OTL LOG
OTL logfile created on: 5/6/2013 8:13:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nathan\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.90 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 42.11% Memory free
5.80 Gb Paging File | 3.54 Gb Available in Paging File | 61.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 448.47 Gb Total Space | 376.57 Gb Free Space | 83.97% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 0.92 Gb Free Space | 6.15% Space Free | Partition Type: FAT32
Drive F: | 1.99 Gb Total Space | 1.96 Gb Free Space | 98.84% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Computer Name: NATHANS-LAPTOP | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Nathan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\5cf7fcba96db2ec632eda5e52fc373da\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\56b5e47c9cfbdf44d230853cf87fab5a\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Users\Nathan\AppData\Roaming\drent.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe (IDT, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Driver Services (SafeList) ==========
DRV - (TotRec8) -- C:\Windows\System32\drivers\TotRec8.sys (High Criteria inc.)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC)
DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111004.030\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111004.021\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111004.021\NAVENG.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (BTMUSB) -- C:\Windows\System32\drivers\btmusb.sys (Motorola, Inc.)
DRV - (BTMNET) -- C:\Windows\System32\drivers\btmnet.sys (Motorola, Inc.)
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D2AFE21D-6DDC-492E-9987-7FE9DADD4385}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enAU447
IE - HKCU\..\SearchScopes\{C076212A-D3FD-4EF4-A144-BE97B75732A5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=5J&apn_dtid=YYYYYYYYAU&apn_uid=385205e7-b57b-44ce-b38c-db9780c28260&apn_sauid=D90BA786-986F-4062-B1D4-ADBC1CB2162E
IE - HKCU\..\SearchScopes\{D2AFE21D-6DDC-492E-9987-7FE9DADD4385}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.2.1.5:8080
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.48.6: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/30 13:04:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_12_1 [2013/05/06 18:46:23 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&tbp=homepage
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&tbp=homepage
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [drent] C:\Users\Nathan\AppData\Roaming\drent.dll ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [mosit] C:\Users\Nathan\AppData\Roaming\mosit.dll (SiliconMotion)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [sedgf] C:\Users\Nathan\AppData\Roaming\sedgf.dll (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Opupmewa] C:\Users\Nathan\AppData\Roaming\Moxu\niakf.exe ()
O4 - HKCU..\Run: [Ovmeipodek] C:\Users\Nathan\AppData\Roaming\Rykua\etiqy.exe ()
O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C474A887-AC2D-4C69-A8B3-6D3BD482EBBC}: DhcpNameServer = 10.2.20.10 10.2.21.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEA37B9C-85A2-4B25-8B3B-03082B66B217}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/04 19:45:44 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\ezvid
[2013/05/04 19:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\ezvid
[2013/05/04 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Programs
[2013/05/04 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\{095EFD83-13C7-464A-A216-60D821D2D01C}
[2013/05/03 19:56:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\{CA5D3EBE-CB80-48B1-B725-D3B8DA1A2364}
[2013/04/17 19:39:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/04/17 19:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013/04/11 06:31:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/04/11 06:31:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/04/11 06:31:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/04/11 06:31:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/04/11 06:31:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/04/11 06:31:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/04/11 06:31:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/04/11 06:30:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/04/10 08:06:15 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/04/10 08:06:10 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2013/04/10 08:06:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2013/04/10 08:06:05 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/04/10 08:06:05 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/04/10 08:06:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2012/12/20 11:05:35 | 000,290,816 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\Users\Nathan\AppData\Roaming\sedgf.dll
[2012/12/20 11:05:05 | 000,601,088 | ---- | C] (SiliconMotion) -- C:\Users\Nathan\AppData\Roaming\mosit.dll
[2012/12/20 11:04:16 | 000,165,376 | ---- | C] (Donkey) -- C:\Users\Nathan\AppData\Roaming\windw.dll
========== Files - Modified Within 30 Days ==========
[2013/05/06 20:16:11 | 000,006,525 | ---- | M] () -- C:\Users\Nathan\AppData\Local\3d9f906e-fc35-40e6-919c-4cd324017d36.crx
[2013/05/06 20:14:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/06 20:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/06 20:07:25 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 20:07:25 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 19:37:05 | 000,631,496 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/05/06 19:37:05 | 000,111,588 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/05/06 19:35:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/06 18:46:20 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/06 18:46:10 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/05 22:35:56 | 000,131,944 | ---- | M] () -- C:\Users\Nathan\Desktop\guide pic.jpg
[2013/05/04 19:59:27 | 000,002,792 | ---- | M] () -- C:\Users\Nathan\Desktop\EPISODE 4 FINAL PROJECT USE THIS.wlmp
[2013/05/04 19:18:38 | 1832,351,659 | ---- | M] () -- C:\Users\Nathan\Desktop\Episode 4 FINAL.wmv
[2013/05/03 23:19:11 | 000,002,768 | ---- | M] () -- C:\Users\Nathan\Desktop\EPISODE 4.wlmp
[2013/05/03 23:11:48 | 1830,862,942 | ---- | M] () -- C:\Users\Nathan\Desktop\Episode 4- Creeks.wmv
[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2013/05/01 19:44:05 | 000,081,587 | ---- | M] () -- C:\Users\Nathan\Desktop\lol.png
[2013/04/30 10:48:11 | 000,048,103 | ---- | M] () -- C:\Users\Nathan\Desktop\f1020[1].jpg
[2013/04/28 17:36:35 | 000,038,077 | ---- | M] () -- C:\Users\Nathan\Desktop\f850[1].jpg
[2013/04/28 17:07:24 | 000,023,790 | ---- | M] () -- C:\Users\Nathan\Desktop\$(KGrHqIOKosFFz43uMFiBRdL0GrzPw~~60_12[1].jpg
[2013/04/28 17:04:12 | 000,037,773 | ---- | M] () -- C:\Users\Nathan\Desktop\$T2eC16R,!)cE9s4PtHWdBRLFByvUkg~~60_12[1].jpg
[2013/04/27 23:31:09 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForNathan.job
[2013/04/27 21:02:54 | 000,000,282 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_UPDATES.job
[2013/04/25 17:05:09 | 000,155,600 | ---- | M] () -- C:\Users\Nathan\Desktop\guide pic 2.jpg
[2013/04/19 22:06:32 | 000,016,062 | ---- | M] () -- C:\Users\Nathan\Desktop\Best Carch Tooth!.jpg
[2013/04/19 17:21:00 | 000,338,789 | ---- | M] () -- C:\Users\Nathan\Desktop\Crinoids.jpg
[2013/04/17 20:48:10 | 000,000,266 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2013/04/17 19:39:33 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/04/16 15:33:18 | 000,095,288 | ---- | M] () -- C:\Users\Nathan\Desktop\JurassicBanner[1].jpg
[2013/04/15 16:50:55 | 004,301,348 | ---- | M] () -- C:\Users\Nathan\Desktop\Promises- Skrillex Remix.mp3
[2013/04/15 16:50:46 | 004,512,973 | ---- | M] () -- C:\Users\Nathan\Desktop\Levels- Skrillex Remix.mp3
[2013/04/15 16:48:20 | 003,124,721 | ---- | M] () -- C:\Users\Nathan\Desktop\Let The Bass Kick.mp3
[2013/04/15 16:48:01 | 012,089,822 | ---- | M] () -- C:\Users\Nathan\Desktop\Summit.mp3
[2013/04/15 16:11:58 | 003,381,708 | ---- | M] () -- C:\Users\Nathan\Desktop\Father Said.mp3
[2013/04/12 07:26:43 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/11 12:53:38 | 000,409,760 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/04/07 07:13:51 | 000,011,207 | ---- | M] () -- C:\Users\Nathan\Desktop\244376_1282574945[1].jpg
========== Files Created - No Company Name ==========
[2013/05/04 19:58:09 | 000,002,792 | ---- | C] () -- C:\Users\Nathan\Desktop\EPISODE 4 FINAL PROJECT USE THIS.wlmp
[2013/05/04 18:00:32 | 1832,351,659 | ---- | C] () -- C:\Users\Nathan\Desktop\Episode 4 FINAL.wmv
[2013/05/03 23:19:11 | 000,002,768 | ---- | C] () -- C:\Users\Nathan\Desktop\EPISODE 4.wlmp
[2013/05/03 22:00:20 | 1830,862,942 | ---- | C] () -- C:\Users\Nathan\Desktop\Episode 4- Creeks.wmv
[2013/05/01 19:44:05 | 000,081,587 | ---- | C] () -- C:\Users\Nathan\Desktop\lol.png
[2013/04/28 17:35:35 | 000,038,077 | ---- | C] () -- C:\Users\Nathan\Desktop\f850[1].jpg
[2013/04/28 17:30:03 | 000,048,103 | ---- | C] () -- C:\Users\Nathan\Desktop\f1020[1].jpg
[2013/04/28 17:04:49 | 000,023,790 | ---- | C] () -- C:\Users\Nathan\Desktop\$(KGrHqIOKosFFz43uMFiBRdL0GrzPw~~60_12[1].jpg
[2013/04/28 17:01:59 | 000,037,773 | ---- | C] () -- C:\Users\Nathan\Desktop\$T2eC16R,!)cE9s4PtHWdBRLFByvUkg~~60_12[1].jpg
[2013/04/25 17:05:09 | 000,155,600 | ---- | C] () -- C:\Users\Nathan\Desktop\guide pic 2.jpg
[2013/04/25 16:55:15 | 000,131,944 | ---- | C] () -- C:\Users\Nathan\Desktop\guide pic.jpg
[2013/04/19 22:06:31 | 000,016,062 | ---- | C] () -- C:\Users\Nathan\Desktop\Best Carch Tooth!.jpg
[2013/04/19 17:20:14 | 000,338,789 | ---- | C] () -- C:\Users\Nathan\Desktop\Crinoids.jpg
[2013/04/17 19:39:33 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/04/17 19:39:32 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013/04/16 15:32:10 | 000,095,288 | ---- | C] () -- C:\Users\Nathan\Desktop\JurassicBanner[1].jpg
[2013/04/15 16:08:22 | 003,381,708 | ---- | C] () -- C:\Users\Nathan\Desktop\Father Said.mp3
[2013/04/15 16:01:10 | 004,512,973 | ---- | C] () -- C:\Users\Nathan\Desktop\Levels- Skrillex Remix.mp3
[2013/04/15 15:58:01 | 004,301,348 | ---- | C] () -- C:\Users\Nathan\Desktop\Promises- Skrillex Remix.mp3
[2013/04/07 07:08:00 | 000,011,207 | ---- | C] () -- C:\Users\Nathan\Desktop\244376_1282574945[1].jpg
[2013/03/17 21:33:59 | 000,160,768 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\drent.dll
[2013/03/02 22:35:31 | 000,001,030 | ---- | C] () -- C:\Users\Nathan\3206055.exe
[2012/12/20 11:05:14 | 000,006,525 | ---- | C] () -- C:\Users\Nathan\AppData\Local\3d9f906e-fc35-40e6-919c-4cd324017d36.crx
[2012/09/28 08:08:06 | 000,006,523 | ---- | C] () -- C:\Users\Nathan\AppData\Local\chromeupdate.crx
[2012/09/13 20:46:45 | 000,380,928 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2012/01/11 22:34:11 | 000,098,304 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\skype.dat
[2011/09/01 18:13:48 | 000,040,448 | ---- | C] () -- C:\windows\System32\REGOBJ.DLL
[2011/08/05 17:40:48 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7AF8E60013.sys
[2011/08/05 17:40:43 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
========== ZeroAccess Check ==========
[2013/05/06 17:40:41 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\@
[2013/05/06 17:40:41 | 000,115,200 | -HS- | M] (Корпорация Майкрософт) -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\n
[2012/09/28 08:07:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\L
[2013/05/06 18:24:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U
[2013/05/06 18:24:24 | 000,000,928 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\00000001.@
[2012/10/28 14:16:12 | 000,011,776 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\80000000.@
[2013/05/06 17:40:47 | 000,022,016 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\800000cb.@
[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/01/25 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Afeb
[2013/04/03 15:35:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Audacity
[2012/09/06 21:23:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Canon
[2012/12/16 07:29:14 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\dll-files.com
[2013/04/02 16:48:49 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Free Sound Recorder
[2013/03/11 06:53:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\FunnyGames
[2012/05/22 09:19:37 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ICAClient
[2013/01/25 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Moxu
[2013/04/04 05:59:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Moys
[2013/04/09 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Origs
[2013/04/02 16:12:42 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Recordpad
[2013/05/06 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Rykua
[2012/05/22 09:11:43 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\TeamViewer
[2012/09/28 08:29:41 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Tific
[2013/04/01 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\TotalRecorder
[2013/05/06 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Udtili
========== Purity Check ==========
< End of report >
Pretty much said all the info above, although i will say that when the lock screen first appeared i was so terrified!!!!!!!!!!!! Thought my life was officially over...
I know it's a virus now but the shock still hasn't worn off yet
Thanks for your help i appreciate it!!!!!!!!![/u]
EDIT*- SORRY I POSTED THE TOPIC TWICE, I THOUGHT IT DIDNT WORK THE FIRST TIME AS IT DIDNT SHOW UP IN THE THREADS LIST STRAIGHT AWAY
OTL logfile created on: 5/6/2013 8:13:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nathan\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy
2.90 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 42.11% Memory free
5.80 Gb Paging File | 3.54 Gb Available in Paging File | 61.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 448.47 Gb Total Space | 376.57 Gb Free Space | 83.97% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 0.92 Gb Free Space | 6.15% Space Free | Partition Type: FAT32
Drive F: | 1.99 Gb Total Space | 1.96 Gb Free Space | 98.84% Space Free | Partition Type: FAT32
Unable to calculate disk information.
Computer Name: NATHANS-LAPTOP | User Name: Nathan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Nathan\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\5cf7fcba96db2ec632eda5e52fc373da\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\56b5e47c9cfbdf44d230853cf87fab5a\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Users\Nathan\AppData\Roaming\drent.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
========== Services (SafeList) ==========
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe (IDT, Inc.)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Driver Services (SafeList) ==========
DRV - (TotRec8) -- C:\Windows\System32\drivers\TotRec8.sys (High Criteria inc.)
DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC)
DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx86.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111004.030\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111004.021\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111004.021\NAVENG.SYS (Symantec Corporation)
DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (BTMUSB) -- C:\Windows\System32\drivers\btmusb.sys (Motorola, Inc.)
DRV - (BTMNET) -- C:\Windows\System32\drivers\btmnet.sys (Motorola, Inc.)
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D2AFE21D-6DDC-492E-9987-7FE9DADD4385}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enAU447
IE - HKCU\..\SearchScopes\{C076212A-D3FD-4EF4-A144-BE97B75732A5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=5J&apn_dtid=YYYYYYYYAU&apn_uid=385205e7-b57b-44ce-b38c-db9780c28260&apn_sauid=D90BA786-986F-4062-B1D4-ADBC1CB2162E
IE - HKCU\..\SearchScopes\{D2AFE21D-6DDC-492E-9987-7FE9DADD4385}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.2.1.5:8080
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.48.6: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/30 13:04:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_12_1 [2013/05/06 18:46:23 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&tbp=homepage
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google
riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&tbp=homepage
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [drent] C:\Users\Nathan\AppData\Roaming\drent.dll ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [mosit] C:\Users\Nathan\AppData\Roaming\mosit.dll (SiliconMotion)
O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [sedgf] C:\Users\Nathan\AppData\Roaming\sedgf.dll (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Opupmewa] C:\Users\Nathan\AppData\Roaming\Moxu\niakf.exe ()
O4 - HKCU..\Run: [Ovmeipodek] C:\Users\Nathan\AppData\Roaming\Rykua\etiqy.exe ()
O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0 File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C474A887-AC2D-4C69-A8B3-6D3BD482EBBC}: DhcpNameServer = 10.2.20.10 10.2.21.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEA37B9C-85A2-4B25-8B3B-03082B66B217}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/05/04 19:45:44 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\ezvid
[2013/05/04 19:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\ezvid
[2013/05/04 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Programs
[2013/05/04 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\{095EFD83-13C7-464A-A216-60D821D2D01C}
[2013/05/03 19:56:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\{CA5D3EBE-CB80-48B1-B725-D3B8DA1A2364}
[2013/04/17 19:39:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2013/04/17 19:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
[2013/04/11 06:31:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2013/04/11 06:31:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013/04/11 06:31:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013/04/11 06:31:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2013/04/11 06:31:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2013/04/11 06:31:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2013/04/11 06:31:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013/04/11 06:30:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013/04/10 08:06:15 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2013/04/10 08:06:10 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2013/04/10 08:06:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2013/04/10 08:06:05 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2013/04/10 08:06:05 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2013/04/10 08:06:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll
[2012/12/20 11:05:35 | 000,290,816 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\Users\Nathan\AppData\Roaming\sedgf.dll
[2012/12/20 11:05:05 | 000,601,088 | ---- | C] (SiliconMotion) -- C:\Users\Nathan\AppData\Roaming\mosit.dll
[2012/12/20 11:04:16 | 000,165,376 | ---- | C] (Donkey) -- C:\Users\Nathan\AppData\Roaming\windw.dll
========== Files - Modified Within 30 Days ==========
[2013/05/06 20:16:11 | 000,006,525 | ---- | M] () -- C:\Users\Nathan\AppData\Local\3d9f906e-fc35-40e6-919c-4cd324017d36.crx
[2013/05/06 20:14:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/06 20:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/05/06 20:07:25 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 20:07:25 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/06 19:37:05 | 000,631,496 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013/05/06 19:37:05 | 000,111,588 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013/05/06 19:35:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/06 18:46:20 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/06 18:46:10 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/05 22:35:56 | 000,131,944 | ---- | M] () -- C:\Users\Nathan\Desktop\guide pic.jpg
[2013/05/04 19:59:27 | 000,002,792 | ---- | M] () -- C:\Users\Nathan\Desktop\EPISODE 4 FINAL PROJECT USE THIS.wlmp
[2013/05/04 19:18:38 | 1832,351,659 | ---- | M] () -- C:\Users\Nathan\Desktop\Episode 4 FINAL.wmv
[2013/05/03 23:19:11 | 000,002,768 | ---- | M] () -- C:\Users\Nathan\Desktop\EPISODE 4.wlmp
[2013/05/03 23:11:48 | 1830,862,942 | ---- | M] () -- C:\Users\Nathan\Desktop\Episode 4- Creeks.wmv
[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2013/05/01 19:44:05 | 000,081,587 | ---- | M] () -- C:\Users\Nathan\Desktop\lol.png
[2013/04/30 10:48:11 | 000,048,103 | ---- | M] () -- C:\Users\Nathan\Desktop\f1020[1].jpg
[2013/04/28 17:36:35 | 000,038,077 | ---- | M] () -- C:\Users\Nathan\Desktop\f850[1].jpg
[2013/04/28 17:07:24 | 000,023,790 | ---- | M] () -- C:\Users\Nathan\Desktop\$(KGrHqIOKosFFz43uMFiBRdL0GrzPw~~60_12[1].jpg
[2013/04/28 17:04:12 | 000,037,773 | ---- | M] () -- C:\Users\Nathan\Desktop\$T2eC16R,!)cE9s4PtHWdBRLFByvUkg~~60_12[1].jpg
[2013/04/27 23:31:09 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForNathan.job
[2013/04/27 21:02:54 | 000,000,282 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_UPDATES.job
[2013/04/25 17:05:09 | 000,155,600 | ---- | M] () -- C:\Users\Nathan\Desktop\guide pic 2.jpg
[2013/04/19 22:06:32 | 000,016,062 | ---- | M] () -- C:\Users\Nathan\Desktop\Best Carch Tooth!.jpg
[2013/04/19 17:21:00 | 000,338,789 | ---- | M] () -- C:\Users\Nathan\Desktop\Crinoids.jpg
[2013/04/17 20:48:10 | 000,000,266 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_MONTHLY.job
[2013/04/17 19:39:33 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/04/16 15:33:18 | 000,095,288 | ---- | M] () -- C:\Users\Nathan\Desktop\JurassicBanner[1].jpg
[2013/04/15 16:50:55 | 004,301,348 | ---- | M] () -- C:\Users\Nathan\Desktop\Promises- Skrillex Remix.mp3
[2013/04/15 16:50:46 | 004,512,973 | ---- | M] () -- C:\Users\Nathan\Desktop\Levels- Skrillex Remix.mp3
[2013/04/15 16:48:20 | 003,124,721 | ---- | M] () -- C:\Users\Nathan\Desktop\Let The Bass Kick.mp3
[2013/04/15 16:48:01 | 012,089,822 | ---- | M] () -- C:\Users\Nathan\Desktop\Summit.mp3
[2013/04/15 16:11:58 | 003,381,708 | ---- | M] () -- C:\Users\Nathan\Desktop\Father Said.mp3
[2013/04/12 07:26:43 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/11 12:53:38 | 000,409,760 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013/04/07 07:13:51 | 000,011,207 | ---- | M] () -- C:\Users\Nathan\Desktop\244376_1282574945[1].jpg
========== Files Created - No Company Name ==========
[2013/05/04 19:58:09 | 000,002,792 | ---- | C] () -- C:\Users\Nathan\Desktop\EPISODE 4 FINAL PROJECT USE THIS.wlmp
[2013/05/04 18:00:32 | 1832,351,659 | ---- | C] () -- C:\Users\Nathan\Desktop\Episode 4 FINAL.wmv
[2013/05/03 23:19:11 | 000,002,768 | ---- | C] () -- C:\Users\Nathan\Desktop\EPISODE 4.wlmp
[2013/05/03 22:00:20 | 1830,862,942 | ---- | C] () -- C:\Users\Nathan\Desktop\Episode 4- Creeks.wmv
[2013/05/01 19:44:05 | 000,081,587 | ---- | C] () -- C:\Users\Nathan\Desktop\lol.png
[2013/04/28 17:35:35 | 000,038,077 | ---- | C] () -- C:\Users\Nathan\Desktop\f850[1].jpg
[2013/04/28 17:30:03 | 000,048,103 | ---- | C] () -- C:\Users\Nathan\Desktop\f1020[1].jpg
[2013/04/28 17:04:49 | 000,023,790 | ---- | C] () -- C:\Users\Nathan\Desktop\$(KGrHqIOKosFFz43uMFiBRdL0GrzPw~~60_12[1].jpg
[2013/04/28 17:01:59 | 000,037,773 | ---- | C] () -- C:\Users\Nathan\Desktop\$T2eC16R,!)cE9s4PtHWdBRLFByvUkg~~60_12[1].jpg
[2013/04/25 17:05:09 | 000,155,600 | ---- | C] () -- C:\Users\Nathan\Desktop\guide pic 2.jpg
[2013/04/25 16:55:15 | 000,131,944 | ---- | C] () -- C:\Users\Nathan\Desktop\guide pic.jpg
[2013/04/19 22:06:31 | 000,016,062 | ---- | C] () -- C:\Users\Nathan\Desktop\Best Carch Tooth!.jpg
[2013/04/19 17:20:14 | 000,338,789 | ---- | C] () -- C:\Users\Nathan\Desktop\Crinoids.jpg
[2013/04/17 19:39:33 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk
[2013/04/17 19:39:32 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
[2013/04/16 15:32:10 | 000,095,288 | ---- | C] () -- C:\Users\Nathan\Desktop\JurassicBanner[1].jpg
[2013/04/15 16:08:22 | 003,381,708 | ---- | C] () -- C:\Users\Nathan\Desktop\Father Said.mp3
[2013/04/15 16:01:10 | 004,512,973 | ---- | C] () -- C:\Users\Nathan\Desktop\Levels- Skrillex Remix.mp3
[2013/04/15 15:58:01 | 004,301,348 | ---- | C] () -- C:\Users\Nathan\Desktop\Promises- Skrillex Remix.mp3
[2013/04/07 07:08:00 | 000,011,207 | ---- | C] () -- C:\Users\Nathan\Desktop\244376_1282574945[1].jpg
[2013/03/17 21:33:59 | 000,160,768 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\drent.dll
[2013/03/02 22:35:31 | 000,001,030 | ---- | C] () -- C:\Users\Nathan\3206055.exe
[2012/12/20 11:05:14 | 000,006,525 | ---- | C] () -- C:\Users\Nathan\AppData\Local\3d9f906e-fc35-40e6-919c-4cd324017d36.crx
[2012/09/28 08:08:06 | 000,006,523 | ---- | C] () -- C:\Users\Nathan\AppData\Local\chromeupdate.crx
[2012/09/13 20:46:45 | 000,380,928 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2012/01/11 22:34:11 | 000,098,304 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\skype.dat
[2011/09/01 18:13:48 | 000,040,448 | ---- | C] () -- C:\windows\System32\REGOBJ.DLL
[2011/08/05 17:40:48 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7AF8E60013.sys
[2011/08/05 17:40:43 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
========== ZeroAccess Check ==========
[2013/05/06 17:40:41 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\@
[2013/05/06 17:40:41 | 000,115,200 | -HS- | M] (Корпорация Майкрософт) -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\n
[2012/09/28 08:07:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\L
[2013/05/06 18:24:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U
[2013/05/06 18:24:24 | 000,000,928 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\00000001.@
[2012/10/28 14:16:12 | 000,011,776 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\80000000.@
[2013/05/06 17:40:47 | 000,022,016 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\800000cb.@
[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013/01/25 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Afeb
[2013/04/03 15:35:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Audacity
[2012/09/06 21:23:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Canon
[2012/12/16 07:29:14 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\dll-files.com
[2013/04/02 16:48:49 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Free Sound Recorder
[2013/03/11 06:53:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\FunnyGames
[2012/05/22 09:19:37 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ICAClient
[2013/01/25 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Moxu
[2013/04/04 05:59:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Moys
[2013/04/09 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Origs
[2013/04/02 16:12:42 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Recordpad
[2013/05/06 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Rykua
[2012/05/22 09:11:43 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\TeamViewer
[2012/09/28 08:29:41 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Tific
[2013/04/01 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\TotalRecorder
[2013/05/06 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Udtili
========== Purity Check ==========
< End of report >
Pretty much said all the info above, although i will say that when the lock screen first appeared i was so terrified!!!!!!!!!!!! Thought my life was officially over...
I know it's a virus now but the shock still hasn't worn off yet
Thanks for your help i appreciate it!!!!!!!!![/u]
EDIT*- SORRY I POSTED THE TOPIC TWICE, I THOUGHT IT DIDNT WORK THE FIRST TIME AS IT DIDNT SHOW UP IN THE THREADS LIST STRAIGHT AWAY
