Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible infection/hijacking. Help appreciated. :/

Started by thewookie , Sep 25 2013 10:46 AM

  • This topic is locked This topic is locked

#1
thewookie
Posted 25 September 2013 - 10:46 AM

thewookie

    Member

  • Member
  • PipPip
  • 16 posts
<<<So NEWEST UPDATE HERE; Patiently awaiting help from the guru's :P >>>> So, earlier on my laptop, before i got the desktop running, i was just killing some time poking around the system and for no reason i had a ton of disk writes occuring in "c;programfiles\riot\league of legends\RADS\lol_air_client\projects\updates\0.0.0.94\brand.png" thats as close as i can remember it where as they all ended in a characters name ,png in resource monitor with a ton of those listed in writing to the HDD and the League client wasn't even open. Now, im sitting on my desktop and i havent run more scans or downloaded any clients except java, flash, opera, firefox and a few firefox add ons. im checking out the resource monitor and in network there was like 4 addresses listed then out of nowhere shot up to about 10-15 they kept changing names and such and i moved to the disk monitor part and my hdd was being used 80% with a same sort of string like the laptop except it had a bunch listed under a long path that involved hp Snapfish photo that came preinstalled that ive never touched and quite a few Netflix strings too which again ive never even touched either of those programs since ive had the pc......and the hdd usage was at 80% !?! What is going on???? Am i just stupid and this is all normal? Its driving me nuts. ---<<<>>>----ONE LAST THING, ive had norton interenet security running this whole time as well and in the "same-ish" time frame norton was showing multiple "Rule rejected UDP(17) traffic with (192.168.....Port(32773) )" when i say multpile times I.E. in the last hour to that exact location is about 40 attempts and another 30 attempts with the same thing but a slightly different port. I saw one for svchost.exe and the most common as mentioned above just says the path is system. Someone just tell me i ride the short bus, my god, i'm at wits end. D':



So i have reason to believe something is up, maybe even on my network (not sure how to check that thoroughly), it started roughly a week or 2 ago. I believe i was little naive to the symptoms. Excuse my grammar and what-not as i try to catch y'all up to date... I bought a new pc from bestbuy a rough month ago and everything has been ok but as i mentioned i started noticing 404 page not working on google searches and/or seemed like i was getting irrelevant results. Trying to diagnose this problem and asking google questions was not bringing results that even had anything in my question. I'm on my laptop right now because the pc i re-enabled secure boot on windows 8 and it wont boot because the installed graphics card. The desktop has a 2tb hdd 12gb ram 4th gen i5 @ 3.0ghz running windows 8. this laptop is win7 4gb ram i3 @ 2.26ghz. the desktop has been a beast and along with the google errors it was getting sluggish and slightly hanging up at times. i think i may have received nasty emails that couldve sparked the problems im not sure. because of other things happening i then thought someone was remoting into my computer and taking over control at points as well as gaining my information. hard to explain my reasons but i believe this happened. i was playing league of legends and this person on a couple occasions sent me website links and a couple times they didnt work. i then was researching and found about these adobe and java security issues and i dont know if they were up to date, i hope so but im not sure. so using the hp recovery console i reinstalled using my recovery disks and after the setting up and all i still felt a little uneasy about it but i went through installing updates and i did about 52 important and a handful of optional; restart, followed by about 15 more updates. NOTE> upon installing these 15 2 came back and said failed and i think it populated a couple more as well; so i selected all of them and hit to restart and install updates, THEN upon restarting i see the hp splashscreen loading windows then it stayed black. no logon screen and i waited for a little while as i still received nothing. i hard reset the tower about 3-5 times with the same results so i was upset and left it off and the next morning (2 days ago) i turned it on and it did the same thing still. so i restarted and if my memory serves me i went into the bios, i dont recall changing anything and when i rebooted windows loaded. i checked windows update and there was an update to flash and ie 10 published between 9/10/2013 and 9/13/2013 along with a few other updates. i definitely wasn't feeling good about this so went back in advanced recovery and i think i reset windows and i picked the option to wipe the entire drive and fresh install. it was formatting for a solid 8 hours when i noticed it back up and running i set it up (thinking this time i shouldnt link my microsoft account and emails) i loaded norton or kaspersky, i forget, and immediately i went into safe mode w/ networking and downloaded malware bytes, trend micro house call; rubotted; and a couple others.. all came back with nothing. i restarted and was looking all through task manager and at this point maybe paranoid but its been unsettling and i found that secure boot turned off allows other stuff to get into startup and all so i went to bios and turned back on and if i do that i cant use my graphics card so upon reboot the mobo was beeping so its been turned off since. and since the big reformat i performed yesterday ive been on my laptop and getting same strange things happening i.e. google searches; not loading; sluggish; strange results pages; and looking in task managers networks connections seeing different ip's and other processes im not sure should be there. ALSO, CyberLink Media YouCamMirage.exe was in processes upon first getting back on the laptop and i have no recollection what-so-ever installing; except on the pc when i got this webcam and mic combo from 1saleaday that had no drivers and i couldnt get to work so i was going all over the net in search of drivers which may have also been the culprit to this bizarness and it just took a while to notice as i downloaded it a solid month ago on the pc. But im so close to being 100% on never installed on the laptop as the integrated has worked just fine. and to back track when i saw it running on the laptop i killed it and havent seen it in the last 24 hours again but the OTL scan i just ran has it listed..... im stumped and i strongly believe something is going on and not paranoia but here on the laptop i have run tdsskiller, TM housecall, rubotted, have the maximumsecurity trend micro app running..anything i try comes back with nothing..but idk, just strange things..Any help would be greatly appreciated and im going to get the pc running here shortly although idk if OTL or anything can be run with the last couple reinstalls ( although the "virus" could already be there now as well) so someone help a wookie out please and is there something i can do to check the integrity of my network?? as it would have to be there to be on the laptop i'd figure..sorry for such the long scattered post and i dont know if ive been much help in supplying information. :/ but anyways here is the OTL log. Much thanks guys, truely, it's greatly appreciated with all the stressing i have endured.


EDIT: I apologize for the triple posting and the numerous updates. As of right now the desktop seems to be running fine..I am now looking to update java and adobe. Possibly the League of legends game client and/or steam client. I'll check back here and if no one has had a chance i may then run a couple more rootkit scans, system scans and tdsskiller and see what i come up with.. Thanks in Advance

Edited by thewookie, 25 September 2013 - 10:11 PM.

  • 0

Advertisements

#2
thewookie
Posted 25 September 2013 - 10:48 AM

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
EDIT : I removed the extras log from my laptop and inserted the OTL from my desktop here. The only changes made; I'm going to search for the latest java and adobe and install the League of Legends client and possibly the Steam client.
Thanks for the patience and any help you can grant me, much appreciated, Cheers.

OTL logfile created on: 9/25/2013 6:19:20 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\thewookie\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16453)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.96 Gb Total Physical Memory | 10.73 Gb Available Physical Memory | 89.75% Memory free
12.35 Gb Paging File | 11.12 Gb Available in Paging File | 90.07% Paging File free
Paging file location(s): c:\pagefile.sys 400 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1843.66 Gb Total Space | 1804.53 Gb Free Space | 97.88% Space Free | Partition Type: NTFS
Drive D: | 17.88 Gb Total Space | 2.23 Gb Free Space | 12.48% Space Free | Partition Type: NTFS

Computer Name: ROOK | User Name: thewookie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 18:16:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\thewookie\Downloads\OTL.exe
PRC - [2013/09/12 01:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/08/27 14:16:14 | 001,028,896 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/08/27 14:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/26 11:50:24 | 001,619,704 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
PRC - [2013/01/30 17:14:02 | 000,364,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/01/30 17:13:56 | 000,129,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/01/30 17:13:46 | 000,167,736 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2013/01/10 13:23:30 | 000,379,904 | ---- | M] (IVT Corporation) -- c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
PRC - [2012/12/23 12:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012/11/01 07:28:08 | 000,111,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/31 17:04:00 | 000,070,904 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
MOD - [2013/01/10 12:59:24 | 000,019,456 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
MOD - [2013/01/10 11:25:58 | 000,353,280 | ---- | M] () -- C:\Windows\SysWOW64\BsExtendFunc.dll
MOD - [2013/01/10 11:25:56 | 000,011,264 | ---- | M] () -- C:\Windows\SysWOW64\SCChangeMonitor.dll
MOD - [2012/06/08 11:34:06 | 000,016,400 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 20:34:06 | 000,627,216 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2012/05/29 23:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/27 14:17:13 | 014,997,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/05/25 11:56:38 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/05/25 11:56:38 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/05/25 11:53:07 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/05/25 11:53:04 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/12/10 14:31:44 | 000,803,872 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2012/12/10 14:31:28 | 000,732,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012/11/12 21:04:00 | 000,327,680 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/10/11 19:06:29 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/10/11 19:05:47 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/10/11 19:05:41 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 20:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 20:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 20:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 20:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 20:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 20:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 20:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 20:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 20:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 20:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 20:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 20:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 20:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 20:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 20:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 20:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 17:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/09/12 01:17:46 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/08/27 14:15:38 | 002,155,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/25 11:53:04 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/03/26 11:50:24 | 001,619,704 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2013/03/26 01:16:28 | 000,277,488 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/01/30 17:14:02 | 000,364,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/01/30 17:13:56 | 000,129,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/01/30 17:13:46 | 000,167,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2013/01/10 13:35:28 | 000,138,752 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe -- (BsHelpCS)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/25 15:54:27 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/08/20 06:33:40 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/06/16 05:38:15 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/05/25 11:55:36 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/25 11:55:36 | 000,031,104 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/05/25 11:55:36 | 000,029,952 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/05/25 11:54:53 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/05/25 11:53:04 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/05/25 11:53:04 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/05/25 11:53:04 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/05/25 11:49:36 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/05/25 11:49:36 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/05/25 11:43:27 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/04/15 07:02:04 | 002,482,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2013/03/25 11:03:44 | 000,049,584 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys -- (btUrbFilterDrv)
DRV:64bit: - [2013/03/09 06:53:10 | 001,149,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rtbth.sys -- (rtbth)
DRV:64bit: - [2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/19 01:15:54 | 000,772,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/02/03 19:20:22 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/01/30 12:18:18 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/01/28 16:29:22 | 004,482,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/01/28 10:45:20 | 000,796,248 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/01/23 16:57:54 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/11/15 11:45:14 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1404000.028\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/11/12 21:04:00 | 000,543,744 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/10/11 19:05:39 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/10/11 19:05:38 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/10/11 19:05:37 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/10/11 19:05:37 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/10/11 19:05:37 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/10/11 19:05:37 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/10/11 19:05:37 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 22:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 22:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 22:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 22:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 22:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 22:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 22:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 22:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 22:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 22:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 22:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 22:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 22:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 22:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 22:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 22:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 22:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 22:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 22:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 21:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 21:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 21:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 21:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 21:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 20:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 19:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 19:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 19:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 19:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 19:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 19:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 19:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 19:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 19:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 19:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 19:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 19:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 19:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 19:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Unknown (0) | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 19:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 19:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 19:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 19:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 19:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 19:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 19:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/19 17:47:40 | 000,056,904 | ---- | M] (Ralink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys -- (BthL2caScoIfSrv)
DRV:64bit: - [2012/06/25 10:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/15 11:22:02 | 000,023,136 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BtAudioBus.sys -- (BtAudioBusSrv)
DRV:64bit: - [2012/06/02 07:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV - [2013/09/25 15:54:36 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130925.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/09/24 11:04:19 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130925.003\ex64.sys -- (NAVEX15)
DRV - [2013/09/24 11:04:19 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/09/24 11:04:19 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys -- (EraserUtilDrv11311)
DRV - [2013/09/24 11:04:19 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130925.003\eng64.sys -- (NAVENG)
DRV - [2013/09/03 22:41:52 | 001,525,336 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130903.002\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK13/1
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPDTDFJS
IE - HKU\S-1-5-21-3940130177-4247360687-243470325-1003\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/09/24 22:48:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/09/25 15:50:38 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3940130177-4247360687-243470325-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A92134B-7A58-4088-B8BF-4FB435AAF0C2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/25 16:42:04 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Roaming\Opera Software
[2013/09/25 16:42:04 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Local\Opera Software
[2013/09/25 16:41:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013/09/25 16:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/09/25 14:49:05 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Local\Intel_Corporation
[2013/09/25 01:52:16 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Roaming\Hewlett-Packard
[2013/09/25 01:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/09/25 01:30:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/09/25 01:29:54 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/09/25 01:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/09/25 01:28:41 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/09/25 01:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/09/25 01:25:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/09/25 01:25:19 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Local\Hewlett-Packard
[2013/09/24 23:07:41 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2013/09/24 23:04:04 | 000,000,000 | ---D | C] -- C:\Users\thewookie\Desktop\log
[2013/09/24 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Roaming\Macromedia
[2013/09/24 22:48:53 | 000,000,000 | ---D | C] -- C:\Users\thewookie\Documents\Bluetooth
[2013/09/24 22:48:53 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Local\bluesoleil
[2013/09/24 22:48:40 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Local\Power2Go8
[2013/09/24 22:48:30 | 000,000,000 | R--D | C] -- C:\Users\thewookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/24 22:48:30 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Searches
[2013/09/24 22:48:30 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Contacts
[2013/09/24 22:48:30 | 000,000,000 | R--D | C] -- C:\Users\thewookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/24 22:48:30 | 000,000,000 | -H-D | C] -- C:\Users\thewookie\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/24 22:48:26 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Roaming\Adobe
[2013/09/24 22:48:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/09/24 22:48:00 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Local\VirtualStore
[2013/09/24 22:47:57 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Local\Packages
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\AppData\Local\Temporary Internet Files
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\Templates
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\Start Menu
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\SendTo
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\Recent
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\PrintHood
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\NetHood
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\Documents\My Videos
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\Documents\My Pictures
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\Documents\My Music
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\My Documents
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\Local Settings
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\AppData\Local\History
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\Cookies
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\Application Data
[2013/09/24 22:47:56 | 000,000,000 | -HSD | C] -- C:\Users\thewookie\AppData\Local\Application Data
[2013/09/24 22:47:55 | 000,000,000 | --SD | C] -- C:\Users\thewookie\AppData\Roaming\Microsoft
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Videos
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Saved Games
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Pictures
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Music
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Links
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Favorites
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Downloads
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Documents
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\Desktop
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/24 22:47:55 | 000,000,000 | R--D | C] -- C:\Users\thewookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/09/24 22:47:55 | 000,000,000 | -H-D | C] -- C:\Users\thewookie\Documents\hp.system.package.metadata
[2013/09/24 22:47:55 | 000,000,000 | -H-D | C] -- C:\Users\thewookie\Documents\hp.applications.package.appdata
[2013/09/24 22:47:55 | 000,000,000 | -H-D | C] -- C:\Users\thewookie\AppData
[2013/09/24 22:47:55 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Local\Temp
[2013/09/24 22:47:55 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Local\Microsoft
[2013/09/24 22:47:55 | 000,000,000 | ---D | C] -- C:\Users\thewookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/24 22:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/24 21:58:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/25 16:41:33 | 000,007,620 | ---- | M] () -- C:\Users\thewookie\AppData\Local\Resmon.ResmonCfg
[2013/09/25 16:25:32 | 000,000,983 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
[2013/09/25 16:22:31 | 000,003,620 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/09/25 16:22:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/25 16:22:30 | 000,000,088 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/09/25 15:55:10 | 000,876,494 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/25 15:55:10 | 000,726,998 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/25 15:55:10 | 000,150,826 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/25 15:54:27 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/09/25 15:54:27 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/09/25 15:54:27 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/09/25 15:50:18 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/09/25 15:50:15 | 1679,695,870 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/25 14:56:37 | 000,138,228 | ---- | M] () -- C:\Users\thewookie\AppData\Local\census.cache
[2013/09/25 14:56:36 | 000,062,122 | ---- | M] () -- C:\Users\thewookie\AppData\Local\ars.cache
[2013/09/25 01:33:54 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/09/25 01:30:35 | 001,973,464 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/09/25 01:30:26 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013/09/24 23:06:49 | 000,000,036 | ---- | M] () -- C:\Users\thewookie\AppData\Local\housecall.guid.cache
[2013/09/24 22:59:10 | 000,001,431 | ---- | M] () -- C:\Users\thewookie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/24 22:48:22 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\HP Games.lnk
[2013/09/24 22:48:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/24 22:48:19 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/12 01:58:10 | 000,022,814 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/09/11 15:06:31 | 003,361,114 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/25 01:52:12 | 000,007,620 | ---- | C] () -- C:\Users\thewookie\AppData\Local\Resmon.ResmonCfg
[2013/09/25 01:33:54 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/09/25 01:30:26 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
[2013/09/25 01:29:52 | 003,361,114 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013/09/24 23:14:36 | 000,138,228 | ---- | C] () -- C:\Users\thewookie\AppData\Local\census.cache
[2013/09/24 23:14:35 | 000,062,122 | ---- | C] () -- C:\Users\thewookie\AppData\Local\ars.cache
[2013/09/24 23:06:49 | 000,000,036 | ---- | C] () -- C:\Users\thewookie\AppData\Local\housecall.guid.cache
[2013/09/24 22:59:10 | 000,001,431 | ---- | C] () -- C:\Users\thewookie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/24 22:48:26 | 000,001,437 | ---- | C] () -- C:\Users\thewookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/24 22:48:22 | 000,002,269 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/09/24 22:48:22 | 000,002,219 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish.lnk
[2013/09/24 22:48:22 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\HP Games.lnk
[2013/09/24 22:48:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/24 22:48:19 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_700-074_Y53316J_0U_Q4CE32308C6_E13AM2RR8606_4A_I2AF3_SHP_V1.0_B80.05_T130507_W8101-0_L409_M12243_J2000_7Intel_86C3_93.00_#130525_N10EC8168;18143290_Z_G10DE0FC1_Ohp CDDVDW SH-216BB_DACRAD46.MRK
[2013/09/24 22:47:55 | 000,002,103 | ---- | C] () -- C:\Users\thewookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
[2013/09/24 22:47:55 | 000,000,352 | ---- | C] () -- C:\Users\thewookie\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/24 22:47:55 | 000,000,334 | ---- | C] () -- C:\Users\thewookie\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/09/24 22:00:20 | 1679,695,870 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/24 21:58:44 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2013/05/25 11:29:12 | 000,003,620 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
[2013/05/25 11:29:12 | 000,000,088 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
[2013/05/25 11:08:00 | 000,367,348 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW7650.bin
[2013/05/25 11:08:00 | 000,000,313 | ---- | C] () -- C:\Windows\SysWow64\RaCheckBTDev.ini
[2013/03/22 10:00:08 | 000,000,983 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
[2013/01/31 17:04:00 | 000,070,904 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll
[2013/01/28 16:31:48 | 019,577,344 | ---- | C] () -- C:\Windows\SysWow64\igdfcl32.dll
[2013/01/28 16:29:58 | 000,104,448 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll
[2013/01/28 16:29:12 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/01/10 12:59:24 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll
[2013/01/10 11:25:58 | 000,353,280 | ---- | C] () -- C:\Windows\SysWow64\BsExtendFunc.dll
[2013/01/10 11:25:58 | 000,049,248 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
[2013/01/10 11:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
[2013/01/10 11:25:56 | 000,073,820 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
[2013/01/10 11:25:56 | 000,049,664 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
[2013/01/10 11:25:56 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\SCChangeMonitor.dll
[2012/12/10 14:12:50 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012/10/11 19:05:41 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/08/10 16:56:12 | 000,915,038 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2012/06/13 08:45:02 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\SROF.dll
[2012/06/04 21:31:00 | 000,000,417 | ---- | C] () -- C:\Windows\SysWow64\RaoBLE.ini
[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== ZeroAccess Check ==========

[2013/05/25 11:09:29 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/05/25 11:53:07 | 019,789,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/05/25 11:53:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/25 16:42:04 | 000,000,000 | ---D | M] -- C:\Users\thewookie\AppData\Roaming\Opera Software

========== Purity Check ==========



< End of report >

Edited by thewookie, 25 September 2013 - 04:50 PM.

  • 0

#3
thewookie
Posted 25 September 2013 - 03:13 PM

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
EDIT INFO #1---- This is the OTL on my laptop and i haven't done anything different since running this except a little forum searching.
My apologies i just noticed i posted the extras log. here is the OTL. Many thanks to whatever help i can get. Also, if i can provide anything else please let me know or if i cant be helped let me know please, i know everyone is busy and all the threads and topics that are constantly going. I'm just in stasis as to running scans or delving more into this i also want to install the steam and/or league of legends client.

OTL logfile created on: 9/25/2013 11:35:24 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.80 Gb Available Physical Memory | 73.64% Memory free
7.60 Gb Paging File | 6.28 Gb Available in Paging File | 82.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446.25 Gb Total Space | 372.90 Gb Free Space | 83.56% Space Free | Partition Type: NTFS
Drive D: | 19.21 Gb Total Space | 2.79 Gb Free Space | 14.52% Space Free | Partition Type: NTFS

Computer Name: USER-HP | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/25 11:32:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTL.exe
PRC - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/25 18:11:38 | 000,443,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2013/07/25 18:11:36 | 001,102,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2013/07/23 11:28:45 | 000,044,152 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe
PRC - [2010/06/29 21:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/06/25 01:32:50 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/04/30 21:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/04/30 21:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/23 11:28:45 | 000,882,584 | ---- | M] () -- C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_WLM\WLMailApiCore.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010/06/18 01:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [On_Demand | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 15:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [On_Demand | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/07/25 18:11:38 | 000,443,416 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2013/02/28 21:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/06/29 22:00:08 | 000,027,192 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/06/25 16:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/04/30 21:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/04/30 21:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/07/18 00:25:34 | 000,116,264 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2013/07/18 00:25:28 | 000,085,424 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2013/07/18 00:25:24 | 000,281,600 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2013/07/01 09:08:16 | 000,050,976 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TMEBC64.sys -- (TMEBC)
DRV:64bit: - [2013/06/13 02:35:10 | 000,100,640 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmeevw.sys -- (tmeevw)
DRV:64bit: - [2013/05/15 06:23:30 | 000,303,392 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmnciesc.sys -- (tmnciesc)
DRV:64bit: - [2013/02/28 21:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/03/07 03:00:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetadb.sys -- (andnetadb)
DRV:64bit: - [2012/03/06 07:04:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012/03/06 07:04:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2011/08/22 11:33:12 | 000,105,744 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/08/01 18:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 21:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/07/15 06:32:20 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/07/15 06:32:20 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/25 01:32:52 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/18 01:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/02 13:43:20 | 010,342,240 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/05/27 19:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/30 21:21:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/05 01:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/02 19:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 10:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/11 18:31:04 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/08 15:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 15:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/06/05 03:37:22 | 000,256,904 | ---- | M] (Trend Micro Inc.) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C92F5113-1052-4133-8212-FBECCF50BA64}
IE:64bit: - HKLM\..\SearchScopes\{0D0106B9-AFFA-4766-8437-928B3621EB58}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{115701DC-E779-460E-A33E-D645B89C4731}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{9488E5D8-61D1-4254-B2DF-EA29F336CA9B}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{C92F5113-1052-4133-8212-FBECCF50BA64}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {C92F5113-1052-4133-8212-FBECCF50BA64}
IE - HKLM\..\SearchScopes\{0D0106B9-AFFA-4766-8437-928B3621EB58}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{115701DC-E779-460E-A33E-D645B89C4731}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{9488E5D8-61D1-4254-B2DF-EA29F336CA9B}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{C92F5113-1052-4133-8212-FBECCF50BA64}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {C92F5113-1052-4133-8212-FBECCF50BA64}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\TREND MICRO\AMSP\MODULE\20002\8.0.1095\8.0.1095\FIREFOXEXTENSION [2013/09/25 06:55:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\firefoxextension [2013/09/25 06:55:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013/09/25 06:55:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013/09/25 06:55:21 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\User\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: TrendMicro BEP Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee\8.0.0.1095_0\
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Trend Micro NSC Chrome Extension = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dflinnddekagfkncpgojoppgnppfkbkj\6.8.0.1118_0\
CHR - Extension: TrendMicro Toolbar = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\heoldelcflnigdllmlopiefhkkobendj\7.0.0.1151_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: MyHarmony Chrome Plugin = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0\
CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/09/25 04:20:14 | 000,000,825 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: be placed in the first column followed by the corresponding host name.
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [WLM] C:\Program Files\Trend Micro\Titanium\Plugin\TMAS\TMAS_WLM\TMAS_WLMMon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{09B1BAED-41AB-49BC-9F0D-D4922E5C3605}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmtb - No CLSID value found
O18:64bit: - Protocol\Handler\tmtbim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\8.0.1095\8.0.1095\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\3.0.1251\6.8.1118\TmIEPlg32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6dea9e1d-0ff6-11e2-ade6-60eb6953c455}\Shell - "" = AutoRun
O33 - MountPoints2\{6dea9e1d-0ff6-11e2-ade6-60eb6953c455}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/25 10:22:50 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Oracle
[2013/09/25 10:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/09/25 10:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/09/25 10:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/09/25 10:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/09/25 10:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/25 10:15:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/25 10:14:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Adobe
[2013/09/25 07:00:32 | 000,000,000 | -H-D | C] -- C:\TMRescueDisk
[2013/09/25 06:56:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trend Micro Titanium Maximum Security
[2013/09/25 06:55:49 | 000,303,392 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmnciesc.sys
[2013/09/25 06:55:49 | 000,100,640 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmeevw.sys
[2013/09/25 06:55:48 | 000,105,744 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmtdi.sys
[2013/09/25 06:55:47 | 000,281,600 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[2013/09/25 06:55:47 | 000,116,264 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmactmon.sys
[2013/09/25 06:55:47 | 000,085,424 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmevtmgr.sys
[2013/09/25 06:55:46 | 000,050,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\TMEBC64.sys
[2013/09/25 06:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/09/25 05:23:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Trend Micro
[2013/09/25 05:11:34 | 111,278,192 | ---- | C] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TTi_HE_Download_64bit.exe
[2013/09/25 05:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2013/09/25 04:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/09/25 04:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013/09/25 04:54:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2013/09/25 04:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/09/25 04:23:22 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys

========== Files - Modified Within 30 Days ==========

[2013/09/25 11:24:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2991607579-2189576181-2437995032-1000UA.job
[2013/09/25 10:39:24 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/25 10:39:24 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/25 10:36:31 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/25 10:36:31 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/25 10:36:31 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/25 10:32:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/25 10:31:58 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/25 10:16:03 | 000,007,623 | ---- | M] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/09/25 10:15:57 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/25 06:56:09 | 000,001,445 | ---- | M] () -- C:\Users\User\Desktop\Trend Micro Titanium Maximum Security.lnk
[2013/09/25 06:55:13 | 000,000,059 | ---- | M] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2013/09/25 06:55:12 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/09/25 06:52:24 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/25 05:23:21 | 000,000,825 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2013/09/25 05:13:56 | 000,000,825 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2013/09/25 05:12:32 | 111,278,192 | ---- | M] (Trend Micro Inc.) -- C:\Users\Public\Desktop\TTi_HE_Download_64bit.exe
[2013/09/25 04:36:17 | 000,110,098 | ---- | M] () -- C:\Users\User\AppData\Local\census.cache
[2013/09/25 04:36:14 | 000,076,091 | ---- | M] () -- C:\Users\User\AppData\Local\ars.cache
[2013/09/25 04:21:56 | 000,000,036 | ---- | M] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2013/09/25 04:20:14 | 000,000,825 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/09/24 17:24:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2991607579-2189576181-2437995032-1000Core.job

========== Files Created - No Company Name ==========

[2013/09/25 10:15:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/25 10:15:57 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/25 06:56:05 | 000,001,445 | ---- | C] () -- C:\Users\User\Desktop\Trend Micro Titanium Maximum Security.lnk
[2013/09/25 06:55:13 | 000,000,059 | ---- | C] () -- C:\Windows\SysNative\SupportTool.exe.bat
[2013/09/25 06:55:12 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/09/25 04:36:17 | 000,110,098 | ---- | C] () -- C:\Users\User\AppData\Local\census.cache
[2013/09/25 04:36:14 | 000,076,091 | ---- | C] () -- C:\Users\User\AppData\Local\ars.cache
[2013/09/25 04:21:56 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2013/09/24 17:36:46 | 000,007,623 | ---- | C] () -- C:\Users\User\AppData\Local\Resmon.ResmonCfg
[2013/02/28 21:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/10/09 23:01:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/10/09 23:01:15 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/08/26 22:24:16 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/05/08 16:18:26 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/02 22:50:19 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/05/02 22:50:19 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2012/05/02 22:50:19 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2012/05/02 22:50:19 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/05/02 22:50:19 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/05/02 22:50:08 | 000,000,299 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2012/05/02 22:50:08 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/15 06:31:50 | 014,163,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/15 06:31:50 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/22 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient
[2013/09/25 10:22:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Oracle

========== Purity Check ==========



< End of report >

Edited by thewookie, 25 September 2013 - 04:46 PM.

  • 0

#4
thewookie
Posted 26 September 2013 - 11:58 AM

thewookie

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Any help or can i be pointed in the right direction? I don't mean to be impatient i'm really trying to resolve this asap as it's imperative and i'm on a sort of time crunch.


Thanks
  • 0

#5
emeraldnzl
Posted 28 September 2013 - 03:12 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
You should have only one topic for the same issue.

I am closing this one and you can continue with the one at the link below:

http://www.geekstogo..._1#entry2335401
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP