Reply to thread

Message: <blockquote data-quote="nicklee123" data-source="post: 121229" data-attributes="member: 8202">OTL logfile created on: 5/18/2013 10:05:13 PM - Run 1OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\USER\Downloads64bit- Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 5.62 Gb Available Physical Memory | 70.64% Memory free15.90 Gb Paging File | 13.05 Gb Available in Paging File | 82.05% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 111.69 Gb Total Space | 38.35 Gb Free Space | 34.34% Space Free | Partition Type: NTFSDrive F: | 501.00 Gb Total Space | 448.68 Gb Free Space | 89.56% Space Free | Partition Type: NTFSDrive G: | 430.51 Gb Total Space | 373.20 Gb Free Space | 86.69% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: USER | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\USER\Downloads\OTL.exe (OldTimer Tools)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe (AVG Technologies CZ, s.r.o.)PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe (Symantec Corporation)PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe (Symantec Corporation)PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe (Symantec Corporation)PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()  ========== Modules (No Company Name) ========== MOD - C:\Users\USER\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()MOD - C:\Users\USER\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()MOD - C:\Users\USER\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()MOD - C:\Users\USER\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll ()MOD - C:\Users\USER\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()MOD - C:\Windows\SysWOW64\slc.dll ()MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()  ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)SRV - (wampapache) -- F:\Files\MSv117\Server\wamp\bin\apache\apache2.2.22\bin\httpd.exe (Apache Software Foundation)SRV - (wampmysqld) -- F:\Files\MSv117\Server\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe ()SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\ccSvcHst.exe (Symantec Corporation)SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.15.96\SymcPCCULaunchSvc.exe (Symantec Corporation)SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe (Symantec Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)  ========== Driver Services (SafeList) ========== DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1300000.080\ccSetx64.sys (Symantec Corporation)DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1300000.080\srtsp64.sys (Symantec Corporation)DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1300000.080\srtspx64.sys (Symantec Corporation)DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1300000.080\SymEFA64.sys (Symantec Corporation)DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1300000.080\SymDS64.sys (Symantec Corporation)DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1300000.080\Ironx64.sys (Symantec Corporation)DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1300000.080\symnets.sys (Symantec Corporation)DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130328.017\ex64.sys (Symantec Corporation)DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20130328.017\eng64.sys (Symantec Corporation)DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20130328.001\IDSviA64.sys (Symantec Corporation)DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)  ========== Standard Registry (SafeList) ==========  ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.good-results.info/?pid=724&r=2013/02/09&hid=1943644022&lg=EN&cc=MYIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/09&hid=1943644022&lg=EN&cc=MY IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=3e8572f500000000000050465d5029f2IE - HKCU\..\SearchScopes,DefaultScope = {F77ECD16-CDD7-43B5-A00F-1A24211976D4}IE - HKCU\..\SearchScopes\{235ADCD7-5684-4DBD-9BA0-6B64B9503688}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281348&CUI=UN82447749255853220IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.good-results.info/?l=1&q={searchTerms}&pid=724&r=2013/02/09&hid=1943644022&lg=EN&cc=MYIE - HKCU\..\SearchScopes\{F77ECD16-CDD7-43B5-A00F-1A24211976D4}: "URL" = http://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=3e8572f500000000000050465d5029f2&q={searchTerms}&r=20IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not foundFF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\USER\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\USER\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2013/05/18 20:28:09 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013/01/27 14:51:36 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/01/27 15:08:30 | 000,000,000 | ---D | M] [2013/05/13 21:35:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\Mozilla\Extensions[2013/02/10 22:27:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\Mozilla\Firefox\extensions[2013/02/10 22:27:18 | 000,000,000 | ---D | M] (BrotherSoft Extreme2 B1) -- C:\Users\USER\AppData\Roaming\Mozilla\Firefox\extensions\{94193c2f-e73f-4feb-b393-2b95f0a01430} ========== Chrome  ========== CHR - default_search_provider: Conduit (Enabled)CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&cui=UN29705301111671917&ctid=CT3281348CHR - default_search_provider: suggest_url = CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\USER\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Users\USER\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\USER\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dllCHR - plugin: Norton Confidential (Enabled) = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\npcoplgn.dllCHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp\10.14.40.128_0\plugins/ConduitChromeApiPlugin.dllCHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jndeiekmdhemaggmkgljlpdeaomeplbp\10.14.40.128_0\plugins/np-cwmp.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLCHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLLCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dllCHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dllCHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dllCHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dllCHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dllCHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllCHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllCHR - plugin: Google Update (Enabled) = C:\Users\USER\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dllCHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\CHR - Extension: NJStar Chromate - NJStar Communicator Plugin for Chrome = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlklhlmekdhcfmndodpbjmgpepoeiiaf\3.0.2_0\CHR - Extension: Norton Identity Protection = C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\6.0.2_0\ O1 HOSTS File: ([2013/05/13 10:15:11 | 000,001,124 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: 127.0.0.1       localhostO1 - Hosts: 178.73.210.219 thepiratebay.seO1 - Hosts: 178.73.210.219 www.thepiratebay.seO1 - Hosts: 178.73.210.219 thepiratebay.orgO1 - Hosts: 178.73.210.219 www.thepiratebay.orgO1 - Hosts: 127.0.0.1       localhostO2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)O2:64bit: - BHO: (NJStarBHO Class) - {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files (x86)\NJStar Communicator\X64\NJStarBHO64.dll (NJStar Software Corp.)O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.dll (Symantec Corporation)O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not foundO2 - BHO: (Browse2save) - {CD6471CC-0B6F-7416-BF02-A19E3EFE6867} - C:\ProgramData\Browse2save\5115a37bc2fed.dll ()O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (NJStarBHO Class) - {E74F179F-F6CC-4BE0-9638-DEA49583953F} - C:\Program Files (x86)\NJStar Communicator\NJStarBHO32.dll (NJStar Software Corp.)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll (Symantec Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\CoIEPlg.dll (Symantec Corporation)O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)O4 - HKCU..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent File not foundO4 - HKCU..\Run: [RGSC] G:\Rockstar Games Social Club\RGSCLauncher.exe /silent File not foundO4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not foundO9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not foundO10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Reg Error: Key error.)O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Reg Error: Key error.)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2EA2588-2268-43B3-9284-B23AFF33FA39}: DhcpNameServer = 192.168.0.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not foundO18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not foundO20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not foundO20 - HKLM Winlogon: Shell - (explorer.exe) -  File not foundO20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not foundO20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not foundO20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not foundO29 - HKLM SecurityProviders - (credssp.dll) -  File not foundO32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\I\Shell - "" = AutoRunO33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exeO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/05/17 19:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CamStudio 2.7[2013/05/15 19:32:56 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\MapleStorySEA2[2013/05/15 10:01:18 | 000,000,000 | ---D | C] -- C:\FRST[2013/05/15 09:41:48 | 001,877,416 | ---- | C] (Farbar) -- C:\Users\USER\Desktop\FRST64.exe[2013/05/13 22:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro[2013/05/13 22:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro[2013/05/13 22:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro[2013/05/13 22:16:26 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Malwarebytes[2013/05/13 22:16:24 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/05/13 22:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/05/13 22:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/05/13 22:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/05/13 10:43:33 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\NetBeansProjects[2013/05/13 10:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\glassfish-3.1.2.2[2013/05/13 10:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL[2013/05/13 10:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans[2013/05/13 10:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.2.1[2013/05/13 10:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer[2013/05/12 23:22:30 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NJStar Communicator[2013/05/12 23:22:30 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\NJStar[2013/05/12 23:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NJStar Communicator[2013/05/12 23:22:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NJStar Communicator[2013/05/11 17:53:26 | 000,000,000 | ---D | C] -- C:\Users\USER\Documents\Aspyr[2013/05/11 17:53:26 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Aspyr[2013/05/11 17:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CiB Net Station[2013/05/02 22:03:23 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\LucidMS[2013/04/27 13:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype ========== Files - Modified Within 30 Days ========== [2013/05/18 21:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/05/18 21:31:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-724282407-2882856877-638782303-1000UA.job[2013/05/18 20:35:14 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/05/18 20:35:14 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/05/18 20:33:38 | 000,779,016 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/05/18 20:33:38 | 000,651,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/05/18 20:33:38 | 000,120,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/05/18 20:28:11 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_USER.job[2013/05/18 20:28:08 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job[2013/05/18 20:28:05 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\Start Registry Reviver for USER-PC@USER(logon).job[2013/05/18 20:28:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/05/18 20:28:01 | 2108,239,871 | -HS- | M] () -- C:\hiberfil.sys[2013/05/17 22:31:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-724282407-2882856877-638782303-1000Core.job[2013/05/17 19:58:00 | 000,000,362 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_USER.job[2013/05/17 19:31:44 | 000,004,510 | ---- | M] () -- C:\Users\USER\AppData\Roaming\CamStudio.cfg[2013/05/17 19:31:44 | 000,000,408 | ---- | M] () -- C:\Users\USER\AppData\Roaming\CamShapes.ini[2013/05/17 19:31:44 | 000,000,408 | ---- | M] () -- C:\Users\USER\AppData\Roaming\CamLayout.ini[2013/05/17 19:31:44 | 000,000,046 | ---- | M] () -- C:\Users\USER\AppData\Roaming\Camdata.ini[2013/05/15 10:52:13 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/05/15 10:52:13 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/05/15 09:42:00 | 001,877,416 | ---- | M] (Farbar) -- C:\Users\USER\Desktop\FRST64.exe[2013/05/13 22:38:08 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys[2013/05/13 22:27:08 | 000,002,220 | ---- | M] () -- C:\Windows\SysNative\.crusader[2013/05/13 22:23:48 | 000,001,895 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk[2013/05/13 14:17:10 | 000,270,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/05/13 10:37:30 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 7.2.1.lnk[2013/05/12 23:22:29 | 000,001,103 | ---- | M] () -- C:\Users\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\NJStar Communicator.lnk[2013/05/12 23:22:29 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\NJStar Communicator.lnk[2013/05/11 19:07:39 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job[2013/05/07 09:30:00 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_USER.job[2013/04/26 21:39:20 | 000,001,367 | ---- | M] () -- C:\Users\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2013/04/26 20:55:50 | 000,764,572 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== Files Created - No Company Name ========== [2013/05/17 19:31:44 | 000,004,510 | ---- | C] () -- C:\Users\USER\AppData\Roaming\CamStudio.cfg[2013/05/17 19:31:44 | 000,000,408 | ---- | C] () -- C:\Users\USER\AppData\Roaming\CamShapes.ini[2013/05/17 19:31:44 | 000,000,408 | ---- | C] () -- C:\Users\USER\AppData\Roaming\CamLayout.ini[2013/05/17 19:31:44 | 000,000,046 | ---- | C] () -- C:\Users\USER\AppData\Roaming\Camdata.ini[2013/05/13 22:38:08 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys[2013/05/13 22:27:08 | 000,002,220 | ---- | C] () -- C:\Windows\SysNative\.crusader[2013/05/13 22:23:48 | 000,001,895 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk[2013/05/13 10:37:30 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 7.2.1.lnk[2013/05/12 23:22:29 | 000,001,103 | ---- | C] () -- C:\Users\USER\Application Data\Microsoft\Internet Explorer\Quick Launch\NJStar Communicator.lnk[2013/05/12 23:22:29 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\NJStar Communicator.lnk[2013/04/19 21:03:40 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk[2013/04/10 11:04:03 | 000,001,168 | ---- | C] () -- C:\Windows\FOE2.ini[2013/03/02 16:00:53 | 000,000,043 | ---- | C] () -- C:\Users\USER\jagex_cl_oldschool_LIVE.dat[2013/02/24 18:50:07 | 000,000,044 | ---- | C] () -- C:\Users\USER\jagex_cl_runescape_LIVE1.dat[2013/02/24 18:39:08 | 000,000,043 | ---- | C] () -- C:\Users\USER\jagex_cl_runescape_LIVE.dat[2013/02/24 18:39:08 | 000,000,024 | ---- | C] () -- C:\Users\USER\random.dat[2013/02/24 18:38:59 | 000,000,024 | ---- | C] () -- C:\Users\USER\jagexappletviewer.preferences[2013/01/28 12:40:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2013/01/28 12:39:44 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2013/01/28 12:39:44 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2013/01/28 12:39:44 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat[2013/01/27 15:11:39 | 000,764,572 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/01/27 14:47:10 | 012,978,688 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll[2013/01/27 14:47:10 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin[2013/01/27 14:47:10 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin[2013/01/27 14:47:10 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2013/01/27 14:42:54 | 000,051,978 | ---- | C] () -- C:\Windows\Ascd_log.ini[2013/01/27 14:42:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini[2013/01/27 14:41:58 | 000,036,411 | ---- | C] () -- C:\Windows\Ascd_tmp.ini[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll[2012/02/02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2010/11/21 11:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2010/11/21 11:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/02/03 19:43:01 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\2K Sports[2005/04/08 10:16:43 | 000,000,000 | -H-D | M] -- C:\Users\USER\AppData\Roaming\3E8572F5[2013/01/28 14:19:38 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Assassin's Creed III[2013/02/24 15:40:11 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\AVG2013[2013/04/13 14:46:04 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\BANDISOFT[2013/02/03 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DAEMON Tools Lite[2013/03/06 18:23:31 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DAEMON Tools Pro[2013/03/27 19:20:10 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\DragonicaECB[2013/03/06 18:27:42 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\FileOpen[2013/01/28 19:00:26 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Mael[2013/05/13 10:39:45 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\MySQL[2013/02/09 09:26:42 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\NCdownloader[2013/05/13 10:42:51 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\NetBeans[2013/03/06 18:27:42 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Nitro[2013/05/12 23:22:30 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\NJStar[2013/03/06 18:22:49 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\OpenCandy[2013/05/14 17:14:27 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\SoftGrid Client[2013/01/30 21:41:32 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Subversion[2013/04/19 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TeamViewer[2013/02/09 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\Theta[2013/01/27 15:11:53 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TP[2013/02/24 15:39:37 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\TuneUp Software[2013/05/11 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\USER\AppData\Roaming\uTorrent ========== Purity Check ==========   ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin    :D" loading="lazy" data-shortname=":D" />1B5B4F1< End of report ></blockquote>

Verification

Top