Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Ukash Australian Federal Police Virus
Message
<blockquote data-quote="Paleoworld-101" data-source="post: 119332" data-attributes="member: 8027"><p><strong>OTL LOG</strong></p><p></p><p>OTL logfile created on: 5/6/2013 8:13:45 PM - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nathan\Downloads</p><p> Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy</p><p> </p><p>2.90 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 42.11% Memory free</p><p>5.80 Gb Paging File | 3.54 Gb Available in Paging File | 61.05% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files</p><p>Drive C: | 448.47 Gb Total Space | 376.57 Gb Free Space | 83.97% Space Free | Partition Type: NTFS</p><p>Drive E: | 14.90 Gb Total Space | 0.92 Gb Free Space | 6.15% Space Free | Partition Type: FAT32</p><p>Drive F: | 1.99 Gb Total Space | 1.96 Gb Free Space | 98.84% Space Free | Partition Type: FAT32</p><p>Unable to calculate disk information.</p><p> </p><p>Computer Name: NATHANS-LAPTOP | User Name: Nathan | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\Nathan\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)</p><p>PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)</p><p>PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)</p><p>PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)</p><p>PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation)</p><p>PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)</p><p>PRC - C:\Windows\explorer.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)</p><p>PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)</p><p>PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)</p><p>PRC - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)</p><p>PRC - C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)</p><p>PRC - C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)</p><p>PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)</p><p>PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.)</p><p>PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)</p><p>PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)</p><p>PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)</p><p>PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)</p><p>PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)</p><p>PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe (IDT, Inc.)</p><p>PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)</p><p>PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)</p><p>PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)</p><p>PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe (Andrea Electronics Corporation)</p><p>PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()</p><p>PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\5cf7fcba96db2ec632eda5e52fc373da\System.Data.DataSetExtensions.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\56b5e47c9cfbdf44d230853cf87fab5a\IAStorUtil.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()</p><p>MOD - C:\Users\Nathan\AppData\Roaming\drent.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()</p><p>MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()</p><p>MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()</p><p>MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()</p><p>MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()</p><p>MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()</p><p>MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()</p><p>MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()</p><p>MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()</p><p>MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)</p><p>SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)</p><p>SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation)</p><p>SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)</p><p>SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)</p><p>SRV - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)</p><p>SRV - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)</p><p>SRV - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)</p><p>SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)</p><p>SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)</p><p>SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)</p><p>SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe (IDT, Inc.)</p><p>SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)</p><p>SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)</p><p>SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe (Andrea Electronics Corporation)</p><p>SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()</p><p>SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV - (TotRec8) -- C:\Windows\System32\drivers\TotRec8.sys (High Criteria inc.)</p><p>DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.)</p><p>DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC)</p><p>DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC)</p><p>DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx86.sys (Symantec Corporation)</p><p>DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111004.030\IDSvix86.sys (Symantec Corporation)</p><p>DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)</p><p>DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111004.021\NAVEX15.SYS (Symantec Corporation)</p><p>DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)</p><p>DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)</p><p>DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111004.021\NAVENG.SYS (Symantec Corporation)</p><p>DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation)</p><p>DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation)</p><p>DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation)</p><p>DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation)</p><p>DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation)</p><p>DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation)</p><p>DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV - (BTMUSB) -- C:\Windows\System32\drivers\btmusb.sys (Motorola, Inc.)</p><p>DRV - (BTMNET) -- C:\Windows\System32\drivers\btmnet.sys (Motorola, Inc.)</p><p>DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)</p><p>DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.)</p><p>DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)</p><p>DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)</p><p>DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)</p><p>DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)</p><p>DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p>IE - HKLM\..\SearchScopes\{D2AFE21D-6DDC-492E-9987-7FE9DADD4385}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&q={searchTerms}</p><p>IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enAU447</p><p>IE - HKCU\..\SearchScopes\{C076212A-D3FD-4EF4-A144-BE97B75732A5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=5J&apn_dtid=YYYYYYYYAU&apn_uid=385205e7-b57b-44ce-b38c-db9780c28260&apn_sauid=D90BA786-986F-4062-B1D4-ADBC1CB2162E</p><p>IE - HKCU\..\SearchScopes\{D2AFE21D-6DDC-492E-9987-7FE9DADD4385}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.2.1.5:8080</p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)</p><p>FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.48.6: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/30 13:04:33 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_12_1 [2013/05/06 18:46:23 | 000,000,000 | ---D | M]</p><p> </p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&tbp=homepage</p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}</p><p>CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&tbp=homepage</p><p>CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer</p><p>CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll</p><p>CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll</p><p>CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll</p><p>CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll</p><p>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL</p><p>CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL</p><p>CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL</p><p>CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll</p><p>CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll</p><p>CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll</p><p>CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll</p><p>CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll</p><p>CHR - Extension: YouTube = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</p><p>CHR - Extension: Google Search = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</p><p>CHR - Extension: Gmail = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</p><p> </p><p>O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts</p><p>O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)</p><p>O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)</p><p>O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)</p><p>O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)</p><p>O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)</p><p>O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)</p><p>O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)</p><p>O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)</p><p>O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)</p><p>O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)</p><p>O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)</p><p>O4 - HKLM..\Run: [drent] C:\Users\Nathan\AppData\Roaming\drent.dll ()</p><p>O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)</p><p>O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)</p><p>O4 - HKLM..\Run: [mosit] C:\Users\Nathan\AppData\Roaming\mosit.dll (SiliconMotion)</p><p>O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)</p><p>O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)</p><p>O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)</p><p>O4 - HKLM..\Run: [sedgf] C:\Users\Nathan\AppData\Roaming\sedgf.dll (S3 Graphics Co., Ltd.)</p><p>O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)</p><p>O4 - HKCU..\Run: [Opupmewa] C:\Users\Nathan\AppData\Roaming\Moxu\niakf.exe ()</p><p>O4 - HKCU..\Run: [Ovmeipodek] C:\Users\Nathan\AppData\Roaming\Rykua\etiqy.exe ()</p><p>O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0 File not found</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0</p><p>O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145</p><p>O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)</p><p>O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)</p><p>O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)</p><p>O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)</p><p>O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()</p><p>O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O13 - gopher Prefix: missing</p><p>O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</p><p>O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</p><p>O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C474A887-AC2D-4C69-A8B3-6D3BD482EBBC}: DhcpNameServer = 10.2.20.10 10.2.21.10</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEA37B9C-85A2-4B25-8B3B-03082B66B217}: DhcpNameServer = 192.168.0.1</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)</p><p>O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/05/04 19:45:44 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\ezvid</p><p>[2013/05/04 19:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\ezvid</p><p>[2013/05/04 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Programs</p><p>[2013/05/04 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\{095EFD83-13C7-464A-A216-60D821D2D01C}</p><p>[2013/05/03 19:56:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\{CA5D3EBE-CB80-48B1-B725-D3B8DA1A2364}</p><p>[2013/04/17 19:39:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite</p><p>[2013/04/17 19:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs</p><p>[2013/04/11 06:31:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb</p><p>[2013/04/11 06:31:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll</p><p>[2013/04/11 06:31:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll</p><p>[2013/04/11 06:31:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll</p><p>[2013/04/11 06:31:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe</p><p>[2013/04/11 06:31:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll</p><p>[2013/04/11 06:31:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll</p><p>[2013/04/11 06:30:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl</p><p>[2013/04/10 08:06:15 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys</p><p>[2013/04/10 08:06:10 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll</p><p>[2013/04/10 08:06:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll</p><p>[2013/04/10 08:06:05 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe</p><p>[2013/04/10 08:06:05 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe</p><p>[2013/04/10 08:06:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll</p><p>[2012/12/20 11:05:35 | 000,290,816 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\Users\Nathan\AppData\Roaming\sedgf.dll</p><p>[2012/12/20 11:05:05 | 000,601,088 | ---- | C] (SiliconMotion) -- C:\Users\Nathan\AppData\Roaming\mosit.dll</p><p>[2012/12/20 11:04:16 | 000,165,376 | ---- | C] (Donkey) -- C:\Users\Nathan\AppData\Roaming\windw.dll</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/05/06 20:16:11 | 000,006,525 | ---- | M] () -- C:\Users\Nathan\AppData\Local\3d9f906e-fc35-40e6-919c-4cd324017d36.crx</p><p>[2013/05/06 20:14:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/05/06 20:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/05/06 20:07:25 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/05/06 20:07:25 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/05/06 19:37:05 | 000,631,496 | ---- | M] () -- C:\windows\System32\perfh009.dat</p><p>[2013/05/06 19:37:05 | 000,111,588 | ---- | M] () -- C:\windows\System32\perfc009.dat</p><p>[2013/05/06 19:35:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat</p><p>[2013/05/06 18:46:20 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/05/06 18:46:10 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/05/05 22:35:56 | 000,131,944 | ---- | M] () -- C:\Users\Nathan\Desktop\guide pic.jpg</p><p>[2013/05/04 19:59:27 | 000,002,792 | ---- | M] () -- C:\Users\Nathan\Desktop\EPISODE 4 FINAL PROJECT USE THIS.wlmp</p><p>[2013/05/04 19:18:38 | 1832,351,659 | ---- | M] () -- C:\Users\Nathan\Desktop\Episode 4 FINAL.wmv</p><p>[2013/05/03 23:19:11 | 000,002,768 | ---- | M] () -- C:\Users\Nathan\Desktop\EPISODE 4.wlmp</p><p>[2013/05/03 23:11:48 | 1830,862,942 | ---- | M] () -- C:\Users\Nathan\Desktop\Episode 4- Creeks.wmv</p><p>[2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe</p><p>[2013/05/01 19:44:05 | 000,081,587 | ---- | M] () -- C:\Users\Nathan\Desktop\lol.png</p><p>[2013/04/30 10:48:11 | 000,048,103 | ---- | M] () -- C:\Users\Nathan\Desktop\f1020[1].jpg</p><p>[2013/04/28 17:36:35 | 000,038,077 | ---- | M] () -- C:\Users\Nathan\Desktop\f850[1].jpg</p><p>[2013/04/28 17:07:24 | 000,023,790 | ---- | M] () -- C:\Users\Nathan\Desktop\$(KGrHqIOKosFFz43uMFiBRdL0GrzPw~~60_12[1].jpg</p><p>[2013/04/28 17:04:12 | 000,037,773 | ---- | M] () -- C:\Users\Nathan\Desktop\$T2eC16R,!)cE9s4PtHWdBRLFByvUkg~~60_12[1].jpg</p><p>[2013/04/27 23:31:09 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForNathan.job</p><p>[2013/04/27 21:02:54 | 000,000,282 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_UPDATES.job</p><p>[2013/04/25 17:05:09 | 000,155,600 | ---- | M] () -- C:\Users\Nathan\Desktop\guide pic 2.jpg</p><p>[2013/04/19 22:06:32 | 000,016,062 | ---- | M] () -- C:\Users\Nathan\Desktop\Best Carch Tooth!.jpg</p><p>[2013/04/19 17:21:00 | 000,338,789 | ---- | M] () -- C:\Users\Nathan\Desktop\Crinoids.jpg</p><p>[2013/04/17 20:48:10 | 000,000,266 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_MONTHLY.job</p><p>[2013/04/17 19:39:33 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk</p><p>[2013/04/16 15:33:18 | 000,095,288 | ---- | M] () -- C:\Users\Nathan\Desktop\JurassicBanner[1].jpg</p><p>[2013/04/15 16:50:55 | 004,301,348 | ---- | M] () -- C:\Users\Nathan\Desktop\Promises- Skrillex Remix.mp3</p><p>[2013/04/15 16:50:46 | 004,512,973 | ---- | M] () -- C:\Users\Nathan\Desktop\Levels- Skrillex Remix.mp3</p><p>[2013/04/15 16:48:20 | 003,124,721 | ---- | M] () -- C:\Users\Nathan\Desktop\Let The Bass Kick.mp3</p><p>[2013/04/15 16:48:01 | 012,089,822 | ---- | M] () -- C:\Users\Nathan\Desktop\Summit.mp3</p><p>[2013/04/15 16:11:58 | 003,381,708 | ---- | M] () -- C:\Users\Nathan\Desktop\Father Said.mp3</p><p>[2013/04/12 07:26:43 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk</p><p>[2013/04/11 12:53:38 | 000,409,760 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT</p><p>[2013/04/07 07:13:51 | 000,011,207 | ---- | M] () -- C:\Users\Nathan\Desktop\244376_1282574945[1].jpg</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/05/04 19:58:09 | 000,002,792 | ---- | C] () -- C:\Users\Nathan\Desktop\EPISODE 4 FINAL PROJECT USE THIS.wlmp</p><p>[2013/05/04 18:00:32 | 1832,351,659 | ---- | C] () -- C:\Users\Nathan\Desktop\Episode 4 FINAL.wmv</p><p>[2013/05/03 23:19:11 | 000,002,768 | ---- | C] () -- C:\Users\Nathan\Desktop\EPISODE 4.wlmp</p><p>[2013/05/03 22:00:20 | 1830,862,942 | ---- | C] () -- C:\Users\Nathan\Desktop\Episode 4- Creeks.wmv</p><p>[2013/05/01 19:44:05 | 000,081,587 | ---- | C] () -- C:\Users\Nathan\Desktop\lol.png</p><p>[2013/04/28 17:35:35 | 000,038,077 | ---- | C] () -- C:\Users\Nathan\Desktop\f850[1].jpg</p><p>[2013/04/28 17:30:03 | 000,048,103 | ---- | C] () -- C:\Users\Nathan\Desktop\f1020[1].jpg</p><p>[2013/04/28 17:04:49 | 000,023,790 | ---- | C] () -- C:\Users\Nathan\Desktop\$(KGrHqIOKosFFz43uMFiBRdL0GrzPw~~60_12[1].jpg</p><p>[2013/04/28 17:01:59 | 000,037,773 | ---- | C] () -- C:\Users\Nathan\Desktop\$T2eC16R,!)cE9s4PtHWdBRLFByvUkg~~60_12[1].jpg</p><p>[2013/04/25 17:05:09 | 000,155,600 | ---- | C] () -- C:\Users\Nathan\Desktop\guide pic 2.jpg</p><p>[2013/04/25 16:55:15 | 000,131,944 | ---- | C] () -- C:\Users\Nathan\Desktop\guide pic.jpg</p><p>[2013/04/19 22:06:31 | 000,016,062 | ---- | C] () -- C:\Users\Nathan\Desktop\Best Carch Tooth!.jpg</p><p>[2013/04/19 17:20:14 | 000,338,789 | ---- | C] () -- C:\Users\Nathan\Desktop\Crinoids.jpg</p><p>[2013/04/17 19:39:33 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk</p><p>[2013/04/17 19:39:32 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk</p><p>[2013/04/16 15:32:10 | 000,095,288 | ---- | C] () -- C:\Users\Nathan\Desktop\JurassicBanner[1].jpg</p><p>[2013/04/15 16:08:22 | 003,381,708 | ---- | C] () -- C:\Users\Nathan\Desktop\Father Said.mp3</p><p>[2013/04/15 16:01:10 | 004,512,973 | ---- | C] () -- C:\Users\Nathan\Desktop\Levels- Skrillex Remix.mp3</p><p>[2013/04/15 15:58:01 | 004,301,348 | ---- | C] () -- C:\Users\Nathan\Desktop\Promises- Skrillex Remix.mp3</p><p>[2013/04/07 07:08:00 | 000,011,207 | ---- | C] () -- C:\Users\Nathan\Desktop\244376_1282574945[1].jpg</p><p>[2013/03/17 21:33:59 | 000,160,768 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\drent.dll</p><p>[2013/03/02 22:35:31 | 000,001,030 | ---- | C] () -- C:\Users\Nathan\3206055.exe</p><p>[2012/12/20 11:05:14 | 000,006,525 | ---- | C] () -- C:\Users\Nathan\AppData\Local\3d9f906e-fc35-40e6-919c-4cd324017d36.crx</p><p>[2012/09/28 08:08:06 | 000,006,523 | ---- | C] () -- C:\Users\Nathan\AppData\Local\chromeupdate.crx</p><p>[2012/09/13 20:46:45 | 000,380,928 | ---- | C] () -- C:\windows\System32\lame_enc.dll</p><p>[2012/01/11 22:34:11 | 000,098,304 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\skype.dat</p><p>[2011/09/01 18:13:48 | 000,040,448 | ---- | C] () -- C:\windows\System32\REGOBJ.DLL</p><p>[2011/08/05 17:40:48 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7AF8E60013.sys</p><p>[2011/08/05 17:40:43 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2013/05/06 17:40:41 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\@</p><p>[2013/05/06 17:40:41 | 000,115,200 | -HS- | M] (Корпорация Майкрософт) -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\n</p><p>[2012/09/28 08:07:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\L</p><p>[2013/05/06 18:24:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U</p><p>[2013/05/06 18:24:24 | 000,000,928 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\00000001.@</p><p>[2012/10/28 14:16:12 | 000,011,776 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\80000000.@</p><p>[2013/05/06 17:40:47 | 000,022,016 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\800000cb.@</p><p>[2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Both</p><p> </p><p><span style="color: #E56717">========== LOP Check ==========</span></p><p> </p><p>[2013/01/25 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Afeb</p><p>[2013/04/03 15:35:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Audacity</p><p>[2012/09/06 21:23:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Canon</p><p>[2012/12/16 07:29:14 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\dll-files.com</p><p>[2013/04/02 16:48:49 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Free Sound Recorder</p><p>[2013/03/11 06:53:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\FunnyGames</p><p>[2012/05/22 09:19:37 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ICAClient</p><p>[2013/01/25 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Moxu</p><p>[2013/04/04 05:59:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Moys</p><p>[2013/04/09 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Origs</p><p>[2013/04/02 16:12:42 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Recordpad</p><p>[2013/05/06 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Rykua</p><p>[2012/05/22 09:11:43 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\TeamViewer</p><p>[2012/09/28 08:29:41 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Tific</p><p>[2013/04/01 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\TotalRecorder</p><p>[2013/05/06 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Udtili</p><p> </p><p><span style="color: #E56717">========== Purity Check ==========</span></p><p> </p><p> </p><p></p><p>< End of report ></p><p></p><p>Pretty much said all the info above, although i will say that when the lock screen first appeared i was so terrified!!!!!!!!!!!! Thought my life was officially over...</p><p></p><p>I know it's a virus now but the shock still hasn't worn off yet</p><p></p><p>Thanks for your help i appreciate it!!!!!!!!![/u]</p><p></p><p>EDIT*- SORRY I POSTED THE TOPIC TWICE, I THOUGHT IT DIDNT WORK THE FIRST TIME AS IT DIDNT SHOW UP IN THE THREADS LIST STRAIGHT AWAY</p></blockquote><p></p>
[QUOTE="Paleoworld-101, post: 119332, member: 8027"] [b]OTL LOG[/b] OTL logfile created on: 5/6/2013 8:13:45 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nathan\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy 2.90 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 42.11% Memory free 5.80 Gb Paging File | 3.54 Gb Available in Paging File | 61.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 448.47 Gb Total Space | 376.57 Gb Free Space | 83.97% Space Free | Partition Type: NTFS Drive E: | 14.90 Gb Total Space | 0.92 Gb Free Space | 6.15% Space Free | Partition Type: FAT32 Drive F: | 1.99 Gb Total Space | 1.96 Gb Free Space | 98.84% Space Free | Partition Type: FAT32 Unable to calculate disk information. Computer Name: NATHANS-LAPTOP | User Name: Nathan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Nathan\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company) PRC - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) PRC - C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) PRC - C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) PRC - C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe (Motorola, Inc.) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe (IDT, Inc.) PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - c:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\5cf7fcba96db2ec632eda5e52fc373da\System.Data.DataSetExtensions.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\56b5e47c9cfbdf44d230853cf87fab5a\IAStorUtil.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Users\Nathan\AppData\Roaming\drent.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll () MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll () MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll () MOD - C:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll () MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll () MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe (Symantec Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.) SRV - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.) SRV - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.) SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\stacsv.exe (IDT, Inc.) SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9b219d80a8843bf8\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - (TotRec8) -- C:\Windows\System32\drivers\TotRec8.sys (High Criteria inc.) DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV - (mcaudrv_simple) -- C:\Windows\System32\drivers\mcaudrv.sys (ManyCam LLC) DRV - (ManyCam) -- C:\Windows\System32\drivers\mcvidrv.sys (ManyCam LLC) DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110929.001\BHDrvx86.sys (Symantec Corporation) DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20111004.030\IDSvix86.sys (Symantec Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111004.021\NAVEX15.SYS (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20111004.021\NAVENG.SYS (Symantec Corporation) DRV - (SymNetS) -- C:\Windows\System32\drivers\NIS\1207020.003\symnets.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1207020.003\srtsp.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1207020.003\srtspx.sys (Symantec Corporation) DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1207020.003\symefa.sys (Symantec Corporation) DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1207020.003\symds.sys (Symantec Corporation) DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1207020.003\ironx86.sys (Symantec Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (BTMUSB) -- C:\Windows\System32\drivers\btmusb.sys (Motorola, Inc.) DRV - (BTMNET) -- C:\Windows\System32\drivers\btmnet.sys (Motorola, Inc.) DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.) DRV - (BTMCOM) -- C:\Windows\System32\drivers\btmcom.sys (Motorola, Inc.) DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/14 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{D2AFE21D-6DDC-492E-9987-7FE9DADD4385}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/14 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enAU447 IE - HKCU\..\SearchScopes\{C076212A-D3FD-4EF4-A144-BE97B75732A5}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=5J&apn_dtid=YYYYYYYYAU&apn_uid=385205e7-b57b-44ce-b38c-db9780c28260&apn_sauid=D90BA786-986F-4062-B1D4-ADBC1CB2162E IE - HKCU\..\SearchScopes\{D2AFE21D-6DDC-492E-9987-7FE9DADD4385}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.2.1.5:8080 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Citrix.com/npagee,version=9.2.48.6: C:\Program Files\Citrix\Secure Access Client\npagee.dll (Citrix Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/09/30 13:04:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_12_1 [2013/05/06 18:46:23 | 000,000,000 | ---D | M] [color=#E56717]========== Chrome ==========[/color] CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&tbp=homepage CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=9FF0416AE9AB371AE98BDB504086AB98&tbp=homepage CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Bing Bar (Enabled) = C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Users\Nathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [drent] C:\Users\Nathan\AppData\Roaming\drent.dll () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.) O4 - HKLM..\Run: [mosit] C:\Users\Nathan\AppData\Roaming\mosit.dll (SiliconMotion) O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [sedgf] C:\Users\Nathan\AppData\Roaming\sedgf.dll (S3 Graphics Co., Ltd.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [Opupmewa] C:\Users\Nathan\AppData\Roaming\Moxu\niakf.exe () O4 - HKCU..\Run: [Ovmeipodek] C:\Users\Nathan\AppData\Roaming\Rykua\etiqy.exe () O4 - HKCU..\Run: [Wisdom-soft AutoScreenRecorder 3.1 Pro] 0 File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C474A887-AC2D-4C69-A8B3-6D3BD482EBBC}: DhcpNameServer = 10.2.20.10 10.2.21.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEA37B9C-85A2-4B25-8B3B-03082B66B217}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/05/04 19:45:44 | 000,000,000 | ---D | C] -- C:\Users\Nathan\Documents\ezvid [2013/05/04 19:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\ezvid [2013/05/04 19:38:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\Programs [2013/05/04 14:45:06 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\{095EFD83-13C7-464A-A216-60D821D2D01C} [2013/05/03 19:56:30 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Local\{CA5D3EBE-CB80-48B1-B725-D3B8DA1A2364} [2013/04/17 19:39:35 | 000,000,000 | ---D | C] -- C:\Users\Nathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite [2013/04/17 19:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs [2013/04/11 06:31:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2013/04/11 06:31:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2013/04/11 06:31:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2013/04/11 06:31:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2013/04/11 06:31:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe [2013/04/11 06:31:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll [2013/04/11 06:31:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll [2013/04/11 06:30:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl [2013/04/10 08:06:15 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2013/04/10 08:06:10 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll [2013/04/10 08:06:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll [2013/04/10 08:06:05 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2013/04/10 08:06:05 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2013/04/10 08:06:03 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\csrsrv.dll [2012/12/20 11:05:35 | 000,290,816 | ---- | C] (S3 Graphics Co., Ltd.) -- C:\Users\Nathan\AppData\Roaming\sedgf.dll [2012/12/20 11:05:05 | 000,601,088 | ---- | C] (SiliconMotion) -- C:\Users\Nathan\AppData\Roaming\mosit.dll [2012/12/20 11:04:16 | 000,165,376 | ---- | C] (Donkey) -- C:\Users\Nathan\AppData\Roaming\windw.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/05/06 20:16:11 | 000,006,525 | ---- | M] () -- C:\Users\Nathan\AppData\Local\3d9f906e-fc35-40e6-919c-4cd324017d36.crx [2013/05/06 20:14:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/06 20:08:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/05/06 20:07:25 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/06 20:07:25 | 000,019,760 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/06 19:37:05 | 000,631,496 | ---- | M] () -- C:\windows\System32\perfh009.dat [2013/05/06 19:37:05 | 000,111,588 | ---- | M] () -- C:\windows\System32\perfc009.dat [2013/05/06 19:35:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/05/06 18:46:20 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/05/06 18:46:10 | 3116,646,400 | -HS- | M] () -- C:\hiberfil.sys [2013/05/05 22:35:56 | 000,131,944 | ---- | M] () -- C:\Users\Nathan\Desktop\guide pic.jpg [2013/05/04 19:59:27 | 000,002,792 | ---- | M] () -- C:\Users\Nathan\Desktop\EPISODE 4 FINAL PROJECT USE THIS.wlmp [2013/05/04 19:18:38 | 1832,351,659 | ---- | M] () -- C:\Users\Nathan\Desktop\Episode 4 FINAL.wmv [2013/05/03 23:19:11 | 000,002,768 | ---- | M] () -- C:\Users\Nathan\Desktop\EPISODE 4.wlmp [2013/05/03 23:11:48 | 1830,862,942 | ---- | M] () -- C:\Users\Nathan\Desktop\Episode 4- Creeks.wmv [2013/05/02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe [2013/05/01 19:44:05 | 000,081,587 | ---- | M] () -- C:\Users\Nathan\Desktop\lol.png [2013/04/30 10:48:11 | 000,048,103 | ---- | M] () -- C:\Users\Nathan\Desktop\f1020[1].jpg [2013/04/28 17:36:35 | 000,038,077 | ---- | M] () -- C:\Users\Nathan\Desktop\f850[1].jpg [2013/04/28 17:07:24 | 000,023,790 | ---- | M] () -- C:\Users\Nathan\Desktop\$(KGrHqIOKosFFz43uMFiBRdL0GrzPw~~60_12[1].jpg [2013/04/28 17:04:12 | 000,037,773 | ---- | M] () -- C:\Users\Nathan\Desktop\$T2eC16R,!)cE9s4PtHWdBRLFByvUkg~~60_12[1].jpg [2013/04/27 23:31:09 | 000,000,324 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForNathan.job [2013/04/27 21:02:54 | 000,000,282 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_UPDATES.job [2013/04/25 17:05:09 | 000,155,600 | ---- | M] () -- C:\Users\Nathan\Desktop\guide pic 2.jpg [2013/04/19 22:06:32 | 000,016,062 | ---- | M] () -- C:\Users\Nathan\Desktop\Best Carch Tooth!.jpg [2013/04/19 17:21:00 | 000,338,789 | ---- | M] () -- C:\Users\Nathan\Desktop\Crinoids.jpg [2013/04/17 20:48:10 | 000,000,266 | ---- | M] () -- C:\windows\tasks\DLL-files.com Fixer_MONTHLY.job [2013/04/17 19:39:33 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn.lnk [2013/04/16 15:33:18 | 000,095,288 | ---- | M] () -- C:\Users\Nathan\Desktop\JurassicBanner[1].jpg [2013/04/15 16:50:55 | 004,301,348 | ---- | M] () -- C:\Users\Nathan\Desktop\Promises- Skrillex Remix.mp3 [2013/04/15 16:50:46 | 004,512,973 | ---- | M] () -- C:\Users\Nathan\Desktop\Levels- Skrillex Remix.mp3 [2013/04/15 16:48:20 | 003,124,721 | ---- | M] () -- C:\Users\Nathan\Desktop\Let The Bass Kick.mp3 [2013/04/15 16:48:01 | 012,089,822 | ---- | M] () -- C:\Users\Nathan\Desktop\Summit.mp3 [2013/04/15 16:11:58 | 003,381,708 | ---- | M] () -- C:\Users\Nathan\Desktop\Father Said.mp3 [2013/04/12 07:26:43 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/04/11 12:53:38 | 000,409,760 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2013/04/07 07:13:51 | 000,011,207 | ---- | M] () -- C:\Users\Nathan\Desktop\244376_1282574945[1].jpg [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/05/04 19:58:09 | 000,002,792 | ---- | C] () -- C:\Users\Nathan\Desktop\EPISODE 4 FINAL PROJECT USE THIS.wlmp [2013/05/04 18:00:32 | 1832,351,659 | ---- | C] () -- C:\Users\Nathan\Desktop\Episode 4 FINAL.wmv [2013/05/03 23:19:11 | 000,002,768 | ---- | C] () -- C:\Users\Nathan\Desktop\EPISODE 4.wlmp [2013/05/03 22:00:20 | 1830,862,942 | ---- | C] () -- C:\Users\Nathan\Desktop\Episode 4- Creeks.wmv [2013/05/01 19:44:05 | 000,081,587 | ---- | C] () -- C:\Users\Nathan\Desktop\lol.png [2013/04/28 17:35:35 | 000,038,077 | ---- | C] () -- C:\Users\Nathan\Desktop\f850[1].jpg [2013/04/28 17:30:03 | 000,048,103 | ---- | C] () -- C:\Users\Nathan\Desktop\f1020[1].jpg [2013/04/28 17:04:49 | 000,023,790 | ---- | C] () -- C:\Users\Nathan\Desktop\$(KGrHqIOKosFFz43uMFiBRdL0GrzPw~~60_12[1].jpg [2013/04/28 17:01:59 | 000,037,773 | ---- | C] () -- C:\Users\Nathan\Desktop\$T2eC16R,!)cE9s4PtHWdBRLFByvUkg~~60_12[1].jpg [2013/04/25 17:05:09 | 000,155,600 | ---- | C] () -- C:\Users\Nathan\Desktop\guide pic 2.jpg [2013/04/25 16:55:15 | 000,131,944 | ---- | C] () -- C:\Users\Nathan\Desktop\guide pic.jpg [2013/04/19 22:06:31 | 000,016,062 | ---- | C] () -- C:\Users\Nathan\Desktop\Best Carch Tooth!.jpg [2013/04/19 17:20:14 | 000,338,789 | ---- | C] () -- C:\Users\Nathan\Desktop\Crinoids.jpg [2013/04/17 19:39:33 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn.lnk [2013/04/17 19:39:32 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk [2013/04/16 15:32:10 | 000,095,288 | ---- | C] () -- C:\Users\Nathan\Desktop\JurassicBanner[1].jpg [2013/04/15 16:08:22 | 003,381,708 | ---- | C] () -- C:\Users\Nathan\Desktop\Father Said.mp3 [2013/04/15 16:01:10 | 004,512,973 | ---- | C] () -- C:\Users\Nathan\Desktop\Levels- Skrillex Remix.mp3 [2013/04/15 15:58:01 | 004,301,348 | ---- | C] () -- C:\Users\Nathan\Desktop\Promises- Skrillex Remix.mp3 [2013/04/07 07:08:00 | 000,011,207 | ---- | C] () -- C:\Users\Nathan\Desktop\244376_1282574945[1].jpg [2013/03/17 21:33:59 | 000,160,768 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\drent.dll [2013/03/02 22:35:31 | 000,001,030 | ---- | C] () -- C:\Users\Nathan\3206055.exe [2012/12/20 11:05:14 | 000,006,525 | ---- | C] () -- C:\Users\Nathan\AppData\Local\3d9f906e-fc35-40e6-919c-4cd324017d36.crx [2012/09/28 08:08:06 | 000,006,523 | ---- | C] () -- C:\Users\Nathan\AppData\Local\chromeupdate.crx [2012/09/13 20:46:45 | 000,380,928 | ---- | C] () -- C:\windows\System32\lame_enc.dll [2012/01/11 22:34:11 | 000,098,304 | ---- | C] () -- C:\Users\Nathan\AppData\Roaming\skype.dat [2011/09/01 18:13:48 | 000,040,448 | ---- | C] () -- C:\windows\System32\REGOBJ.DLL [2011/08/05 17:40:48 | 000,000,088 | RHS- | C] () -- C:\ProgramData\7AF8E60013.sys [2011/08/05 17:40:43 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [color=#E56717]========== ZeroAccess Check ==========[/color] [2013/05/06 17:40:41 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\@ [2013/05/06 17:40:41 | 000,115,200 | -HS- | M] (Корпорация Майкрософт) -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\n [2012/09/28 08:07:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\L [2013/05/06 18:24:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U [2013/05/06 18:24:24 | 000,000,928 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\00000001.@ [2012/10/28 14:16:12 | 000,011,776 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\80000000.@ [2013/05/06 17:40:47 | 000,022,016 | ---- | M] () -- C:\$Recycle.Bin\S-1-5-18\$0ed46d269463da8412b7eea80fcdf09e\U\800000cb.@ [2009/07/14 14:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 14:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 11:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/01/25 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Afeb [2013/04/03 15:35:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Audacity [2012/09/06 21:23:09 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Canon [2012/12/16 07:29:14 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\dll-files.com [2013/04/02 16:48:49 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Free Sound Recorder [2013/03/11 06:53:15 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\FunnyGames [2012/05/22 09:19:37 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\ICAClient [2013/01/25 12:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Moxu [2013/04/04 05:59:33 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Moys [2013/04/09 14:39:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Origs [2013/04/02 16:12:42 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Recordpad [2013/05/06 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Rykua [2012/05/22 09:11:43 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\TeamViewer [2012/09/28 08:29:41 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Tific [2013/04/01 17:48:30 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\TotalRecorder [2013/05/06 19:47:02 | 000,000,000 | ---D | M] -- C:\Users\Nathan\AppData\Roaming\Udtili [color=#E56717]========== Purity Check ==========[/color] < End of report > Pretty much said all the info above, although i will say that when the lock screen first appeared i was so terrified!!!!!!!!!!!! Thought my life was officially over... I know it's a virus now but the shock still hasn't worn off yet Thanks for your help i appreciate it!!!!!!!!![/u] EDIT*- SORRY I POSTED THE TOPIC TWICE, I THOUGHT IT DIDNT WORK THE FIRST TIME AS IT DIDNT SHOW UP IN THE THREADS LIST STRAIGHT AWAY [/QUOTE]
Insert quotes…
Verification
Post reply
Top
