Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HP desktop PC started running slow and rebooting randomly...


  • Please log in to reply

#1
Misanthrope1980

Misanthrope1980

    New Member

  • Member
  • Pip
  • 2 posts
Hey guys,

Hoping you can help me clean up my machine or at least diagnose my problems as being caused by any virus (or viruses!). I started noticing problems around December of last year (2013) particularly with web pages loading notably more slowly, with no obvious cause that I have been able to find on my own... I checked ISP and all seemed fine, then ran 'Trend Housecall' AV scan with nothing abnormal reported. I'd had a housemate staying at that time, so had multiple user ID's set up, and all my file permissions seems to get messed up after a little while too, with almost everything asking for permission to run. Eventually ran MalwareBytes Antimalware which picked up some issues but didn't seem to help and I was beginning to experience random reboots. Not 100% sure, but I don't believe it to be temperature related, -my gut feeling is that these reboots are software instigated. One day last week, I found all my files on my desktop, and in My Documents etc. just disappeared and I ended up restoring windows to an earlier version. Problems were ongoing and I ran a full format and restore to factory settings. Not sure if this was the right thing to do, but anyway, I seem to still be having some issues, or am paranoid :) I use Google Chrome (the "about" tab says it is Version 32.0.1700.107 m) as my primary browser, although installed IE when I restored just lately. My security settings (at least as far as I know!) have always been on the higher side of prudent. Here's the OT file that I've just ran, hope someone can set my mind at rest here. Much appreciated, you guys do a great job (not just saying that because I need your help, -nice to see volunteer groups around the web being a force for good in the world). Not concerned about file recovery, all my important docs are in the cloud. Just want to know my machine is clean and safe to use again. Hope you can help! Cheers


OTL logfile created on: 2/15/2014 4:43:47 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gordy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.61 Gb Total Physical Memory | 0.26 Gb Available Physical Memory | 15.90% Memory free
3.23 Gb Paging File | 0.55 Gb Available in Paging File | 16.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.88 Gb Total Space | 416.79 Gb Free Space | 91.83% Space Free | Partition Type: NTFS
Drive D: | 11.78 Gb Total Space | 1.00 Gb Free Space | 8.49% Space Free | Partition Type: NTFS

Computer Name: GORDY-HP | User Name: Gordy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/15 03:45:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gordy\Downloads\OTL.exe
PRC - [2014/02/02 07:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/06/16 10:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe
PRC - [2012/02/09 13:58:33 | 033,566,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\NDP40-KB2600217-x64.exe
PRC - [2011/11/21 21:19:58 | 000,079,112 | ---- | M] (Microsoft Corporation) -- c:\616777abaeafce8bf7d3\Setup.exe
PRC - [2011/11/02 12:06:42 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2011/05/27 03:44:02 | 000,445,040 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
PRC - [2011/05/27 03:43:50 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/05/06 07:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/03/29 08:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/24 00:16:38 | 000,136,488 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Cyberlink\YouCam\YCMMirage.exe
PRC - [2011/03/10 05:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/26 01:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 17:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 17:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/03/19 05:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2008/11/21 01:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/02 07:42:37 | 013,616,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
MOD - [2014/02/02 07:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/02 07:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/02 07:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/02 07:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/02 07:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2011/02/16 02:59:00 | 000,015,624 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll
MOD - [2010/07/28 17:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll
MOD - [2010/07/28 17:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll
MOD - [2010/06/23 18:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll
MOD - [2010/06/23 18:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll
MOD - [2010/06/23 18:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll
MOD - [2010/06/23 18:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll
MOD - [2010/06/23 17:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/15 02:30:00 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 13:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/04 04:26:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/02/17 13:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 17:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 09:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/18 10:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/16 10:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2011/06/10 02:23:58 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/27 03:43:50 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/05/06 07:40:52 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/29 08:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/03/10 05:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/03/08 08:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/02 12:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/26 01:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/13 01:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/06/02 06:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/19 05:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/12 22:56:12 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/31 18:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 18:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/07/06 10:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/06 10:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 12:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/22 09:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/18 10:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/18 09:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/02 11:45:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/02 11:45:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/04 05:02:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/04 03:44:02 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/17 04:03:26 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys -- (SymDS)
DRV:64bit: - [2011/05/05 08:44:00 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/04/22 18:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/22 08:46:54 | 001,360,960 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/03/24 00:17:06 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/16 11:36:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/02/11 00:09:15 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140214.001\ex64.sys -- (NAVEX15)
DRV - [2014/02/11 00:09:15 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/02/11 00:09:15 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/02/11 00:09:15 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20140214.001\eng64.sys -- (NAVENG)
DRV - [2014/02/09 17:55:04 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20140211.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/21 03:37:32 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/51
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/51
IE - HKCU\..\SearchScopes,DefaultScope = {3A5ADAF8-37C5-4197-B687-03D516D67E66}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{3A5ADAF8-37C5-4197-B687-03D516D67E66}: "URL" = https://www.google.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFF [2014/02/11 19:49:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2014/02/15 03:23:44 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Floorplanner = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag\13_0\
CHR - Extension: GardenPuzzle - Garden Planner = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbbmmnbhhejifmacegolomcmdggnfc\1_0\
CHR - Extension: [DESIGN] = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amdmedaeaplipmmmehlolpidoknnncij\0.1_0\
CHR - Extension: Uberflip = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkplagjgodcjhobcbblkjhngfdgacgo\2.2_0\
CHR - Extension: Uberflip = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkplagjgodcjhobcbblkjhngfdgacgo\2.2_0\~
CHR - Extension: Milestone Planner = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aneijboeglnoiogmfocfmdnjbndpopcf\3.51_0\
CHR - Extension: Google Drive = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: LogoGarden - Make a Free Logo in 8 Minutes = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbeofcgbpbjblcncjghepedghohgajik\0.0.0.1_0\
CHR - Extension: Interakt = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcajpakdchmcpckfpcgffbnjlggamglm\1.1_0\
CHR - Extension: Redbooth (formerly Teambox) = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgecckpiojpahjlndlofcljgacdfkifk\0.3.2_0\
CHR - Extension: Mindjet = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpkinhfhnglbhoeoeooekalejbhbhgl\0.1.6_0\
CHR - Extension: Mailstrom = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bifobegniopflnplidgdmekhdhllljea\1.0_0\
CHR - Extension: Weekdone Employee Status Reports = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjahdjkkjenpigpggpcnlfadlopbpcid\1.0.13_0\
CHR - Extension: iCloud = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhodfififgcgedifpkenofdhlaafokk\1.2.2_0\
CHR - Extension: YouTube = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: WEEK PLAN = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\caggnmlckgjpgpgpgjeobdcfgbkefioo\2.3_0\
CHR - Extension: Logo Maker = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbbcdmdlpjglbgpbbcgpgjhiekldfhhm\8.1_0\
CHR - Extension: Drumtrackz = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cciklmellmkeeeibdekdkbacdllgfbpa\1.1.2_0\
CHR - Extension: ButtonBeats Recording Studio = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfmogegigamifhpiibjmhpannooeamoa\2_0\
CHR - Extension: SaaSt Personal Finance = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgcpbhfnpmkmgafdbdchmibfkebamfdj\4.0.4_0\
CHR - Extension: 123ContactForm - Online Form Builder = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgolehhldemhadjnflinkaoldejibajd\2.1.2.4_0\
CHR - Extension: Google Search = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Guerrilla Mail = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhknefgdegiicmbfcfkpbigmamgnamag\3_0\
CHR - Extension: Genesys Customer Service Software = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkdeagpmiopdpnpjpfigpnfhejcjjdia\5.0.0.0_0\
CHR - Extension: Invoice2go = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmjkikjpbpaehaclfdkmjdofdgodaakp\1.0.0.0_0\
CHR - Extension: Business Card Maker = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpchnngplfnmejdkfgpmfhifccngoiih\1.0.1_0\
CHR - Extension: Sumo Paint = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpgjihldbpodlmnjolekemlfbcajnmod\3.7_0\
CHR - Extension: Drive Template Gallery = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\edccfahmoapjmcaahncgcekjodejmhkg\1.4_0\
CHR - Extension: PayAus = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\egdcfjlfhbgoigepckcnfdaikpbfpogk\1.0_0\
CHR - Extension: Zoho Invoice = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj\1.1_0\
CHR - Extension: Cyfe = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcimlnjdmkgappmhhmefkloocbephjh\1.4_0\
CHR - Extension: Pending List = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\emlaodadbollinmadhfddgiecijnmang\1.7_0\
CHR - Extension: Tonematrix = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\enpfehkomaakbncdddjkoffacajcglha\1.1_0\
CHR - Extension: Be Tuned = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoemkekngenpmbklnjbfigfcnpchjbha\2.0_0\
CHR - Extension: Stupeflix Video Maker = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkdmcfnoimoilncpjchamnenebopocem\1.6_0\
CHR - Extension: vWorkApp = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmhgnalhddjljakpmclmbcgagnhkcmec\0.0.0.4_0\
CHR - Extension: Play Drums Now = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gammfpjandchiignjpbmogajolnhmgdj\1.0.0.1_0\
CHR - Extension: Scribble Maps = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbfhoiddbgfhccnhnafghphdmlaofgeh\1.0.0.0_0\
CHR - Extension: Noteflight = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfofkhfoecebpigndbadcdgonhipekeg\3.0.0.3_0\
CHR - Extension: Planetarium = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gheikhdfflhlbemfmhcfpeblehemeklp\1.1.2_0\
CHR - Extension: Ultimate Fonts = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjdlaifgnadeanlpdipkcdfjoonkehh\1.0.0_0\
CHR - Extension: Jellynote = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcbdilcjeejecjnbbhhpkhhocnhlgfnn\0.1_0\
CHR - Extension: Virtual Drums = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkjfndiemjjbanbeioojpnnjdbdccgd\0.0.1.1_0\
CHR - Extension: Vector Paint = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnbpdiengicdefcjecjbnjnoifekhgdo\3.2.0.0_0\
CHR - Extension: Zalmos SSL Web Proxy for Free = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\idefjamndcpplnamdlbodoebjgkpdmpn\1.0.3_0\
CHR - Extension: Audio Joiner = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihiafjkopgiakbmihgoieodihjcblfbk\1.0.5_0\
CHR - Extension: telety.pe = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikijikcfedekifbolhamdccnhnlkhfpf\8_0\
CHR - Extension: Voice Recognition = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikjmfindklfaonkodbnidahohdfbdhkn\1.5_0\
CHR - Extension: SFG Planner = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbbeknpmjleohikkicafkgafkhhgjec\1.0.0_0\
CHR - Extension: Jobber - Employee engagement = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\inamdknlmcahjfoabbadlhaaoopfienf\2.0.1.0_0\
CHR - Extension: SoundCloud = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp\1_0\
CHR - Extension: Online PDF Tools = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfpnmfhodaljeelokfceepbeapgbdn\2.0.0.1_0\
CHR - Extension: Percussion Master = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeilimacgaefdpepjambbpnlgbaamfcg\1.1_0\
CHR - Extension: Roomstyler 3D planner = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfnniehafojoidolddmhfnpnbiolbppi\3.0_0\
CHR - Extension: Reamaze = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jiaiieokmfcoeeghdppgnnmahmfaocmm\1.1_0\
CHR - Extension: Autodesk Homestyler = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.6_0\
CHR - Extension: MomoNote = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\keopbahlldeedfhgiajhndlkjdiekfpl\2.1_0\
CHR - Extension: Wave Accounting = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa\1.9.5_0\
CHR - Extension: Squarespace - Website Builder = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lblgnldfhcjeofadnfennkjfcnkphkmd\0.0.0.4_0\
CHR - Extension: Virtualdrumming = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldpgajeabhnbomkamajncmeciioelhlc\1_0\
CHR - Extension: PetersenMusic = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\leebmgdhkkcncjhknbamolimapkhokid\1.0_0\
CHR - Extension: Webcam Toy = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade\1.5_0\
CHR - Extension: Triobo - digital publishing = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbkccmgloghcememdkjmddnjhmkejkb\1.3.0.4_0\
CHR - Extension: Simplebooklet = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhfhnhfkmicpmbafobnpegjhaihjinph\9.15_0\
CHR - Extension: TwistedWave = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhjkhabkkillndljkhedpfldghbpljij\1.0.6_0\
CHR - Extension: Schedule it Go - Mobile Scheduling Software = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljjbdmkicglpnmcheibhgamnlfmpbjeh\0.7.0.16_0\
CHR - Extension: Sketchpad = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.4_0\
CHR - Extension: Google Maps = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: yaM - Yet Another Meeting = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbnfkccbgkpneighofmeciblmfdbfdib\1.3_0\
CHR - Extension: Planner 5D = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna\1.2.0.4_0\
CHR - Extension: Budget Planner = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdjfhejeipjoegneldnhekeefdicgllc\1_0\
CHR - Extension: Guitar Chords = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\megglpjmadjmghjegnallnhiknjnnjhh\1.4_0\
CHR - Extension: CustomerSure = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfpfbmacoflmpiiapgeilfhffcbplgie\0.0.0.1_0\
CHR - Extension: unreadable = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjimfgjdihcihiagohklkfpnkhkjiffh\1.1_0\
CHR - Extension: FormGet - Online Contact Form Builder = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnabmigmbaoimceikabofkghpdfkhlbf\0.2_0\
CHR - Extension: MP3 Cutter = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\najmoifnphdjfpiegfgakilfgkhjdkeh\2.1_0\
CHR - Extension: deviantART muro = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\namljbfbglehfnlonjmebceimaalofei\1.0_0\
CHR - Extension: Organimi = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\neoddhdnjfoophlpippjlhfeellbjkma\3.2_0\
CHR - Extension: Email Backgrounds, Email Stationery = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nepmejfbdnfgkkeklbhejggabembdfmo\1_0\
CHR - Extension: Jolidrive = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfakdllpdfjjbfommlcnfkedmbigkfdo\2.3.0_0\
CHR - Extension: Mobile App Maker = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfejclehdjkifklomhfgjobieidomhb\0.0.0.4_0\
CHR - Extension: Goodbudget = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkhffmghajhedigppmcgiefaddneijge\2.0.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Deezer = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: Email Stationery, Letterhead = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofgmfinplabimkfhjnoibldbadjbnanb\1_0\
CHR - Extension: Chordify | Tune into Chords = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojbmddiahnkphhipnimckolcndkcgjgn\0.0.5_0\
CHR - Extension: The Professional Advertising Shop = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgpcnfipfbaghglhafdmmdjajcfjpbo\0.0.0.1_0\
CHR - Extension: RealtimeBoard: Whiteboard for Collaboration = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\opfmbdmhambgleempeofcjjhjclimccg\1.38.1.3_0\
CHR - Extension: MemorizeIt! = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacbbmlahdekgkkancdigegaaniamcaf\2611.3_0\
CHR - Extension: Gmail = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Cool Metronome = C:\Users\Gordy\AppData\Local\Google\Chrome\User Data\Default\Extensions\polmfiinlikaadclgdojekfaoglellgm\1_0\

O1 HOSTS File: ([2009/06/11 05:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe (Portrait Displays, Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C70F5A9-9B9C-4F1F-AC9A-0A4A9856E488}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9053501f-92e5-11e3-b55f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9053501f-92e5-11e3-b55f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Belkin_Setup_and_Monitor_Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/15 04:45:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/15 04:42:37 | 000,000,000 | ---D | C] -- C:\616777abaeafce8bf7d3
[2014/02/15 04:42:15 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014/02/15 04:21:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gordy\Desktop\OTL.exe
[2014/02/15 04:16:39 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Roaming\Malwarebytes
[2014/02/15 04:06:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2014/02/15 04:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2014/02/15 04:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2014/02/15 04:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2014/02/15 03:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/15 03:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/02/15 03:55:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/15 03:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/15 03:53:52 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\Programs
[2014/02/12 11:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2014/02/12 11:16:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2014/02/12 11:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/02/12 11:15:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/12 11:15:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/02/12 11:01:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2014/02/12 11:01:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2014/02/11 19:37:46 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Roaming\HP Support Assistant
[2014/02/11 19:37:33 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Roaming\HpUpdate
[2014/02/11 14:31:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2014/02/11 00:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/02/11 00:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/02/11 00:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/02/11 00:21:48 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\Google
[2014/02/11 00:20:00 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\Apps
[2014/02/11 00:19:59 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\Deployment
[2014/02/10 23:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2014/02/10 23:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/02/10 23:51:02 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Roaming\Adobe
[2014/02/10 23:50:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
[2014/02/10 23:50:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2014/02/10 23:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
[2014/02/10 23:47:12 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Roaming\ATI
[2014/02/10 23:47:12 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\ATI
[2014/02/10 23:46:11 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\PDFC
[2014/02/10 23:45:54 | 000,000,000 | R--D | C] -- C:\Users\Gordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/02/10 23:45:54 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Searches
[2014/02/10 23:45:54 | 000,000,000 | R--D | C] -- C:\Users\Gordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/02/10 23:45:54 | 000,000,000 | -H-D | C] -- C:\Users\Gordy\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/02/10 23:45:47 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Roaming\Identities
[2014/02/10 23:45:42 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Contacts
[2014/02/10 23:45:23 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\RemEngine
[2014/02/10 23:40:12 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Roaming\Hewlett-Packard
[2014/02/10 23:40:08 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\Hewlett-Packard
[2014/02/10 23:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2014/02/10 23:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2014/02/10 23:39:55 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\Hewlett-Packard_Company
[2014/02/10 23:39:51 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\VirtualStore
[2014/02/10 23:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP User Manuals
[2014/02/10 23:39:20 | 000,000,000 | --SD | C] -- C:\Users\Gordy\AppData\Roaming\Microsoft
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Videos
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Saved Games
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Pictures
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Music
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Links
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Favorites
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Downloads
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Documents
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\Desktop
[2014/02/10 23:39:20 | 000,000,000 | R--D | C] -- C:\Users\Gordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\AppData\Local\Temporary Internet Files
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\Templates
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\Start Menu
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\SendTo
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\Recent
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\PrintHood
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\NetHood
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\Documents\My Videos
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\Documents\My Pictures
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\Documents\My Music
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\My Documents
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\Local Settings
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\AppData\Local\History
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\Cookies
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\Application Data
[2014/02/10 23:39:20 | 000,000,000 | -HSD | C] -- C:\Users\Gordy\AppData\Local\Application Data
[2014/02/10 23:39:20 | 000,000,000 | -H-D | C] -- C:\Users\Gordy\AppData
[2014/02/10 23:39:20 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\Temp
[2014/02/10 23:39:20 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Local\Microsoft
[2014/02/10 23:39:20 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Roaming\Media Center Programs
[2014/02/10 23:39:20 | 000,000,000 | ---D | C] -- C:\Users\Gordy\AppData\Roaming\Macromedia
[2014/02/10 23:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics
[2014/02/10 23:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Mathematics
[2014/02/10 23:37:44 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/02/10 23:17:25 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/02/10 23:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery

========== Files - Modified Within 30 Days ==========

[2014/02/15 04:56:38 | 000,649,916 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/15 04:56:38 | 000,119,680 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/15 04:53:22 | 000,764,302 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/15 04:53:09 | 000,764,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/15 04:27:29 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/15 04:25:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gordy\Desktop\OTL.exe
[2014/02/15 04:12:09 | 001,729,002 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\Cat.DB
[2014/02/15 04:00:43 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/02/15 03:55:48 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/15 03:26:09 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 03:26:09 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 03:21:14 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/15 03:20:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/15 03:20:13 | 1299,693,568 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/15 02:30:08 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/15 02:30:02 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/15 02:18:38 | 000,002,494 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/02/12 22:56:12 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/02/12 22:56:12 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/02/12 22:56:12 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/02/12 11:04:38 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/11 19:26:05 | 000,002,285 | ---- | M] () -- C:\Users\Gordy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/11 14:36:33 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/02/11 14:36:33 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/02/11 00:26:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/02/11 00:23:09 | 000,002,261 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/10 23:55:47 | 000,001,443 | ---- | M] () -- C:\Users\Gordy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/10 23:52:35 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2014/02/10 23:51:24 | 000,000,051 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
[2014/02/10 23:46:04 | 000,000,854 | ---- | M] () -- C:\Users\Gordy\Documents\Downloads.lnk
[2014/02/10 23:39:30 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_120-2010a_Y53316J_0U_Q4CS212_E11AP3MRW604_4A_I2AC7_SQuanta_V011_BARM 703_T110817_W73-1_L409_M1653_J500_7AMD_8F20_91.65_#120501_N10EC8136;18145390_Z_G10029806_Ohp CDDVDW SN-208BB SATA CdRom Device.MRK
[2014/02/10 23:39:29 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_120-2010a_Y53316J_0U_Q4CS212_E11AP3MRW604_4A_I2AC7_SQuanta_V011_BARM 703_T110817_W73-1_L409_M1653_J500_7AMD_8F20_91.65_#120501_N10EC8136;18145390_Z_G10029806_Ohp CDDVDW SN-208BB SATA CdRom Device.MRK

========== Files Created - No Company Name ==========

[2014/02/15 04:00:43 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2014/02/15 03:55:48 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/15 02:30:08 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014/02/15 02:30:02 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014/02/11 19:57:06 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2014/02/11 14:30:11 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_120-2010a_Y53316J_0U_Q4CS212_E11AP3MRW604_4A_I2AC7_SQuanta_V011_BARM 703_T110817_W73-1_L409_M1653_J500_7AMD_8F20_91.65_#120501_N10EC8136;18145390_Z_G10029806_Ohp CDDVDW SN-208BB SATA CdRom Device.MRK
[2014/02/11 14:30:11 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_120-2010a_Y53316J_0U_Q4CS212_E11AP3MRW604_4A_I2AC7_SQuanta_V011_BARM 703_T110817_W73-1_L409_M1653_J500_7AMD_8F20_91.65_#120501_N10EC8136;18145390_Z_G10029806_Ohp CDDVDW SN-208BB SATA CdRom Device.MRK
[2014/02/11 14:27:31 | 1299,693,568 | -HS- | C] () -- C:\hiberfil.sys
[2014/02/11 00:26:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014/02/11 00:23:09 | 000,002,285 | ---- | C] () -- C:\Users\Gordy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/11 00:23:09 | 000,002,261 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/02/11 00:22:02 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/11 00:22:01 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/10 23:55:47 | 000,001,443 | ---- | C] () -- C:\Users\Gordy\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/02/10 23:52:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2014/02/10 23:52:35 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2014/02/10 23:45:58 | 000,001,419 | ---- | C] () -- C:\Users\Gordy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/02/10 23:45:54 | 000,000,854 | ---- | C] () -- C:\Users\Gordy\Documents\Downloads.lnk
[2014/02/10 23:45:44 | 000,002,494 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/02/10 23:39:58 | 000,002,242 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk
[2014/02/10 23:39:58 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish Photos.lnk
[2014/02/10 23:39:58 | 000,002,195 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2014/02/10 23:39:35 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warranty.lnk
[2014/02/10 23:39:20 | 000,000,290 | ---- | C] () -- C:\Users\Gordy\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/02/10 23:39:20 | 000,000,272 | ---- | C] () -- C:\Users\Gordy\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 10:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



========== Files - Unicode (All) ==========
[2014/02/15 03:19:40 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?!) -- C:\Windows\SysNative\술!
[2014/02/15 03:19:40 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?!) -- C:\Windows\SysNative\술!

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements


#2
Misanthrope1980

Misanthrope1980

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
New symptom, -screen resolution has just decided to change itself for a few seconds, then return to normal...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP