This topic is locked
Hello,
My Norton Antivirus (Internet Security) notified me of a blocked attempted intrussion earlier today, and four minutes later a second notification popped up with a similar yet different intrussion. I had been away from home so upon reviewing the Norton Security History, I realized there had been a total of five intrussions during the day.
UPDATE: The first five attacks where close to each other (within 2 hours), but more attacks seem to be occurring not as close together as before, info has been added for those as well.
All intrussions show
IPS Alert Name: OS Attack GNU Bash CVE-2014-6271
Attacker URL: 127.0.0.1/cgi-bin/authLogin.cgi
Destination Address: PC (192.168.1.81, 8080)
Attacking Computer/Source Address:
- 181.55.127.245, 52828 at 3:58:37 PM on 1/28/2015
- 85.178.81.183, 59224 at 4:39:31 PM
- 181.55.127.245, 40831 at 5:05:35 PM
- 79.205.193.125, 35257 at 5:47:22 PM
- 80.182.47.113, 41970 at 5:51:26 PM
- 101.187.11.150, 36441 at 8:09:06 PM
- 121.138.82.30, 53632 at 10:29:18 PM
- 5.23.203.131, 38346 at 1:38:40 AM on 1/29/2015
- 61.238.237.254, 52343 at 11:31:31 AM
- 93.104.93.238, 51335 at 5:19:09 PM
The following message was included in all intrussion notifications:
Network traffic from 127.0.0.1/cgi-bin/authLogin.cgi matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\ISPY\ISPY (64 BIT)\ISPY.EXE.
ISpy is an open source camera security software that I use to monitor wireless cameras, it hasn't given me any problems before.
Also, not sure if this might be related or not, but about a week ago I got two URL:MAL notifications from SKYPE.EXE. The sleep mode on my computer won't work, it goes to sleep and about 5 seconds later it comes back on again; the fan starts running at high speed and gets really loud, it's happened quite a few times since yesterday and usually lasts about 10-15 seconds or so. Again this may not be related to the virus/intrusions mentioned before but I thought I would include them just in case.
Thanks in advance for any help you can offer.
OTL log:
-----------------------------
OTL logfile created on: 1/28/2015 6:37:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.99 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 23.93% Memory free
15.98 Gb Paging File | 9.09 Gb Available in Paging File | 56.85% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.09 Gb Total Space | 503.96 Gb Free Space | 54.77% Space Free | Partition Type: NTFS
Drive D: | 11.13 Gb Total Space | 1.59 Gb Free Space | 14.32% Space Free | Partition Type: NTFS
Drive E: | 161.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2015/01/28 18:20:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2015/01/26 15:20:43 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2015/01/26 13:40:21 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe
PRC - [2015/01/25 03:35:37 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
PRC - [2014/12/04 21:12:28 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/11/21 18:23:48 | 000,073,656 | ---- | M] () -- C:\Program Files\iSpy\iSpy (64 bit)\iSpyMonitor.exe
PRC - [2013/10/15 15:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Users\*\AppData\Local\FluxSoftware\Flux\flux.exe
PRC - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/03/09 07:55:54 | 002,667,520 | ---- | M] () -- C:\Program Files (x86)\EyeLeo\EyeLeo.exe
PRC - [2010/07/22 21:10:47 | 000,402,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2010/04/07 03:01:40 | 035,444,688 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe
PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/09/19 14:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/09/19 14:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/09/19 14:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/09/19 14:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/04/30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
PRC - [1999/12/31 16:00:00 | 001,966,080 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\tor.exe
PRC - [1999/12/31 16:00:00 | 000,338,432 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Tor Browser\Browser\firefox.exe
========== Modules (No Company Name) ==========
MOD - [2015/01/26 15:20:43 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2015/01/25 03:35:36 | 016,844,976 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll
MOD - [2015/01/24 22:08:43 | 014,913,864 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
MOD - [2015/01/24 22:08:41 | 009,170,760 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll
MOD - [2015/01/24 22:08:37 | 001,117,512 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
MOD - [2015/01/24 22:08:35 | 000,211,272 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\libegl.dll
MOD - [2014/12/04 21:12:34 | 038,562,088 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2014/10/16 01:15:38 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla\fzshellext.dll
MOD - [2014/10/15 02:21:41 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014/10/15 02:21:39 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/15 02:21:37 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/15 02:21:36 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/15 02:21:32 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/15 02:21:31 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/05/24 08:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla\libstdc++-6.dll
MOD - [2014/05/24 08:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla\libgcc_s_sjlj-1.dll
MOD - [2014/02/27 03:06:21 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/27 03:06:21 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2013/11/21 18:23:48 | 000,073,656 | ---- | M] () -- C:\Program Files\iSpy\iSpy (64 bit)\iSpyMonitor.exe
MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\wincfi39.dll
MOD - [2011/03/09 07:55:54 | 002,667,520 | ---- | M] () -- C:\Program Files (x86)\EyeLeo\EyeLeo.exe
MOD - [2011/01/02 00:30:36 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\EyeLeo\ActivityMonitor.dll
MOD - [2010/04/07 01:34:46 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\QuickTimeGlue.dll
MOD - [2010/02/22 03:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2007/04/30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
MOD - [2007/04/21 12:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
MOD - [2007/04/19 13:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
MOD - [2002/11/19 13:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODimg.dll
MOD - [2002/03/13 18:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\ODimg.dll
MOD - [1999/12/31 16:00:00 | 005,057,038 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\mozjs.dll
MOD - [1999/12/31 16:00:00 | 001,966,080 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\tor.exe
MOD - [1999/12/31 16:00:00 | 000,714,452 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll
MOD - [1999/12/31 16:00:00 | 000,517,814 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
MOD - [1999/12/31 16:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll
MOD - [1999/12/31 16:00:00 | 000,091,026 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
MOD - [1999/12/31 16:00:00 | 000,091,026 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\libssp-0.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/12/04 21:12:28 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/07/08 03:29:02 | 000,183,896 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/06/01 00:58:10 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2015/01/26 15:20:43 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/01/25 03:35:39 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/04 06:19:32 | 005,316,448 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe -- (NIS)
SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/05/12 00:16:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/19 14:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2009/06/05 16:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/12/04 21:13:46 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/04 21:12:41 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/04 21:12:41 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/12/04 21:12:40 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/12/04 21:12:40 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/04 21:12:40 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/04 21:12:40 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/12/04 21:12:38 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2014/01/22 07:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 07:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/07/08 03:29:00 | 000,199,384 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2013/06/17 13:04:19 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/05/22 21:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 21:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 21:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 16:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 18:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/03/04 18:14:18 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2013/03/04 17:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 17:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/09/21 11:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 11:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/06 10:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV:64bit: - [2011/06/01 03:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/06/01 03:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/01 00:19:14 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/18 13:22:27 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/02/04 22:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)
DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/07 07:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/06 05:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/08/20 16:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/08/09 13:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2015/01/20 04:27:28 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20150127.040\ex64.sys -- (NAVEX15)
DRV - [2015/01/20 04:27:28 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20150127.040\eng64.sys -- (NAVENG)
DRV - [2015/01/10 20:53:21 | 000,668,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20150127.001\IDSviA64.sys -- (IDSVia64)
DRV - [2015/01/06 11:15:26 | 001,622,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20150106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/12/11 12:45:55 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/12/11 12:45:54 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/10/25 02:14:06 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/06/15 20:23:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/12/05 23:52:46] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CF702269-11C9-40DA-97AB-2C0E1934AAF5}
IE:64bit: - HKLM\..\SearchScopes\{AE4B2865-ED2A-4AEB-AE3A-803E03566E3B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{CF702269-11C9-40DA-97AB-2C0E1934AAF5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{AE4B2865-ED2A-4AEB-AE3A-803E03566E3B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{CF702269-11C9-40DA-97AB-2C0E1934AAF5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{13B66D15-B7E5-45F2-82C7-015B9F2D8167}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{6A0A0E22-8707-4AFD-A0DA-F1DEA84B47B2}: "URL" = http://blekko.com/ws...rchTerms}&r=483
IE - HKCU\..\SearchScopes\{AE4B2865-ED2A-4AEB-AE3A-803E03566E3B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{CF702269-11C9-40DA-97AB-2C0E1934AAF5}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 62.253.249.2:8080
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Google"
FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:5.0
FF - prefs.js..extensions.enabledAddons: %7Bb0e1b4a6-2c6f-4e99-94f2-8e625d7ae255%7D:3.5.0
FF - prefs.js..extensions.enabledAddons: searchyoutube%40searchyoutube.fr:1.0
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.27
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.18
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:3.1.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.7.0.8773
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "https://www.google.com/search"
FF - prefs.js..network.proxy.http: "64.182.21.63"
FF - prefs.js..network.proxy.http_port: 29786
FF - prefs.js..network.proxy.socks_version: 4
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Itunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hola.org/vlc,version=1.6.463: C:\Users\*\AppData\Local\Hola\firefox\app\vlc [2015/01/28 13:32:27 | 000,000,000 | ---D | M]
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\*\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\*\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\*\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Update;version=3: C:\Users\*\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
FF - HKCU\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Update;version=9: C:\Users\*\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2015/01/28 13:17:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015/01/27 12:28:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013/04/08 16:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/26 15:20:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/26 15:20:40 | 000,000,000 | ---D | M]
[2011/12/12 19:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Extensions
[2011/12/12 19:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Extensions\[email protected]
[2015/01/22 15:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions
[2015/01/16 13:19:29 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\[email protected]
[2014/12/04 13:12:44 | 000,000,000 | ---D | M] (Hola Better Internet) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\jid1-4P0kohSJxU1qGg@jetpack
[2014/12/09 13:58:04 | 002,551,632 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\[email protected]
[2014/09/11 12:22:11 | 000,105,346 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\[email protected]
[2013/12/25 13:57:53 | 000,009,470 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\[email protected]
[2013/07/02 14:12:54 | 000,345,379 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi
[2013/09/17 12:33:24 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/12/10 13:58:31 | 000,013,972 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2013/09/08 12:50:56 | 000,242,531 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi
[2014/11/15 01:39:13 | 000,020,782 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2015/01/14 15:08:22 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/21 13:40:17 | 000,732,089 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2014/06/05 14:15:48 | 000,002,823 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\searchplugins\Google.xml
[2015/01/26 15:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2015/01/26 15:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2015/01/26 15:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/01/26 15:20:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\*\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\*\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.8_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc\2013.4.14.18_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.10_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\14.5_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.7_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2.2_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.6.222_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhfcdbheobinplaamokffboaccidbal\2.0_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghaepecjeidnnkkkcjpbnhebdknmhjp\0.3.0_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.6_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgjfppmemjoiimknjbbmnajephibioe\3.0_0\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_1\
CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_1\.svn\props\.svn-work
O1 HOSTS File: ([2014/10/17 03:20:21 | 000,001,586 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 65.52.240.48
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [F.lux] C:\Users\*\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EyeLeo.lnk = C:\Program Files (x86)\EyeLeo\EyeLeo.exe ()
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///E:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} https://la.mydlink.c...eX//TunnelX.ocx (TunnelX Control)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} https://la.mydlink.c...aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.25.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_67)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B3B2058-8B6F-43B8-B2A4-419E1B6E9317}: DhcpNameServer = 192.168.1.254 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81EE121D-168C-4E88-A41D-516BEC7B9D0E}: DhcpNameServer = 192.168.1.254 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1A2473B-17F6-462C-9D92-C996D67717A1}: DhcpNameServer = 10.95.104.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/05 16:56:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2011/05/19 23:24:24 | 000,647,376 | R--- | M] (D-Link Inc.) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/11/04 23:05:24 | 000,000,042 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6bbe6853-e8ca-11de-a439-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6bbe6853-e8ca-11de-a439-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011/05/19 23:24:24 | 000,647,376 | R--- | M] (D-Link Inc.)
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2015/01/28 18:20:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2015/01/26 18:26:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2015/01/26 15:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/01/20 03:59:41 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\dream
[2015/01/20 03:14:02 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\target
[2015/01/17 00:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/04 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Stock Images
[2015/01/02 19:31:03 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Elegance Documentation
[2015/01/02 19:31:02 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\elegance
[2014/12/31 01:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2013/07/28 18:59:14 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2010/07/18 13:22:27 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\*\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2015/01/28 18:42:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2051642768-11231000-3813961495-1001UA.job
[2015/01/28 18:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/01/28 18:20:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2015/01/28 18:04:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051642768-11231000-3813961495-1001UA.job
[2015/01/28 13:25:03 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/28 13:25:03 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/28 13:21:12 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2015/01/28 13:15:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/01/27 21:42:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2051642768-11231000-3813961495-1001Core.job
[2015/01/27 19:04:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051642768-11231000-3813961495-1001Core.job
[2015/01/27 12:37:59 | 006,039,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/01/26 07:05:36 | 000,039,484 | ---- | M] () -- C:\Users\*\Desktop\B8SKhMTCcAESMZU.jpg
[2015/01/25 18:32:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor*.job
[2015/01/22 23:35:49 | 000,030,358 | ---- | M] () -- C:\Users\*\Desktop\petcontrollogo.png
[2015/01/19 20:26:50 | 000,001,024 | ---- | M] () -- C:\Users\*\Desktop\price.php
[2015/01/13 13:29:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2015/01/12 18:23:59 | 000,488,446 | ---- | M] () -- C:\Users\*\Desktop\1215sh.jpg
[2015/01/11 06:03:17 | 001,668,775 | ---- | M] () -- C:\Users\*\Desktop\DesignCrowd Logos.ai
[2015/01/06 03:29:57 | 000,976,111 | ---- | M] () -- C:\Users\*\Desktop\US Logo Template.ai
[2015/01/02 16:07:40 | 000,089,770 | ---- | M] () -- C:\Users\*\Desktop\10906254_10152903618371390_3616972994366641429_n.jpg
[2015/01/02 05:09:55 | 012,857,849 | ---- | M] () -- C:\Users\*\Desktop\Poster.psd
[2014/12/31 16:21:48 | 000,000,204 | -H-- | M] () -- C:\Users\*\AppData\Roaming\b0aa5df4d755c86d155bd20c03c50c4194988cc2
[2014/12/31 16:21:48 | 000,000,204 | -H-- | M] () -- C:\ProgramData\b0aa5df4d755c86d155bd20c03c50c4194988cc2
========== Files Created - No Company Name ==========
[2015/01/26 07:05:35 | 000,039,484 | ---- | C] () -- C:\Users\*\Desktop\B8SKhMTCcAESMZU.jpg
[2015/01/22 23:35:45 | 000,030,358 | ---- | C] () -- C:\Users\*\Desktop\petcontrollogo.png
[2015/01/19 20:26:49 | 000,001,024 | ---- | C] () -- C:\Users\*\Desktop\price.php
[2015/01/12 13:16:21 | 000,488,446 | ---- | C] () -- C:\Users\*\Desktop\1215sh.jpg
[2015/01/04 20:38:41 | 000,002,932 | ---- | C] () -- C:\Users\*\Desktop\american-express.png
[2015/01/02 16:07:40 | 000,089,770 | ---- | C] () -- C:\Users\*\Desktop\10906254_10152903618371390_3616972994366641429_n.jpg
[2015/01/02 05:09:53 | 012,857,849 | ---- | C] () -- C:\Users\*\Desktop\Poster.psd
[2014/12/31 01:34:10 | 000,335,631 | ---- | C] () -- C:\Users\*\Desktop\business_card.ai
[2014/12/31 01:18:19 | 000,001,612 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
[2014/12/31 01:16:02 | 000,001,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
[2014/12/31 01:14:19 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2014/12/31 01:13:21 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2014/12/31 01:11:00 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2014/12/31 01:10:53 | 000,001,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2014/12/31 01:10:21 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2014/11/29 17:37:02 | 000,000,600 | ---- | C] () -- C:\Users\*\AppData\Local\PUTTY.RND
[2014/10/11 21:15:20 | 000,000,641 | ---- | C] () -- C:\Users\*\.bash_history
[2014/01/17 19:57:51 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2013/12/11 13:49:07 | 000,631,688 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/12/04 14:51:00 | 000,000,096 | ---- | C] () -- C:\Users\*\AppData\Roaming\wklnhst.dat
[2013/10/30 16:44:09 | 000,000,407 | ---- | C] () -- C:\Users\*\AppData\Roaming\burnaware.ini
[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/09/10 16:41:01 | 000,000,662 | ---- | C] () -- C:\Windows\SysWow64\sys32dlkb.dll
[2013/09/10 16:41:01 | 000,000,340 | ---- | C] () -- C:\Windows\SysWow64\lc62pn4.dll
[2013/07/20 04:26:36 | 000,002,418 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013/07/19 19:34:13 | 000,000,010 | ---- | C] () -- C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36
[2013/07/19 19:34:13 | 000,000,010 | ---- | C] () -- C:\Users\*\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56
[2013/06/04 20:19:28 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2013/06/04 20:15:12 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2013/05/06 03:55:08 | 000,000,150 | ---- | C] () -- C:\Users\*\.jupload.properties
[2013/04/23 03:33:17 | 000,000,064 | -H-- | C] () -- C:\Users\*\AppData\Roaming\c8744ab0b37445ba55ea0b76c46affe3949e12ea
[2013/04/23 03:33:17 | 000,000,064 | -H-- | C] () -- C:\ProgramData\c8744ab0b37445ba55ea0b76c46affe3949e12ea
[2013/04/23 03:24:31 | 000,000,204 | -H-- | C] () -- C:\Users\*\AppData\Roaming\b0aa5df4d755c86d155bd20c03c50c4194988cc2
[2013/04/23 03:24:31 | 000,000,204 | -H-- | C] () -- C:\ProgramData\b0aa5df4d755c86d155bd20c03c50c4194988cc2
[2013/04/23 03:24:31 | 000,000,064 | -H-- | C] () -- C:\Users\*\AppData\Roaming\3cab8a6de5ed842d9d9f01148a6192164816d25f
[2013/04/23 03:24:31 | 000,000,064 | -H-- | C] () -- C:\ProgramData\3cab8a6de5ed842d9d9f01148a6192164816d25f
[2013/04/08 16:00:30 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/05/02 02:32:59 | 014,707,262 | ---- | C] () -- C:\Users\*\Wallpaper.psd
[2012/03/03 20:57:26 | 2854,350,472 | ---- | C] () -- C:\Program Files\AvidStudio_Trial_Part-1-of-1.exe
[2011/12/20 01:12:18 | 000,074,485 | ---- | C] () -- C:\Users\*\1_2010120912221810Z354.jpg
[2011/12/11 16:49:26 | 000,001,456 | ---- | C] () -- C:\Users\*\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/30 01:37:44 | 003,223,211 | ---- | C] () -- C:\Users\*\tumblr_lvgq1peQL41qeg2owo1_500.psd
[2011/10/24 12:42:27 | 000,000,355 | ---- | C] () -- C:\Users\*\Favorites - Shortcut.lnk
[2011/09/16 20:33:44 | 000,000,132 | ---- | C] () -- C:\Users\*\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2011/05/27 02:50:42 | 000,029,935 | ---- | C] () -- C:\Users\*\PrayerBracelet.png
[2010/09/02 01:20:21 | 000,000,465 | ---- | C] () -- C:\Users\*\AppData\Roaming\Poladroid prefs.plist
[2010/07/18 13:23:39 | 000,001,044 | ---- | C] () -- C:\Users\*\AppData\Roaming\vso_ts_preview.xml
[2010/07/18 13:22:27 | 000,099,384 | ---- | C] () -- C:\Users\*\AppData\Roaming\inst.exe
[2010/07/18 13:22:27 | 000,007,859 | ---- | C] () -- C:\Users\*\AppData\Roaming\pcouffin.cat
[2010/07/18 13:22:27 | 000,001,167 | ---- | C] () -- C:\Users\*\AppData\Roaming\pcouffin.inf
[2010/05/12 11:58:57 | 000,000,132 | ---- | C] () -- C:\Users\*\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/05/02 12:42:51 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Roaming\chrtmp
========== ZeroAccess Check ==========
[2014/06/25 02:00:00 | 000,002,671 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2051642768-11231000-3813961495-1001\$RVBX3QN\upload\default-avatars\l.png
[2014/06/25 02:00:00 | 000,002,896 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2051642768-11231000-3813961495-1001\$RVBX3QN\upload\default-avatars\n.png
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/04/01 00:02:02 | 000,000,000 | -HSD | M] -- C:\Users\*\AppData\Roaming\.#
[2014/11/03 16:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Add-in Express
[2010/06/07 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\adma
[2014/02/26 23:08:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Aegisub
[2013/07/20 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Alien Skin
[2013/03/29 12:29:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Ant.com
[2011/11/05 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Apowersoft
[2010/04/24 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\App Launcher Gadget
[2013/06/15 23:41:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Artisteer
[2011/07/11 17:22:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Artweaver
[2013/07/16 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Athentech
[2011/01/12 23:43:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\authorPOINT
[2010/12/05 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Autodesk
[2014/03/01 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AVAST Software
[2010/08/09 01:41:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Avery
[2012/11/06 05:08:08 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\avidemux
[2013/06/05 12:09:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BITS
[2010/06/02 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Blender Foundation
[2011/05/22 03:31:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\calibre
[2010/05/18 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Carnival Software
[2010/09/22 22:47:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/24 20:31:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/10/11 17:55:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Composer
[2013/10/29 14:40:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Cyberduck
[2013/05/23 04:06:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Divine
[2013/05/23 04:23:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Divine Elemente
[2013/12/09 20:42:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DlinkViewCam
[2010/07/21 21:31:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Downloaded Installations
[2011/06/07 10:57:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox
[2010/12/03 21:57:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Eclipse
[2013/11/01 13:45:36 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\EyeLeo
[2014/11/15 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Fanurio
[2015/01/19 20:46:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FileZilla
[2013/06/05 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashgetSetup
[2014/02/20 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\fontconfig
[2011/09/01 12:08:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GetRightToGo
[2010/08/15 22:25:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Helios
[2013/07/20 04:15:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Imagenomic
[2013/04/23 02:58:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iPumper
[2013/05/11 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iSpring Solutions
[2015/01/28 13:30:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iSpy
[2010/04/24 13:47:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Leadertech
[2011/01/10 18:43:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Local
[2013/09/24 20:49:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MAGIX
[2014/04/09 19:06:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Maxthon3
[2011/10/23 23:50:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mjusbsp
[2010/05/28 23:19:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MPEG Streamclip
[2011/06/02 21:02:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\muvee Technologies
[2011/03/28 16:00:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MxBoost
[2014/04/29 19:38:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Naturalsoft
[2014/01/03 00:28:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Notepad++
[2010/06/06 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org
[2010/05/22 03:05:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera
[2013/07/03 13:19:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera Software
[2014/10/02 17:26:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Oracle
[2010/11/13 02:48:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OrphneDev
[2010/05/17 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PACE Anti-Piracy
[2013/09/24 20:11:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PDAppFlex
[2011/03/15 01:15:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Rovio
[2014/01/06 16:03:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Samsung
[2013/10/29 17:52:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SendBlaster3
[2013/09/25 12:07:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\simplitec
[2011/12/12 19:11:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Songbird2
[2013/03/20 23:32:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Speedsolving
[2010/05/08 02:16:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/08/21 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sublime Text 2
[2014/09/14 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer
[2013/03/11 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TechSmith
[2013/12/04 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Template
[2014/06/01 04:52:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TemplateToaster
[2014/11/23 15:31:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2015/01/04 05:49:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\uTorrent
[2010/07/23 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Vso
[2010/09/13 22:18:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WildTangent
[2010/04/24 01:14:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WinBatch
[2013/07/25 21:44:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Windows Live Writer
[2013/10/29 13:12:57 | 000,000,000 | -HSD | M] -- C:\Users\*\AppData\Roaming\wyUpdate AU
[2014/01/22 01:31:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Xilisoft
[2010/05/04 19:36:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Youtube Downloader HD
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\ProgramData:Kinetics 6
@Alternate Data Stream - 64 bytes -> C:\ProgramData:iSpring Suite 6
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns4
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns2
@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns1
@Alternate Data Stream - 4 bytes -> C:\ProgramData\Nalpeiron:user.ns3
@Alternate Data Stream - 204 bytes -> C:\ProgramData:iSpring Pro 6
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
@Alternate Data Stream - 1058 bytes -> C:\ProgramData\Microsoft:MyYj6Bq5Iyr89AYtP6GCtR7Z1k6gbJ
@Alternate Data Stream - 1047 bytes -> C:\ProgramData\Microsoft:bfNYFrmTUUoTEG6cJsyS
@Alternate Data Stream - 1031 bytes -> C:\ProgramData\Microsoft:rJPd4d2DuI0xo91UMsCzl
< End of report >
Edited by moyu22, 02 February 2015 - 09:32 PM.
There's really only two options: you continue as you are, running P2P and participating in TOR and I wish you well 
Or, I can help you remove the P2P software, help you remove the TOR software, help you clean the computer and hopefully restore it to a functional, secure, computer. At this point you absolutely do not have a secure computer! I would do no banking or financial transactions, etc. with that machine. That said, I've only given a cursory look to your OTL logs. Beyond the Red Flags mentioned so far, I'm not sure what remains, however, I am will to help you, so let me know your thoughts 
Sign In
Create Account
