Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

a9e3.tmp.dat detected/quarantined [Solved]


  • This topic is locked This topic is locked

#1
burlesquemoon

burlesquemoon

    New Member

  • Member
  • Pip
  • 7 posts
My Norton antivirus program detected & quarantined something called a9e3.tmp.dat, for 'suspicious behaviour'. Immediately after, my computer started freezing constantly. It will freeze up while loading Firefox, it will freeze when I open folders or documents, it will freeze in control panel. When I try to log out and reboot, it freezes on the "logging out" screen. I've run virus scans (in safe mode, as well), but nothing comes up.

Every now and then, the computer will reboot itself, with a blue screen & some kind of error message (it flashes to quickly for me to see exactly what the message says).

I'm trying to download the OTL program right now, to do a scan/log, but it's taking a bit, since the wretched thing keeps freezing up.

Anyone have any suggestions?

New here, by the by. Nice to 'meet' you all. ^_^

- Angi

Edited by burlesquemoon, 11 April 2013 - 07:02 PM.

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi and welcome to Geeks to Go. :)

Which Operating System is in use on your machine please ?
  • 0

#3
burlesquemoon

burlesquemoon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Windows 7 Professional


These were my results from the HijackThis scan I ran:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:11:01 PM, on 4/12/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tom\AppData\Local\Temp\HBCD\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Easy Dock] C:\Users\Tom\Documents\RCA easyRip\EZDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O23 - Service: ArcSoft Exchange Service (ADExchange) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdn_device - Unknown owner - C:\Windows\system32\lxdncoms.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 7514 bytes


[Edited to add]
Also, the blue screen/error message I mentioned in my very first post is a STOP: 0x0000001E message. I deleted a bad driver and it seemed to help for a short while, but now it's freezing (and crashing or restarting, sometimes) again.

Edited by burlesquemoon, 12 April 2013 - 11:28 AM.

  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Windows 7 Professional

Thank you for the clarification and I can see from the HiJackThis log posted it is also the 64 Bit architecture.

These were my results from the HijackThis scan I ran:

Some friendly advice regarding HijackThis, it is not truly 64 bit compatible nor has it been updated by Trend Micro since they acquired it. So basically it is way out of date for anything analysis wise and its scan results cannot be relied upon at all I'm afraid.

So might as well get rid/uninstall it though you did run it from a strange location:-

C:\Users\Tom\AppData\Local\Temp\HBCD\HijackThis.exe

If however you have used if to remove anything do not uninstall as in theory the backups would be in this folder now:-

HBCD

Just inform myself in your next reply, thank you.

Also, the blue screen/error message I mentioned in my very first post is a STOP: 0x0000001E message. I deleted a bad driver and it seemed to help for a short while, but now it's freezing (and crashing or restarting, sometimes) again.

That particular error code can be somewhat generic without myself knowing exactly what else was denoted etc. Not to worry we can check this out if the need.

Going back to this you mentioned prior:-

My Norton antivirus program detected & quarantined something called a9e3.tmp.dat, for 'suspicious behaviour'. Immediately after, my computer started freezing constantly.

Check for myself please if this file is still in quarantine and not actually been purged/fully removed. If it is, leave as for the time being.

Next:

Please refrain from attempting any further self fixes as this will actually hinder myself being able to assist you. Anyway lets proceed as follows shall we...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
Posted Image

  • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-
Posted Image

  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed here.

Scan with OTL:

Delete any version of OTL you may have then, please re-download OTL and save it to your Desktop.

Alternate downloads are here and here. <-- Try either of these if the exe version fails to run.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan/Fixes box cut & paste this in:-
netsvcs
baseservices
%systemdrive%\*.exe
/md5start
services.*
iastor.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CreateRestorePoint


  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.

  • 0

#5
burlesquemoon

burlesquemoon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Done & done. :) Thanks so much for the help, by the way. Much appreciated.


OTL logfile created on: 4/12/2013 4:35:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 39.27% Memory free
8.00 Gb Paging File | 5.36 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 350.85 Gb Free Space | 75.33% Space Free | Partition Type: NTFS
Drive E: | 1863.02 Gb Total Space | 1862.73 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: PRODUCTION | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/12 16:34:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Downloads\OTL.exe
PRC - [2013/03/02 01:34:26 | 001,683,456 | ---- | M] (Tweaking.com) -- C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/18 01:37:20 | 000,561,080 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/06/09 16:25:16 | 000,090,112 | ---- | M] (Tweaking.com) -- C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
PRC - [2012/06/03 13:27:48 | 000,028,672 | ---- | M] (Tweaking.com) -- C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 04:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Tom\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/10/26 22:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/11/28 15:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2013/04/10 15:26:46 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/12 22:26:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/18 01:37:20 | 000,561,080 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/23 05:17:37 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/25 22:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/24 20:22:57 | 000,043,168 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/27 00:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/10/27 00:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/26 22:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/09/24 08:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/18 20:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010/03/18 20:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010/03/18 20:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010/03/18 20:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010/03/18 20:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010/03/18 20:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010/03/18 20:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010/03/18 20:51:00 | 000,026,328 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctgame.sys -- (ctgame)
DRV:64bit: - [2010/03/18 20:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2010/03/18 20:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010/03/18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010/03/18 20:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010/03/18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010/03/18 20:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010/03/18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010/03/18 20:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010/03/18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010/03/18 20:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009/09/30 10:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/09 17:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2013/04/10 13:32:23 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130412.003\ex64.sys -- (NAVEX15)
DRV - [2013/04/10 13:32:23 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130412.003\eng64.sys -- (NAVENG)
DRV - [2013/03/21 21:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/12/30 13:16:28 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130411.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/13 11:56:09 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/08 22:54:36 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/01/26 13:05:17 | 000,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D 26 A0 18 75 FB CD 01 [binary data]
IE - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://gamerewind.n...cure/loginform"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Tom\AppData\Local\Roblox\Versions\version-8662400b82814a15\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/04/10 13:23:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/04/12 16:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/10 15:26:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/10 15:26:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/10 15:26:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/10 15:26:42 | 000,000,000 | ---D | M]

[2010/01/26 12:01:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions
[2013/04/10 15:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\68tc0s63.default\extensions
[1631/04/22 22:31:16 | 000,004,830 | ---- | M] () (No name found) -- C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\68tc0s63.default\extensions\[email protected]
[2013/04/10 15:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/10 15:26:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/19 19:35:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/30 19:53:23 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/19 14:29:12 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.2.1.6_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Tom\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tom\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Norton Identity Protection = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.13.5_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Easy Dock] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000..\Run: [Akamai NetSession Interface] C:\Users\Tom\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3750783656-2045362254-2595644474-1000..\Run: [Easy Dock] C:\Users\Tom\Documents\RCA easyRip\EZDock.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{042D7916-AB3A-4DC2-865B-174F1750B559}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4cb2177d-0aa7-11df-8158-806e6f6e6963}\Shell\Option1\Command - "" = D:\HBCD\HBCDMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/12 16:32:31 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/04/12 16:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/04/12 16:31:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/04/12 13:02:06 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\Hirens.BootCD.15.2
[2013/04/12 13:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/04/12 13:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/04/11 23:04:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/11 16:16:08 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Auslogics
[2013/04/11 16:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2013/04/11 16:16:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2013/04/10 15:26:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/10 14:00:31 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\File Scout
[2013/04/10 13:56:53 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 13:56:53 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 13:56:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 13:56:52 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 13:56:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 13:56:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 13:56:05 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 13:56:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 13:56:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 13:56:01 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/10 13:56:01 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/10 13:56:01 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/10 13:56:01 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/10 13:55:09 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 13:55:08 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 13:55:07 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 13:55:06 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 13:55:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 13:55:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/10 01:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Management
[2013/04/10 01:47:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Management
[2013/03/25 20:04:29 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/15 17:46:51 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_Cats
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/12 16:37:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750783656-2045362254-2595644474-1000UA.job
[2013/04/12 16:33:47 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-PRODUCTION-Microsoft-Windows-7-Professional-(64-bit).dat
[2013/04/12 16:32:00 | 000,002,239 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/04/12 16:26:53 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/12 16:26:53 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/12 16:26:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/12 16:23:20 | 000,739,792 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/12 16:23:20 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/12 16:23:20 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/12 16:14:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/12 16:13:59 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/12 13:00:46 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/04/12 01:07:14 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[2013/04/11 23:24:13 | 000,007,606 | ---- | M] () -- C:\Users\Tom\AppData\Local\resmon.resmoncfg
[2013/04/11 21:42:32 | 585,641,585 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/11 16:16:05 | 000,001,250 | ---- | M] () -- C:\Users\Tom\Desktop\Auslogics Disk Defrag.lnk
[2013/04/11 06:31:10 | 000,002,360 | ---- | M] () -- C:\Users\Tom\Desktop\Google Chrome.lnk
[2013/04/11 03:25:53 | 000,308,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/10 22:37:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3750783656-2045362254-2595644474-1000Core.job
[2013/04/10 15:28:49 | 000,002,048 | ---- | M] () -- C:\Users\Tom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/03/31 16:25:53 | 000,162,245 | ---- | M] () -- C:\Users\Tom\Desktop\Application-February-2013.pdf
[2013/03/27 21:52:44 | 000,025,223 | ---- | M] () -- C:\Users\Tom\Documents\guitar tat.jpg
[2013/03/19 02:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/03/19 01:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/03/19 01:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/03/19 01:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/03/19 00:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/18 23:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/03/15 17:46:51 | 000,000,134 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/12 16:33:47 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-PRODUCTION-Microsoft-Windows-7-Professional-(64-bit).dat
[2013/04/12 16:31:59 | 000,002,239 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/04/12 13:00:45 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/04/11 16:16:05 | 000,001,250 | ---- | C] () -- C:\Users\Tom\Desktop\Auslogics Disk Defrag.lnk
[2013/03/31 16:25:53 | 000,162,245 | ---- | C] () -- C:\Users\Tom\Desktop\Application-February-2013.pdf
[2013/03/27 21:52:44 | 000,025,223 | ---- | C] () -- C:\Users\Tom\Documents\guitar tat.jpg
[2013/03/15 17:46:51 | 000,000,134 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf
[2012/12/18 01:38:09 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/06 13:15:24 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/09 22:05:16 | 000,000,312 | -H-- | C] () -- C:\ProgramData\~of43PF7IwGZcWS
[2011/12/09 22:05:16 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~of43PF7IwGZcWSr
[2011/12/09 22:05:12 | 000,000,336 | -H-- | C] () -- C:\ProgramData\of43PF7IwGZcWS
[2011/01/26 05:56:13 | 000,000,091 | ---- | C] () -- C:\Users\Tom\AppData\Local\fusioncache.dat
[2010/02/02 13:14:36 | 000,007,606 | ---- | C] () -- C:\Users\Tom\AppData\Local\resmon.resmoncfg

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3750783656-2045362254-2595644474-1000\$726901607a035df5b2dd8c55424f235a\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 21:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 09:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 21:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 09:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 09:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 21:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 21:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 18:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 01:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 00:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 09:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 08:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 02:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 21:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 21:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 21:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 21:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 09:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/13 21:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 21:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 21:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 21:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 21:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 13:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 21:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 07:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 02:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 21:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 09:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 09:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 09:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 02:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 21:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 09:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 09:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 08:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 09:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 09:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 08:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 01:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 09:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 09:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 09:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 09:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 09:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 09:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 21:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 18:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 09:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 21:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 09:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %systemdrive%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 17:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/12/18 10:28:18 | 000,558,791 | ---- | M] () MD5=A9983CC532F9B3FB1E87918D2313731D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CNF >
[2012/03/06 13:18:56 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Tom\Documents\My Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 22:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 00:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 16:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 22:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 16:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 22:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 17:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 16:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0AAABE72

< End of report >



OTL Extras logfile created on: 4/12/2013 4:35:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tom\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 39.27% Memory free
8.00 Gb Paging File | 5.36 Gb Available in Paging File | 67.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.75 Gb Total Space | 350.85 Gb Free Space | 75.33% Space Free | Partition Type: NTFS
Drive E: | 1863.02 Gb Total Space | 1862.73 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: PRODUCTION | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3750783656-2045362254-2595644474-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -add-to-playlist "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithUMP] -- "C:\Program Files (x86)\UMPlayer\umplayer.exe" -play-dir "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E8A966-A44B-46A2-91C3-45FF56903B31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{20061389-C046-489F-A129-BB2C54FD6B8F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{21EEC2A1-52BA-4B72-8AFA-0E7E43FCF241}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3F9206F2-38F9-4973-8C26-F2724E35C5CA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45DD6BD8-26D1-40DB-A061-E116F882DAE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4E81B5C7-9398-4C74-84D4-046990DE0FB8}" = rport=445 | protocol=6 | dir=out | app=system |
"{5610A84D-A80D-432D-A536-290654DC8979}" = lport=137 | protocol=17 | dir=in | app=system |
"{5FEBCAF5-BEB1-43AF-AA0C-CEB81379ED07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67D48189-9D03-4EBA-A289-82AFDD9514A7}" = rport=137 | protocol=17 | dir=out | app=system |
"{689C74A4-C745-4A4E-8432-8705AC36E803}" = lport=139 | protocol=6 | dir=in | app=system |
"{6A00F18D-9F6E-40CE-9A15-3C0F5CF35484}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6C82C18F-5928-40F8-950B-55E7A4010767}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{868115F1-F857-49D0-BE4B-DD05BF8024B0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{97212A23-E65A-408A-B0C5-FAB249E56E42}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4AA93DD-64C1-49AB-A223-B22A1EA75BC3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A4D11F69-D306-4DB8-AB12-5765616F1E6B}" = lport=24580 | protocol=6 | dir=in | name=adventuretoolsfull |
"{A79B187B-534F-4606-B751-54108895750D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9EC6995-384C-46C6-BBA4-21EA88BB0D41}" = lport=445 | protocol=6 | dir=in | app=system |
"{B9C20166-6801-4025-9332-920EE60FF2B9}" = lport=24580 | protocol=17 | dir=in | name=adventuretoolsfull |
"{D391FC7F-A053-42DF-A2E9-D456A484E761}" = lport=138 | protocol=17 | dir=in | app=system |
"{D9A8C606-8B34-41E7-9B47-BFA00392171E}" = rport=139 | protocol=6 | dir=out | app=system |
"{DE4BBAB0-CC9E-4F2A-B63D-4B2E3AD253B9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F60EFD54-A865-4752-A2D7-BA1B4089E722}" = rport=138 | protocol=17 | dir=out | app=system |
"{FE1CB61A-7B9B-4A75-90DB-550C0A252D5B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FEEEA706-E145-45B7-90D3-79B6D3825339}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{024D5034-4BA6-482E-8FBE-9AF636FC9851}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{06018AE1-16B0-4460-97EF-FCF813CAF818}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{062701D2-CBF3-487B-BBA6-FC4BE94E8870}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0D083439-9F24-4057-BC6C-2E33AE67D20F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0EF8FAEC-EE90-426B-A6A7-173E421D537C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1664B3B6-CBFD-4C96-8E68-F84695FA7BBD}" = protocol=58 | dir=out | [email protected],-28546 |
"{1E29B6F5-69D2-419F-AF44-FA3B67E3F024}" = protocol=58 | dir=in | [email protected],-28545 |
"{24FB8B25-DB13-49CF-9CCA-355FEA04AB80}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{306B084D-1450-4392-9935-1CDEAB0CAEB1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3B2582AA-E5BD-4335-A012-69FD867E11B7}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{3C667CD2-9CDE-4AD9-AB97-062C3012B7FE}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{450FF7C1-9D41-4963-A400-DE8D4CC13058}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{4BBBE7AE-3D65-4F49-8F8D-596CD72393D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{608A25E9-A692-4C7B-9AB8-0966E9325C97}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79A41043-FC81-4C47-9FCB-93F3AD85803A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{7C2A4785-8973-4EFF-A378-4921438444C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82284F6D-F87F-4A77-B2EF-1872E572541D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{836E895B-F996-4ABD-B9D2-DF3A322F4712}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{95AC41CB-6AF7-47C4-BBA4-1D91B58879C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{99B21EF1-C2D4-4E47-9304-B324EF79B801}" = protocol=1 | dir=in | [email protected],-28543 |
"{A068B2DE-FC69-471D-BDF3-84819E7A10AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A54871F8-54C8-475D-9CFD-923434E12099}" = protocol=6 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe |
"{ACC8287C-94E7-4BB3-9A4A-301FA3745139}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACDFF111-63F4-4D96-BD07-42ABEB886B49}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe |
"{AE684FD0-170A-4B9D-8406-4057F3CB8C9F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{B0011AB5-26A1-475D-A56A-2405F04F84BD}" = protocol=6 | dir=out | app=system |
"{B5915A9C-7200-48D5-9C9B-F0C7ACC7214C}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{BD7FA28F-F7A0-4D4E-9ADA-82985AB94DC7}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{C700ABF1-B5BB-42E8-960F-25EF3E0517B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{C8F65442-A963-4E7E-8A08-DFA700FBBA27}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C953886A-7908-4EF6-99DB-4941D5B45BF4}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{CA5D4393-7470-437D-9777-32F7E0F07403}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{CFE6FD6B-995B-4397-8ABF-FFD5D8194CD5}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{D7CE74D4-B6E2-4C0C-BE28-6A253D618113}" = protocol=17 | dir=in | app=c:\program files (x86)\iolo\system mechanic professional\sysmech.exe |
"{D8520922-D1BA-4182-A419-1F3ECEF7B365}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E89DFA35-F8ED-4EE5-8651-155CC594F6C1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F332257B-9498-47E3-9036-0CF6972F043B}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{FA253B4B-A222-4133-B88F-06E5823EFE46}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{46D75E76-4C18-43A6-BAB4-EBAFB1345E32}C:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe |
"TCP Query User{52CB2527-114A-4329-8EC7-BBAE99121054}C:\users\tom\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\akamai\netsession_win.exe |
"TCP Query User{7A1B16C8-064C-4F8F-B365-976301CEFC15}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{85D0D57D-A5DA-4194-AB06-F900CC770F57}C:\users\tom\desktop\ddi_cb.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\ddi_cb.exe |
"TCP Query User{8A39F7C6-988B-49C2-85B2-F00619BB739E}C:\users\tom\desktop\adventuretoolsdownloader.exe" = protocol=6 | dir=in | app=c:\users\tom\desktop\adventuretoolsdownloader.exe |
"TCP Query User{B548F350-F28B-4866-A7AF-6E305044D908}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"TCP Query User{DFEF20CB-4DD9-4236-8B45-BC7C91D752CB}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{833BE80D-DF8A-4435-A36C-E079C9F8DAF8}C:\users\tom\desktop\adventuretoolsdownloader.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\adventuretoolsdownloader.exe |
"UDP Query User{9AB85C57-80E8-4BB1-AC45-06B649BC7397}C:\users\tom\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A11F59BD-A4AD-4FC0-8D14-338EA695EFDE}C:\program files (x86)\turbine\ddo unlimited\dndclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\ddo unlimited\dndclient.exe |
"UDP Query User{BAD393A7-926E-4CDC-AEAE-CA90F6BA3805}C:\users\tom\desktop\ddi_cb.exe" = protocol=17 | dir=in | app=c:\users\tom\desktop\ddi_cb.exe |
"UDP Query User{CE6396E8-872C-4715-A3EB-2C578343626F}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{D751FE72-FE1F-4750-8A8E-9F03CC467200}C:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe |
"UDP Query User{F3755850-BDCF-4F8B-B893-10CD55EAEA37}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10E77956-A7A7-6E1E-01E9-7B762A76E1ED}" = ATI AVIVO64 Codecs
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{65B7E38D-10F8-4B1A-8EE3-BF2362CF12AE}" = Native Instruments Kontakt 4 Factory Content
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{D3C181B5-E341-432C-A2DE-F09F86C0155E}" = HP Deskjet 1000 J110 series Basic Device Software
"{D799CC16-F3B5-468D-AC67-6F77AAA98173}" = Native Instruments Komplete 6
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E9EA5F38-6299-45A1-9D23-F21729A19357}" = Native Instruments Reaktor 5
"{EC015649-3B3C-4611-9C66-453F8011E944}" = Native Instruments Kontakt 4
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A4552E28-AF1D-4C3E-9991-8112F40265F4}" = Adventure Tools
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A53E699B-AEAA-65FB-90ED-A45D1DC86D37}" = HydraVision
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
"15b35190-c6f9-11d9-9669-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.13.01.801
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"HaaliMkx" = Haali Media Splitter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"OpenAL" = OpenAL
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8930" = Sid Meier's Civilization V
"Tweaking.com - Registry Backup" = Tweaking.com - Registry Backup
"UMPlayer" = UMPlayer 0.98 [Athlon]
"Updater Service" = Updater Service
"VLC media player" = VLC media player 2.0.5

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3750783656-2045362254-2595644474-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Tom
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2013 3:36:43 PM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000000150bd Faulting process id: 0x1a8 Faulting
application start time: 0x01ce36e843cc8011 Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 22faa74d-a2df-11e2-8543-001fd0da3f61

Error - 4/11/2013 4:19:01 PM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ieframe.dll, version: 8.0.7601.18106, time
stamp: 0x5131930e Exception code: 0xc0000005 Fault offset: 0x00000000001ab3c0 Faulting
process id: 0xe64 Faulting application start time: 0x01ce36ecdeb4892c Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\System32\ieframe.dll
Report
Id: 0bd97915-a2e5-11e2-8543-001fd0da3f61

Error - 4/11/2013 7:18:43 PM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000000151e5 Faulting process id: 0x134 Faulting
application start time: 0x01ce370a0d8a9550 Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 26751036-a2fe-11e2-a535-001fd0da3f61

Error - 4/11/2013 7:39:56 PM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0x137c Faulting application start time: 0x01ce370af3e99755 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 1d2100fd-a301-11e2-a535-001fd0da3f61

Error - 4/11/2013 9:52:45 PM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0x154 Faulting application start time: 0x01ce371f146f3810 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: ab429b8c-a313-11e2-be06-001fd0da3f61

Error - 4/11/2013 10:20:20 PM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0xa10 Faulting application start time: 0x01ce37206fe1ce5e Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 85bbc999-a317-11e2-be06-001fd0da3f61

Error - 4/11/2013 11:39:26 PM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0x7c Faulting application start time: 0x01ce3728c692e3fb Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 92703ffd-a322-11e2-ba6c-001fd0da3f61

Error - 4/11/2013 11:42:55 PM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0x980 Faulting application start time: 0x01ce372f58229487 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 0ee4499f-a323-11e2-ba6c-001fd0da3f61

Error - 4/12/2013 1:47:37 AM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0x130 Faulting application start time: 0x01ce3738f6412cb8 Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 7ac6b0c2-a334-11e2-86ec-001fd0da3f61

Error - 4/12/2013 2:54:56 AM | Computer Name = Production | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc0000005 Fault offset: 0x000000000004e4b4 Faulting
process id: 0xc5c Faulting application start time: 0x01ce37413eac54dd Faulting application
path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e23ca91e-a33d-11e2-86ec-001fd0da3f61

[ System Events ]
Error - 4/12/2013 2:14:49 PM | Computer Name = Production | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%1053

Error - 4/12/2013 2:15:19 PM | Computer Name = Production | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MMCSS service.

Error - 4/12/2013 2:15:19 PM | Computer Name = Production | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%1053

Error - 4/12/2013 2:15:49 PM | Computer Name = Production | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MMCSS service.

Error - 4/12/2013 2:15:49 PM | Computer Name = Production | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%1053

Error - 4/12/2013 2:16:19 PM | Computer Name = Production | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the MMCSS service.

Error - 4/12/2013 2:16:19 PM | Computer Name = Production | Source = Service Control Manager | ID = 7000
Description = The Multimedia Class Scheduler service failed to start due to the
following error: %%1053

Error - 4/12/2013 4:14:36 PM | Computer Name = Production | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:16:15 PM on ?4/?12/?2013 was unexpected.

Error - 4/12/2013 4:16:19 PM | Computer Name = Production | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%2

Error - 4/12/2013 4:16:51 PM | Computer Name = Production | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ArcSec


< End of report >
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Done & done. :) Thanks so much for the help, by the way. Much appreciated.

You're most welcome, is this your actual computer ? Merely asking because of this from the OTL log:-

Computer Name: PRODUCTION | User Name: Tom | Logged in as Administrator.

Anyway unfortunately I do have bad news I'm afraid. :(

One or more of the identified infections is the extremely severe Zero Access Rootkit plus undoubtedly other comprising malware!

OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course we strongly recommend.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

I can attempt to clean this machine but I can't guarantee that it will be at all secure afterwards.

Should you have any questions, please feel free to ask.

Please let myself know what you have decided to do in your next post.
  • 0

#7
burlesquemoon

burlesquemoon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ughhh. Figures *headdesk*

Okay, I'll probably have to wipe & reformat, then. This computer is my husband's (to answer your earlier question), and it's home built. It has three hard drives, apparently. Would I reformat everyone one of those in one go, as I would with only one? Or would I have to reformat them individually?

Thanks so much for your help, I really appreciate it.
  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thanks so much for your help, I really appreciate it.

You're welcome!

Ughhh. Figures *headdesk*

Understandable but if one of my own machines I would most likely investigate but ultimately follow my own advice.

This computer is my husband's (to answer your earlier question)

Fair play, not a problem and I was merely curious more than anything to be quite honest. Mainly because I personally do not provide assistance with machines used for business related activities and primarily provide support for home use only machines. However in mitigating circumstances such as a very small business, say a mom and pop type for example with no actual IT Support I will consider assisting etc.

It has three hard drives, apparently. Would I reformat everyone one of those in one go, as I would with only one? Or would I have to reformat them individually?

You only have to actually do so on the drive with the Operating System installed on. As for the other two as precaution merely scan both with your security software both prior and afterwards to err on the side of caution.

Would you care for some online safety advice for after the reformat and reinstallation of the Windows Operating System and do you intend to re-install Norton Internet Security/has the subscription for it got long left before it expires ?
  • 0

#9
burlesquemoon

burlesquemoon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I would appreciate any advice, thanks :) hubby said he would like to have only one hard drive on his comp instead of the three, would that be terribly difficult to change, do you think?

I don't have a copy of windows operating system, but I'm going out to get that right now. We'll see how it goes from there, I guess :)

Sad thing is that I have two other computers in even worse shape. Lol One I reformatted this morning, it seems to be okay now. The other won't boot past the emachines logo when you first turn it on.

Oh! Almost forgot - we have most of the year left on Norton, but if there's a better program I'm willing to switch. Hubby and my son both play games, some online. Is there a better antivirus program for that kind of use?

Thanks! (forgive any typos, I'm on my mobile at the moment).
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thanks! (forgive any typos, I'm on my mobile at the moment).

You're welcome and appears just fine to myself what you posted.

I would appreciate any advice, thanks :) hubby said he would like to have only one hard drive on his comp instead of the three, would that be terribly difficult to change, do you think?

It can be done aye, what actual type of computer is it ? I'm aware it is custom built but is it say a Desktop Tower or Slimline for example, plus I am surmising it is not a laptop. Below are a few examples on how to do so etc...

How to Remove a Hard Drive

Install or remove a hard disk drive

The other won't boot past the emachines logo when you first turn it on.

Post a new topic in this part of the forum, if it is not hardware related let myself know and we can check for malware.

Oh! Almost forgot - we have most of the year left on Norton, but if there's a better program I'm willing to switch. Hubby and my son both play games, some online. Is there a better antivirus program for that kind of use?

No that is fine, I was only asking in-case the subscription was about to expire. So might as well continue to use it since paid for plus I am a great believer in if something is not broke why fix it. ;)

I don't have a copy of windows operating system, but I'm going out to get that right now. We'll see how it goes from there, I guess :)

Surmising because the machine is custom built, no Installation Media was provided. OK if you so wish I am willing to attempt a Malware Removal process and or...if you still plan to purchase a Windows 7 Installation DVD and then carry out the reformat and reinstallation of the Windows Operating System I will still provide the advice I mentioned prior...

Just let myself know in your next reply.
  • 0

#11
burlesquemoon

burlesquemoon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay, we re-formatted and re-installed Windows Operating System, and everything seems good to go. :)
  • 0

#12
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Okay, we re-formatted and re-installed Windows Operating System, and everything seems good to go. :)

Acknowledged...

--------------

Install all critical updates and relevant service packs via Windows Update. For Windows 7 the latest is SP1.

I would also ensure Internet Explorer is up-to date also. For Windows 7 based machines it is IE10. Reason being even if you opt not to use IE as your main browser having a out of date version installed can leave any one machine vulnerable to malware.

The aforementioned should be available via Windows Update, if not can be downloaded from here.

Once the machine is updated and fully patched, I do advise visiting Windows Update periodically as Microsoft releases patches for Windows and other products regularly.

Plus check Automatic Updates is enabled.

--------------

Then install a Anti-Virus software solution, only ever have one of such installed and active in system memory at any one time.

So in your case re-install Norton Internet Security if you have not already done so.

--------------

Installing a specific Anti-Spyware application would be prudent, myself I recommend:-

Malwarebyte's Anti-Malware

During the installation process you will be offered the Malwarebytes' Anti-Malware Trial. Your choice to enable or not...

After installing, I advise check for updates and run a scan at least once per week.

--------------

Registry Backup...I advice you consider installing this, as a means to keep a complete backup of your registry and restore it when needed. Instructions can be read here.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

--------------

A custom Host-File is a further layer of protection whilst browsing online...A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Either of the below will suffice:-

Only use one of the above!

--------------

Consider installing WinPatrol. This application alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

--------------

Finally, periodically visit the Secunia Online Software Inspector to ensure all third party software is up to date. Or alternatively download/install and use FileHippo Update Checker...Then periodically use either to check for any updates as having certain software outdated is a potential for malware to gain a foothold and exploit a system etc.
  • 0

#13
burlesquemoon

burlesquemoon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Groovy, I'll set some of those up. Thanks! :)
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
You're welcome! :)
  • 0

#15
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP