d-----w- C:\_OTL
2013-08-25 11:08:17 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7244A0EB-FC9B-4806-8979-209CF304C9CF}\mpengine.dll
2013-08-25 08:29:38 -------- d-----w- C:\Users\Stoffel\AppData\Local\Diagnostics
2013-08-25 03:09:06 -------- d-----w- C:\Users\Stoffel\AppData\Roaming\.minecraft
2013-08-25 02:17:43 -------- d-----w- C:\Users\Stoffel\AppData\Roaming\Mumble
2013-08-24 22:30:50 -------- d-----w- C:\Users\Stoffel\AppData\Roaming\Malwarebytes
2013-08-24 22:30:32 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-24 22:30:31 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-08-24 22:30:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-24 22:25:49 -------- d-----w- C:\Windows\ERUNT
2013-08-24 21:55:09 -------- d-----w- C:\AdwCleaner
2013-08-24 21:11:36 -------- d-----w- C:\Program Files (x86)\Mumble
2013-08-24 20:56:25 -------- d-----w- C:\Windows\System32\MRT
2013-08-24 20:51:16 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-08-24 20:51:16 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-08-24 03:10:54 9515512 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 06:31:38 -------- d-----w- C:\ProgramData\Atlassian
2013-08-23 06:29:39 -------- d-----w- C:\Users\Stoffel\AppData\Roaming\Unity
2013-08-23 06:26:24 -------- d-----w- C:\ProgramData\Unity
2013-08-23 06:16:49 -------- d-----w- C:\Program Files (x86)\Unity
2013-08-23 06:07:13 -------- d-----w- C:\Users\Stoffel\AppData\Local\Atlassian
2013-08-23 06:03:56 -------- d-----w- C:\ProgramData\Caphyon
2013-08-23 06:03:54 -------- d-----w- C:\Program Files (x86)\Atlassian
2013-08-23 05:57:07 -------- d-----w- C:\Users\Stoffel\AppData\Roaming\Atlassian
2013-08-23 03:10:50 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F16E67C2-54A9-4221-A9B4-975D5EFB7F87}\gapaengine.dll
2013-08-21 03:06:17 17737608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-08-02 23:20:56 -------- d-----w- C:\Users\Stoffel\AppData\Local\CutePDF Writer
.
==================== Find3M  ====================
.
2013-08-25 20:14:46 25640 ----a-w- C:\Windows\gdrv.sys
2013-08-21 04:20:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 04:20:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-05-29 06:27:10 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2013-05-29 06:27:10 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2013-05-29 06:27:10 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2013-05-29 06:27:10 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 13:43:27.94 ===============
 
 
attach.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 4/13/2012 3:15:43 PM
System Uptime: 8/25/2013 1:14:31 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | P55A-UD3
Processor: Intel® Core i5 CPU         760  @ 2.80GHz | Socket 1156 | 2794/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 92.226 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 719.328 GiB free.
F: is CDROM (CDFS)
G: is FIXED (NTFS) - 1863 GiB total, 851.459 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&43FAD29&0&00E1
Manufacturer: Realtek
Name: Realtek PCIe GBE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_06\4&43FAD29&0&00E1
Service: RTL8167
.
==== System Restore Points ===================
.
RP1262: 8/16/2013 2:00:17 AM - Automatic creation
RP1264: 8/17/2013 2:00:17 AM - Automatic creation
RP1267: 8/18/2013 2:00:17 AM - Automatic creation
RP1271: 8/19/2013 2:00:18 AM - Automatic creation
RP1273: 8/20/2013 2:00:18 AM - Automatic creation
RP1277: 8/21/2013 2:00:18 AM - Automatic creation
RP1281: 8/22/2013 2:00:10 AM - Automatic creation
RP1285: 8/23/2013 2:00:10 AM - Automatic creation
RP1295: 8/24/2013 4:06:26 PM - Automatic creation
RP1299: 8/25/2013 2:00:07 AM - Automatic creation
.
==== Installed Programs ======================
.
@BIOS
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Akamai NetSession Interface
Amnesia: The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoGreen B09.1014.2
Beat Hazard
Bonjour
BUG Mod 4.4
calibre
CCleaner
CutePDF Writer 2.8
dBpoweramp DSP Effects
dBpoweramp Music Converter
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DES 2.0
DisplayFusion 3.4.1
Dropbox
Easy Tune 6 B10.0521.1
EPSON NX410 Series Printer Uninstall
EPSON Scan
Evernote v. 4.5.4
Exact Audio Copy 0.99pb5
F.lux
foobar2000 v1.1.11
Foxit Reader
GIMP 2.6.12
Glary Utilities 2.44.0.1450
Google Chrome
Google Earth
Google Talk Plugin
Hotline Miami
ImgBurn
iTunes
Java 7 Update 7
Java 7 Update 9 (64-bit)
Java Auto Updater
Java 6 Update 31
Java SE Development Kit 7 Update 2
JavaFX 2.0.2 SDK
JavaFX 2.0.3
K-Lite Codec Pack 8.6.0 (Full)
Kerbal Space Program Demo
KeyHoleTV
LastPass (uninstall only)
Left 4 Dead 2
MagicDisc 2.7.106
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300
MBSS Galaxies  6.0
Microsoft .NET Framework 4.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Monaco
Mozilla Firefox 11.0 (x86 en-US)
Mp3tag v2.52
Mumble 1.2.4
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA 3D Vision Controller Driver 296.10
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
ON_OFF Charge B10.0427.1
OpenAL
Oracle VM VirtualBox 4.2.6
Pidgin
QuickTime
Rainmeter
Really Slick Screensavers 0.2
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Rosetta Stone Version 3
S.T.A.L.K.E.R.: Clear Sky
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Sid Meier's Civilization V
Skype™ 5.9
Smart 6 B10.0422.1
SourceTree
SpaceChem
Spotify
Steam
Subsonic
SyncBack
TagScanner 5.1.620
Team Fortress 2
TeraCopy 2.27
Terraria
The Binding of Isaac
tools-windows
Total Commander 64-bit (Remove or Repair)
Ubisoft Game Launcher
Unity
Unity Web Player
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Ventrilo Client for Windows x64
VLC media player 2.0.1
VmciSockets
VMware Player
VNC Mirror Driver 1.8.0
VNC Printer Driver 1.8.0
VNC Server 5.0.1
VNC Viewer 5.0.1
WinSCP 4.3.7
Zen Bound® 2
.
==== Event Viewer Messages From Past Week ========
.
8/25/2013 1:16:48 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/25/2013 1:16:48 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
8/25/2013 1:14:48 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  mv91cons mv91xx
8/25/2013 1:13:17 PM, Error: Service Control Manager [7034]  - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 
 
Thanks!
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello cadetpirx and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
Link to post
Share on other sites
cadetpirx

cadetpirx

Posted
  • Author
Posted

Hi Borislav,

 

Thanks for taking this on! Extras.txt was not created but OTL.txt is pasted below:

OTL.txt

 

OTL logfile created on: 8/25/2013 4:00:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Stoffel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 5.22 Gb Available Physical Memory | 65.30% Memory free
15.98 Gb Paging File | 12.84 Gb Available in Paging File | 80.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238.37 Gb Total Space | 92.39 Gb Free Space | 38.76% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 719.33 Gb Free Space | 77.22% Space Free | Partition Type: NTFS
Drive F: | 538.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1863.01 Gb Total Space | 851.46 Gb Free Space | 45.70% Space Free | Partition Type: NTFS
 
Computer Name: SHARDIK | User Name: Stoffel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/25 12:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stoffel\Desktop\OTL.exe
PRC - [2013/07/26 15:46:24 | 000,563,624 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/07/26 15:46:22 | 001,807,272 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/06/05 01:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Stoffel\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/12 05:20:08 | 000,215,040 | ---- | M] () -- C:\Program Files (x86)\Subsonic\subsonic-service.exe
PRC - [2012/09/12 05:20:06 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Subsonic\subsonic-agent.exe
PRC - [2012/05/08 00:23:36 | 000,932,528 | ---- | M] () -- C:\Users\Stoffel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/03/25 21:28:40 | 000,049,340 | ---- | M] (The Pidgin developer community) -- C:\Program Files (x86)\Pidgin\pidgin.exe
PRC - [2012/01/18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012/01/18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012/01/12 11:54:26 | 000,095,640 | ---- | M] (Binary Fortress Software) -- C:\Program Files (x86)\DisplayFusion\AppHookx86.exe
PRC - [2010/04/22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2009/10/20 21:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Stoffel\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/08/15 20:21:41 | 000,410,576 | ---- | M] () -- C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppgooglenaclpluginchrome.dll
MOD - [2013/08/15 20:21:39 | 004,053,456 | ---- | M] () -- C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll
MOD - [2013/08/15 20:20:49 | 000,709,584 | ---- | M] () -- C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\29.0.1547.57\libglesv2.dll
MOD - [2013/08/15 20:20:48 | 000,099,792 | ---- | M] () -- C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\29.0.1547.57\libegl.dll
MOD - [2013/08/15 20:20:46 | 001,604,560 | ---- | M] () -- C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\29.0.1547.57\ffmpegsumo.dll
MOD - [2013/07/26 15:46:24 | 001,122,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/07/15 15:32:40 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/07/01 09:20:48 | 000,652,800 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/06/14 16:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 16:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 16:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/01/28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/01/28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/09/12 05:20:06 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\Subsonic\subsonic-agent.exe
MOD - [2012/05/08 00:23:36 | 000,932,528 | ---- | M] () -- C:\Users\Stoffel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/04/13 15:57:59 | 000,904,525 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
MOD - [2012/04/13 15:57:59 | 000,535,264 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
MOD - [2012/04/13 15:57:59 | 000,482,872 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
MOD - [2012/04/13 15:57:59 | 000,279,059 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
MOD - [2012/04/13 15:57:59 | 000,219,305 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
MOD - [2012/04/13 15:57:59 | 000,143,096 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
MOD - [2012/04/13 15:57:59 | 000,095,189 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
MOD - [2012/04/13 15:57:59 | 000,090,496 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2012/04/13 15:57:59 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
MOD - [2012/03/25 21:28:42 | 000,036,068 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
MOD - [2012/03/25 21:28:42 | 000,030,333 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
MOD - [2012/03/25 21:28:42 | 000,023,455 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
MOD - [2012/03/25 21:28:42 | 000,022,901 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
MOD - [2012/03/25 21:28:40 | 000,338,072 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libjabber.dll
MOD - [2012/03/25 21:28:40 | 000,302,791 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
MOD - [2012/03/25 21:28:40 | 000,256,529 | ---- | M] () -- C:\Program Files (x86)\Pidgin\liboscar.dll
MOD - [2012/03/25 21:28:40 | 000,194,434 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libymsg.dll
MOD - [2012/03/25 21:28:40 | 000,184,224 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libgg.dll
MOD - [2012/03/25 21:28:40 | 000,149,384 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
MOD - [2012/03/25 21:28:40 | 000,121,476 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
MOD - [2012/03/25 21:28:40 | 000,096,443 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
MOD - [2012/03/25 21:28:40 | 000,092,138 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
MOD - [2012/03/25 21:28:40 | 000,088,548 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
MOD - [2012/03/25 21:28:40 | 000,079,922 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libirc.dll
MOD - [2012/03/25 21:28:40 | 000,073,584 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
MOD - [2012/03/25 21:28:40 | 000,063,229 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
MOD - [2012/03/25 21:28:40 | 000,045,348 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
MOD - [2012/03/25 21:28:40 | 000,039,509 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
MOD - [2012/03/25 21:28:40 | 000,024,487 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
MOD - [2012/03/25 21:28:40 | 000,024,106 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ticker.dll
MOD - [2012/03/25 21:28:40 | 000,023,390 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
MOD - [2012/03/25 21:28:40 | 000,022,335 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\notify.dll
MOD - [2012/03/25 21:28:40 | 000,019,854 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
MOD - [2012/03/25 21:28:40 | 000,019,058 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
MOD - [2012/03/25 21:28:40 | 000,018,502 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
MOD - [2012/03/25 21:28:40 | 000,017,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
MOD - [2012/03/25 21:28:40 | 000,017,519 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
MOD - [2012/03/25 21:28:40 | 000,014,951 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
MOD - [2012/03/25 21:28:40 | 000,014,905 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\markerline.dll
MOD - [2012/03/25 21:28:40 | 000,014,619 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
MOD - [2012/03/25 21:28:40 | 000,013,589 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
MOD - [2012/03/25 21:28:40 | 000,013,528 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\history.dll
MOD - [2012/03/25 21:28:40 | 000,012,665 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\idle.dll
MOD - [2012/03/25 21:28:40 | 000,012,177 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
MOD - [2012/03/25 21:28:40 | 000,011,669 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
MOD - [2012/03/25 21:28:40 | 000,011,163 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libicq.dll
MOD - [2012/03/25 21:28:40 | 000,010,860 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
MOD - [2012/03/25 21:28:40 | 000,010,624 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
MOD - [2012/03/25 21:28:40 | 000,010,232 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\libaim.dll
MOD - [2012/03/25 21:28:40 | 000,010,203 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
MOD - [2012/03/25 21:28:40 | 000,010,075 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\relnot.dll
MOD - [2012/03/25 21:28:40 | 000,010,026 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\psychic.dll
MOD - [2012/03/25 21:28:40 | 000,009,126 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\newline.dll
MOD - [2012/03/25 21:28:40 | 000,008,793 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
MOD - [2012/03/25 21:28:40 | 000,007,899 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
MOD - [2012/03/25 21:28:40 | 000,007,511 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
MOD - [2012/03/25 21:28:40 | 000,007,162 | ---- | M] () -- C:\Program Files (x86)\Pidgin\plugins\ssl.dll
MOD - [2012/03/25 21:28:36 | 000,582,656 | ---- | M] () -- C:\Program Files (x86)\Pidgin\exchndl.dll
MOD - [2012/03/25 21:28:36 | 000,475,580 | ---- | M] () -- C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
MOD - [2012/03/25 21:26:20 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Pidgin\sqlite3.dll
MOD - [2012/03/25 21:26:16 | 002,719,062 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
MOD - [2012/03/25 21:26:16 | 001,206,642 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
MOD - [2012/03/25 21:26:14 | 000,173,805 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
MOD - [2012/03/25 21:26:04 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Pidgin\libxml2-2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/08/28 23:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Stoffel\Local Settings\Apps\F.lux\flux.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/06/29 21:01:42 | 004,714,888 | ---- | M] (RealVNC Ltd) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC Server\vncserver.exe -- (vncserver)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/08/20 21:20:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/26 15:46:24 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/02/27 00:27:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/12 05:20:08 | 000,215,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Subsonic\subsonic-service.exe -- (Subsonic)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/18 16:11:40 | 000,433,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/01/18 16:11:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/01/18 13:27:20 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/08/29 22:11:04 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 05:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 05:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/10/13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/17 16:13:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe -- (DES2 Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/02/18 09:22:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/29 20:39:02 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2012/05/28 07:09:04 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 16:11:58 | 000,031,344 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2012/01/18 16:11:56 | 000,063,088 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/01/18 16:11:08 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012/01/18 16:10:38 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/01/18 13:06:00 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/01/18 13:06:00 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/08/29 22:11:04 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/04 06:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/26 08:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/10/26 08:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2013/08/25 13:14:46 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/04/14 14:27:56 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 C6 14 87 58 E1 CD 01  [binary data]
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..\SearchScopes\{FA77F656-8D08-4DC9-8160-84E22417429F}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com?type=714647&fr=spigot-yhp-ff"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Stoffel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Stoffel\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Stoffel\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stoffel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stoffel\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stoffel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/30 00:07:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/04/14 15:25:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stoffel\AppData\Roaming\Mozilla\Extensions
[2013/08/24 15:29:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stoffel\AppData\Roaming\Mozilla\Firefox\Profiles\k346xno4.default\extensions
[2012/11/06 09:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Stoffel\AppData\Roaming\Mozilla\Firefox\Profiles\k346xno4.default\extensions\putlockerdownloader@putlockerdownloader.com.xpi
[2013/08/24 13:31:37 | 000,000,915 | ---- | M] () -- C:\Users\Stoffel\AppData\Roaming\Mozilla\Firefox\Profiles\k346xno4.default\searchplugins\yahoo.xml
[2012/04/13 15:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/13 15:55:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/12 21:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/12 21:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 21:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\29.0.1547.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stoffel\AppData\Local\Google\Chrome\Application\29.0.1547.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Stoffel\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - Extension: Entanglement = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Bejeweled = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YouTube = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: OneTab = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.5_0\
CHR - Extension: Google Search = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Facebook Disconnect = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: DoNotTrackMe = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.9.815_0\
CHR - Extension: AdBlock = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: Cryptocat = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij\2.1.12_0\
CHR - Extension: LastPass = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.5_0\
CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_0\
CHR - Extension: MiniSub = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc\2.4.1_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.0.1_0\
CHR - Extension: Poppit = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Dark Horizon = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncjjeokpcnllmmbbipeaagmdpdpiadin\1.0_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Gmail = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-384163472-3497793350-581274558-1000..\Run: [Akamai NetSession Interface] C:\Users\Stoffel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-384163472-3497793350-581274558-1000..\Run: [DisplayFusion] C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe (Binary Fortress Software)
O4 - HKU\S-1-5-21-384163472-3497793350-581274558-1000..\Run: [F.lux] C:\Users\Stoffel\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-384163472-3497793350-581274558-1000..\Run: [Pidgin] C:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - HKU\S-1-5-21-384163472-3497793350-581274558-1000..\Run: [spotify Web Helper] C:\Users\Stoffel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-384163472-3497793350-581274558-1000..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Stoffel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15 - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..Trusted Ranges: Range2 ([https] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A2FDC48-23D6-4064-9481-4B04F5769EA6}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/25 14:02:01 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\Desktop\logs
[2013/08/25 13:36:58 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Stoffel\Desktop\dds.com
[2013/08/25 13:13:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/25 12:51:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stoffel\Desktop\OTL.exe
[2013/08/25 01:29:38 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Local\Diagnostics
[2013/08/24 20:09:06 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Roaming\.minecraft
[2013/08/24 19:17:43 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Roaming\Mumble
[2013/08/24 15:30:50 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Roaming\Malwarebytes
[2013/08/24 15:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/24 15:30:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/24 15:30:31 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/24 15:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/24 15:25:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/24 15:24:51 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\Stoffel\Desktop\JRT.exe
[2013/08/24 14:55:09 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/24 14:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2013/08/24 14:11:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mumble
[2013/08/24 13:56:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/22 23:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Atlassian
[2013/08/22 23:29:39 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Roaming\Unity
[2013/08/22 23:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Unity
[2013/08/22 23:18:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Unity Projects
[2013/08/22 23:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity
[2013/08/22 23:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity
[2013/08/22 23:07:13 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Local\Atlassian
[2013/08/22 23:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2013/08/22 23:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atlassian
[2013/08/22 23:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atlassian
[2013/08/22 22:57:07 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Roaming\Atlassian
[2013/08/22 22:50:00 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\Documents\Unity 3D 4.1.2f1
[2013/08/08 21:29:03 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013/08/05 17:32:43 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BUG Mod 4.4
[2013/08/03 12:50:05 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\Documents\Mika
[2013/08/02 16:20:56 | 000,000,000 | ---D | C] -- C:\Users\Stoffel\AppData\Local\CutePDF Writer
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/25 15:59:38 | 000,000,600 | ---- | M] () -- C:\Users\Stoffel\AppData\Local\PUTTY.RND
[2013/08/25 15:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/25 13:37:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Stoffel\Desktop\dds.com
[2013/08/25 13:21:45 | 001,460,020 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/25 13:21:45 | 000,725,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/25 13:21:45 | 000,454,360 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2013/08/25 13:21:45 | 000,143,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/25 13:21:45 | 000,143,488 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2013/08/25 13:21:14 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/08/25 13:19:54 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 13:19:54 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 13:14:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/25 13:14:38 | 2140,741,631 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/25 12:51:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stoffel\Desktop\OTL.exe
[2013/08/25 01:00:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\SyncBack NAS Sync.job
[2013/08/24 19:18:55 | 000,002,378 | ---- | M] () -- C:\Users\Stoffel\Documents\MumbleAutomaticCertificateBackup.p12
[2013/08/24 15:30:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/24 15:24:45 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\Stoffel\Desktop\JRT.exe
[2013/08/24 15:17:39 | 003,814,400 | ---- | M] () -- C:\Users\Stoffel\Desktop\RogueKillerX64.exe
[2013/08/24 15:15:21 | 000,161,074 | ---- | M] () -- C:\Users\Stoffel\Documents\cc_20130824_151511.reg
[2013/08/24 14:53:30 | 000,994,642 | ---- | M] () -- C:\Users\Stoffel\Desktop\adwcleaner.exe
[2013/08/24 14:15:23 | 000,418,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/24 13:58:52 | 001,452,788 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/08/22 23:15:45 | 000,000,149 | ---- | M] () -- C:\Users\Stoffel\.gitconfig
[2013/08/22 23:15:45 | 000,000,124 | ---- | M] () -- C:\Users\Stoffel\mercurial.ini
[2013/08/22 23:13:22 | 000,000,600 | ---- | M] () -- C:\Users\Stoffel\AppData\Roaming\winscp.rnd
 
========== Files Created - No Company Name ==========
 
[2013/08/24 19:18:55 | 000,002,378 | ---- | C] () -- C:\Users\Stoffel\Documents\MumbleAutomaticCertificateBackup.p12
[2013/08/24 15:30:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/24 15:17:48 | 003,814,400 | ---- | C] () -- C:\Users\Stoffel\Desktop\RogueKillerX64.exe
[2013/08/24 15:15:14 | 000,161,074 | ---- | C] () -- C:\Users\Stoffel\Documents\cc_20130824_151511.reg
[2013/08/24 14:55:28 | 000,994,642 | ---- | C] () -- C:\Users\Stoffel\Desktop\adwcleaner.exe
[2013/08/22 23:15:33 | 000,000,149 | ---- | C] () -- C:\Users\Stoffel\.gitconfig
[2013/08/22 23:15:33 | 000,000,124 | ---- | C] () -- C:\Users\Stoffel\mercurial.ini
[2013/01/27 00:52:07 | 000,000,860 | ---- | C] () -- C:\Users\Stoffel\.recently-used.xbel
[2012/10/19 19:28:09 | 000,000,066 | ---- | C] () -- C:\Windows\SysWow64\mvcli.ini
[2012/09/29 01:09:41 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/09/18 00:53:44 | 000,000,056 | ---- | C] () -- C:\Windows\uilib.INI
[2012/09/03 19:29:41 | 000,014,645 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat
[2012/04/21 15:06:01 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/04/21 15:06:01 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/04/21 15:06:01 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/04/21 15:06:01 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/04/21 15:06:01 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/04/21 15:06:01 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/04/21 15:06:01 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/04/21 15:06:01 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/04/21 15:06:01 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/04/21 15:06:01 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/04/21 15:06:01 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/04/21 15:06:01 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/04/21 15:06:01 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/04/21 15:06:01 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/04/21 15:06:01 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/04/21 15:06:01 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/04/15 02:40:40 | 000,010,105 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2012/04/15 02:40:32 | 002,857,336 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/04/15 02:32:14 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/04/15 01:48:20 | 000,000,600 | ---- | C] () -- C:\Users\Stoffel\AppData\Local\PUTTY.RND
[2012/04/14 02:13:19 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\MBSSM6.dll
[2012/04/13 16:00:48 | 001,452,788 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/13 15:56:53 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/13 15:55:47 | 000,000,600 | ---- | C] () -- C:\Users\Stoffel\AppData\Roaming\winscp.rnd
[2012/04/13 15:35:45 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012/04/13 15:32:11 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\CommCmd.dll
[2012/04/13 15:24:44 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011/11/21 19:47:40 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/08/25 02:53:32 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\.minecraft
[2013/08/25 16:03:27 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\.purple
[2013/04/10 09:19:32 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Armory
[2013/08/22 23:07:12 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Atlassian
[2013/07/19 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Beat Hazard
[2013/07/06 14:38:40 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Bitcoin
[2012/09/21 22:55:26 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\calibre
[2012/05/27 03:04:05 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\dBpoweramp
[2013/01/27 00:24:18 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\DisplayFusion
[2012/11/15 22:00:16 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Dropbox
[2012/06/16 16:32:12 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\EPSON
[2013/04/23 23:26:54 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\fltk.org
[2013/08/25 15:59:43 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\foobar2000
[2012/05/01 21:53:00 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Foxit Software
[2012/11/21 03:04:36 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\GHISLER
[2012/04/13 16:07:40 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\GlarySoft
[2012/10/20 22:14:51 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\gtk-2.0
[2012/07/28 17:37:01 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Hothead Games
[2012/09/29 01:06:57 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\ImgBurn
[2012/12/31 00:55:08 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Livestation
[2012/12/31 00:55:08 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Mchid
[2013/06/11 23:44:37 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Mp3tag
[2013/08/25 02:53:39 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Mumble
[2012/12/31 20:26:49 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Octoshape
[2012/04/14 23:46:25 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\OfficeRecovery
[2012/10/20 19:08:28 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Rainmeter
[2012/11/27 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Spotify
[2012/04/14 02:57:04 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\TagScanner
[2012/09/14 01:33:59 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Tenebril
[2012/04/13 15:56:00 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\TeraCopy
[2013/08/22 23:29:39 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\Unity
[2013/08/24 15:38:43 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\uTorrent
[2012/04/15 00:58:31 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\YoWindow
[2012/12/08 11:48:15 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\ZenBound2
 
========== Purity Check ==========
 
 
 
< End of report >
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}

    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

    IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

    IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

    IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

    IE - HKU\S-1-5-21-384163472-3497793350-581274558-1000\..\SearchScopes\{FA77F656-8D08-4DC9-8160-84E22417429F}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"

    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"

    FF - prefs.js..browser.search.selectedEngine: "Yahoo"

    FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com/?type=714647&fr=spigot-yhp-ff"

    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="

    [2012/11/06 09:19:24 | 000,214,034 | ---- | M] () (No name found) -- C:\Users\Stoffel\AppData\Roaming\Mozilla\Firefox\Profiles\k346xno4.default\extensions\putlockerdownloader@putlockerdownloader.com.xpi

    [2013/08/24 13:31:37 | 000,000,915 | ---- | M] () -- C:\Users\Stoffel\AppData\Roaming\Mozilla\Firefox\Profiles\k346xno4.default\searchplugins\yahoo.xml

    CHR - homepage: http://search.yahoo.com/?type=714647&fr=spigot-yhp-ch

    CHR - Extension: OneTab = C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.5_0\

    [2013/08/24 15:38:43 | 000,000,000 | ---D | M] -- C:\Users\Stoffel\AppData\Roaming\uTorrent

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
In your next reply, post the following log files:
  • OTL Fix log
  • Junkware Removal Tool log
  • AdwCleaner log
Link to post
Share on other sites
cadetpirx

cadetpirx

Posted
  • Author
Posted

Ok, logs pasted below. No change so far to Chrome homepage.

 

 

OTL (08262013_091433.txt)

 

 

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-384163472-3497793350-581274558-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_USERS\S-1-5-21-384163472-3497793350-581274558-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-384163472-3497793350-581274558-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-384163472-3497793350-581274558-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FA77F656-8D08-4DC9-8160-84E22417429F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA77F656-8D08-4DC9-8160-84E22417429F}\ not found.
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&ilc=12&type=714647" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: "http://search.yahoo....r=spigot-yhp-ff" removed from browser.startup.homepage
Prefs.js: "http://search.yahoo....&type=714647&p=" removed from keyword.URL
C:\Users\Stoffel\AppData\Roaming\Mozilla\Firefox\Profiles\k346xno4.default\extensions\putlockerdownloader@putlockerdownloader.com.xpi moved successfully.
C:\Users\Stoffel\AppData\Roaming\Mozilla\Firefox\Profiles\k346xno4.default\searchplugins\yahoo.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.5_0\images folder moved successfully.
C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall\1.5_0 folder moved successfully.
C:\Users\Stoffel\AppData\Roaming\uTorrent\updates folder moved successfully.
C:\Users\Stoffel\AppData\Roaming\uTorrent\share folder moved successfully.
C:\Users\Stoffel\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Stoffel\AppData\Roaming\uTorrent\Cache folder moved successfully.
C:\Users\Stoffel\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Stoffel\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stoffel\Desktop\cmd.bat deleted successfully.
C:\Users\Stoffel\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Stoffel
->Temp folder emptied: 325358 bytes
->Temporary Internet Files folder emptied: 7031 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 89595335 bytes
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134697 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 86.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 08262013_091433
 
Files\Folders moved on Reboot...
C:\Users\Stoffel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Stoffel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2124.log moved successfully.
C:\Windows\temp\hsperfdata_SHARDIK$\2096 moved successfully.
C:\Windows\temp\e4j4114.tmp_dir\exe4jlib.jar moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
JRT.txt
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Ultimate x64
Ran by Stoffel on Mon 08/26/2013 at  9:23:03.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 08/26/2013 at  9:26:31.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
AdwCleaner[s2].txt
 
 
# AdwCleaner v3.001 - Report created 26/08/2013 at 09:33:52
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Stoffel - SHARDIK
# Running from : C:\Users\Stoffel\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16618
 
 
-\\ Mozilla Firefox v11.0 (en-US)
 
[ File : C:\Users\Stoffel\AppData\Roaming\Mozilla\Firefox\Profiles\k346xno4.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Stoffel\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4874 octets] - [24/08/2013 14:56:22]
AdwCleaner[R1].txt - [4934 octets] - [24/08/2013 14:57:33]
AdwCleaner[R2].txt - [1066 octets] - [24/08/2013 15:03:47]
AdwCleaner[R3].txt - [1187 octets] - [24/08/2013 15:42:13]
AdwCleaner[R4].txt - [1247 octets] - [26/08/2013 09:31:41]
AdwCleaner[R5].txt - [1308 octets] - [26/08/2013 09:33:17]
AdwCleaner[s0].txt - [4822 octets] - [24/08/2013 14:58:53]
AdwCleaner[s1].txt - [1128 octets] - [24/08/2013 15:05:53]
AdwCleaner[s2].txt - [1229 octets] - [26/08/2013 09:33:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1289 octets] ##########
 
 
 
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.